Consulting giant Accenture has confirmed that proprietary information was stolen in a ransomware attack disclosed in August 2021. At the time, LockBit ransomware operators claimed to have stolen over 6 terabytes of data from Accenture's systems, demanding a $50 million ransom to be paid in exchange for keeping the data private. Given that Accenture did not pay the requested amount in due time, the attackers published over 2,000 files allegedly stolen during the incident, threatening to publish more of them. READ MORE...
The United States Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) has identified a total of 177 cryptocurrency wallets associated with the top 10 most commonly reported ransomware variants during the first half of the year. In a report detailing ransomware-related financial transactions, FinCEN reveals that these 177 unique wallet addresses were used to make $5.2 billion in outgoing Bitcoin transactions, most of which could be potentially related to ransomware. READ MORE...
Sinclair Broadcast Group has confirmed that it was hit by a ransomware attack over the weekend [press release, SEC filing]. Sinclair also said attackers have also stolen data from the company's network. On October 16, 2021, the Company identified and began to investigate and take steps to contain a potential security incident. On October 17, 2021, the Company identified that certain servers and workstations in its environment were encrypted with ransomware. READ MORE...
A new report published today from Cisco's Duo Security, the leading multi-factor authentication (MFA) and secure access solution, confirms that enterprises are taking steps to move away from passwords and adopting low-friction authentication methods to protect the hybrid workforce. While the total number of Duo MFA authentications increased 39% in the past year, biometric authentications grew even faster at 48%. READ MORE...
A new family of ransomware dubbed BlackByte has all the hallmarks of a first-development attempt by amateur malware developers, making significant mistakes - such as obfuscating code in a way that is easily bypassed and using the same encryption key for every victim. The malware has some similarities to other ransomware linked to Russia, such as avoiding Russian-language systems in the same way as REvil and using network exploitation to spread inside networks in the same way as Ryuk. READ MORE...