California’s Ohlone College Suffers Ransomware Attack Compromising Personal Information of Staff, Faculty, and Students
The Fremont network of California’s Ohlone College recently suffered a ransomware attack that has compromised private information regarding staff, faculty, former and 16,000 current students. According to a statement from the college, threat actors gained access to birth dates, Social Security numbers, banking records, medical information, and transcripts. Furthermore, the ransomware attack disrupted various IT systems at the college, including the online student portal and college email platform. Representatives and responders from the college are currently working with an incident response team and law enforcement to investigate the scope and depth of the ransomware attack.
Swissport International, a Global Aviation Services Company, Suffers Ransomware Attack Resulting in Flight Delays and Operational Disruptions
Operations for Switzerland-based global aviation services company, Swissport, were affected after its IT systems were taken offline and the website was inoperable. According to a notification from Swissport, the impacted security infrastructure was quickly isolated potentially limiting the threat actors’ access to sensitive information. The ransomware attack did interrupt scheduled flights, causing numerous delays. Swissport operates in 50 countries and serves over 280 million passengers and 4.8 million tons of cargo annually. There is no indication that personally identifiable information or other private data was accessed.
Insider Developer Leaks Master Decryption Keys for Egregor, Maze, and Sekhmet Ransomware Operations
A ransomware developer claiming to have worked on several ransomware operations—Egregor, Maze, and Sekhmet—deliberately leaked the master decryption keys for each ransomware. Maze ransomware quickly became prominent in 2019 for its data theft and double-extortion capabilities. In October 2020, Maze was shut down and quickly rebranded as Egregor; Sekhmet’s operation has been active since March 2020. The developer who leaked the keys emphasized its occurrence was unrelated to the recent arrests of ransomware actors and the takedown of various operations. They added that no developers of the aforementioned ransomware will return to creating malware and all source code for those they have developed has been destroyed. The leaked decryption keys have been confirmed as legitimate and do in fact decrypt files by Egregor, Maze, and Sekhmet ransomware.
Sportswear Giant Puma Suffers Data Theft of Personal Information After Its Workforce MSP, UKG, Suffers Ransomware Attack
In December 2021, managed service provider (MSP) Ultimate Kronos Group (UKG) suffered a ransomware attack that disabled its private cloud systems. The immediate impact of the intrusion was felt across several industries and after nearly two months is still reverberating. Sportwear giant Puma, a user of the Kronos private cloud, recently reported a data breach directly related to the attack against UKG. Reports indicate that the personal information of many Puma employees, including Social Security Numbers, was accessed and stolen by the threat actors. No customer data was stolen and all impacted systems were limited to Kronos’ private cloud.
LockBit Ransomware Group Re-launching Its Partner Program After Redesigning Tor Site and Overhauling Ransomware Capabilities
The LockBit ransomware group is relaunching its partner intake affiliate program, LockBit 2.0. The program, which started in September 2019, is designed in origin C and ASM language without any dependencies. The ransomware group redesigned their Tor sites, overhauled the ransomware, and added more advanced features, including automatically encrypting devices across Windows domains through Active Directory group policies. LockBit 2.0 claims to be the world’s fastest encryption software. The ransomware operator encourages users to download the samples, which have been used for testing, if recruits doubt the veracity of LockBit’s data. In addition to the encrypting system, LockBit 2.0 partners will have access to, StealBit. The ransomware operators claim it to be the world’s fastest stealer, which automatically downloads every file from an attacked company to LockBit’s updated blog.
As the threat landscape continues to evolve and is becoming increasingly malicious, it’s vital for businesses and individuals to remain aware of various threats like Egregor, Maze, Sekhmet, and LockBit. At SpearTip, our advisory services are designed to engage with real-world risks and prepare companies and their employees to effectively defend against threat actors. Our ShadowSpear Platform combines unparalleled detection and response software supported by experienced engineers who work 24/7 from our Security Operations Center to identify, neutralize, and counter any malicious behavior, including ransomware. The impact of ransomware demonstrates the necessity of maintaining a mature security posture in order to protect all business-critical and personal information against cybercriminals.
If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.
