U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hive ransomware gang hit Costa Rica public health service

Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack. Costa Rican Social Security Fund, Costa Rica ‘s public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer reported. The attack occurred early this morning, Tuesday, May 31, 2022. The authorities are investigating […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

Costa Rican Social Security Fund, Costa Rica ‘s public health service, was hit by a Hive ransomware attack.

Costa Rican Social Security Fund, Costa Rica ‘s public health service (aka CCCS), was hit today by a Hive ransomware attack, BleepingComputer reported.

The attack occurred early this morning, Tuesday, May 31, 2022. The authorities are investigating the security breach, but the public health service confirmed that the attack did not impact the EDUS (Unified Digital Health) and the SICERE (Centralized Tax-Collection System) databases, it also added that the incident did not compromise payroll and pension services.

The CCCS asked its employees to disconnect their computers from the internal networks, some of them reported that the printers inside the agency began printing pages with ransom ASCII.

Last month, the Conti ransomware gang claimed responsibility for the attack on Costa Rica government infrastructure after that the government refused to pay a ransom.

The attack impacted multiple government services, including CCSS, the Finance Ministry and the Labor Ministry. The Conti ransomware gang also threatened to “overthrow” the new government of the country.

The list of government entities hit by Conti affiliates also includes the country’s Ministry of Finance, its Ministry of Labor and Social Security (MTSS), the Ministry of Science, Innovation, Technology, and Telecommunications, and the Social Development and Family Allowances Fund (FODESAF).

The gang claimed to have insiders in the government and revealed that the attack was carried out by an affiliate group tracked as UNC1756. Now the Conti ransomware gang is demanding a $20 million ransom (initially the group asked for the payment of $10M) for the decryption keys to recover the impacted systems.

BleepingComputer pointed out that after Conti announced the shutting down of its operations, some of its members have joined Hive group and both gangs have begun leaking the victims’ data on both dark web leak sites.

This week, Cyber Research Labs reported to have observed a rise in ransomware attacks in the second quarter of 2022, some of them with a severe impact on the victims, such as the attack that hit the Costa Rican government that caused a nationwide crisis.

The experts warn of ransomware attacks against government organizations. They observed a total of 48 government organizations from 21 countries that were hit by 13 ransomware attacks in 2022.

Cyble researchers warn that cybercriminal organizations have changed tactics, switching from businesses to small states threatening to subvert government apparatus.

Small states are easy targets due to the low level of security of their critical infrastructure due to the low budget to protect them.

In August 2021, the Federal Bureau of Investigation (FBI) released a flash alert on the Hive ransomware attacks that includes technical details and indicators of compromise associated with the operations of the gang.

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. I ask you to vote for me again (even if you have already done it), because this vote is for the final.

Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”)

To nominate, please visit: 

https://docs.google.com/forms/d/e/1FAIpQLSdNDzjvToMSq36YkIHQWwhma90SR0E9rLndflZ3Cu_gVI2Axw/viewform

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Costa Rica)

[adrotate banner=”5″]

[adrotate banner=”13″]