Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network

A Lockbit ransomware attack against the German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) caused service disruptions at three hospitals. German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) announced it has suffered service disruptions at three hospitals (Bielefeld, Rheda-Wiedenbrück, and Herford) after a Lockbit ransomware attack. The security incident could have a serious impact on the local […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

A Lockbit ransomware attack against the German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) caused service disruptions at three hospitals.

German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) announced it has suffered service disruptions at three hospitals (Bielefeld, Rheda-Wiedenbrück, and Herford) after a Lockbit ransomware attack. The security incident could have a serious impact on the local population due to the interruption of the medical emergencies.

The ransomware gang hit the KHO on Christmas Eve and gained access to specifically encrypted data, the organization revealed in a statement published on its website.

KHO shut down the impacted systems to prevent the threat from spreading.

“Unknown persons gained access to the hospitals’ IT infrastructure systems and specifically encrypted data. An initial check showed that it was probably a cyber attack by Lockbit 3.0, the timeline for which cannot yet be predicted. For security reasons, as soon as it became known, all systems were shut down that night and all necessary people and institutions were informed. No information can be given at this time about the extent of the damage or any claims or conditions.” reads the statement published by the organizations. 

“We set up a crisis team that night and began analyzing the situation. Access to all systems was immediately blocked. Thanks to our security systems, patient data is still available for patient treatment,” says Dr. Jan Schlenker, Managing Director of KHO gGmbH. 

“The responsible authorities have been informed and the internal and external IT security specialists are working hard to clarify the matter and secure all data. “Our security work is in full swing. Patient care is still guaranteed and the clinic continues to operate with slight technical restrictions, but we have withdrawn from emergency care for safety reasons,” said deputy managing director Philipp Herzog.

The organization said that the medical treatments for its patients were not impacted.

Lockbit ransomware gang has yet to add KHO to the list of victims on its Tor leak site

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, German hospital network)