Cyber incidents: Cookie bakery, TÜV Rheinland, "merciful" hackers in Indonesia
There have been several cyber incidents this week. The criminals who paralyzed Indonesia's IT are now handing over the key just like that.
Emergency in the data center
(Image: vchal/Shutterstock.com)
There were a number of cyber incidents again this week. However, a few events stand out from the numerous reports.
Ransomware at Lambertz
The criminal organization BlackBasta has allegedly infiltrated the cookie baker Lambertz and claims to have accessed 800 GB of data. This includes data from employees, financial accounting and the HR department. Other confidential information is also said to be included.
HackManac announced this on X, formerly Twitter. The Lambertz Group has confirmed a break-in and the IT department is working on a forensic investigation and the replacement of parts of the IT infrastructure with modern systems.
Cyber intrusion at TÜV Rheinland AG
The cyber gang Ransomexx has broken into TÜV Rheinland and is said to have taken 650 GB of the organization's data. This was announced by FalconFeeds.io on X/formerly Twitter.
TÜV Rheinland AG has also confirmed a break-in, with TÜV Rheinland Akademie GmbH in particular being affected. There had been unauthorized access to parts of the training network. Data may have been leaked, but according to the current state of the investigation, no sensitive information was involved. In this context, it is somewhat ironic that TÜV Rheinland AG offers services to protect against cyber intrusions and ransomware.
Indonesia gets data back even without a ransom
Last week, it was announced that Indonesia's national data center was the target of a ransomware attack using Lockbit 3.0 ransomware. The consequences are far-reaching, with more than 200 government and regional agencies falling victim to it. The StealthMole group now reports on X/Ex-Twitter that the attackers of the cyber gang "Brain Cipher" handed over the decryption key for the data encrypted in the ransomware attack even without paying a ransom.
They also supplied instructions for use. However, this was only an exception, as the negotiations had reached an impasse, with 99 out of 100 victims having to pay "Brain Cipher" after such an incident, the perpetrators write according to screenshots of their darknet presence.
Japanese company Kadokawa reports ransomware incident
The Kadokawa Corporation, which also owns FromSoftware – the developer studio of "Elden Ring" – has announced (PDF) that the servers in the Kadokawa Group's data center have suffered a massive cyberattack, including a ransomware attack. On June 8, Niconico and associated services in particular were targeted. This is a popular video service in Japan similar to YouTube.
However, the impact is massive. According to the press release, the finance department is affected, but the production of printed books, for example, is also on the list of functions to be restored. The attackers from the cyber gang "BlackSuit" apparently threatened to publish 1.5 terabytes of stolen data and sensitive information. A deadline expired on July 1, but there is still no indication on the criminal group's darknet site.
Patelco Credit Union was the victim of a cyberattack
The US-based Patelco credit union, which has 450,000 members and around 9 billion US dollars in assets according to its self-portrayal, has also reported a "cybersecurity incident". Immediately after the incident last week, the systems were unavailable. According to the current status, online banking, the mobile app, monthly statements, account statements and new or changed payment instructions are currently not possible. On Wednesday, the IT security specialists were at least able to give the all-clear that the money was safe. However, the company is not yet able to say when the systems will be fully restored and operational again.
Ransomware attacks by Lockbit on several hospitals?
Lockbit has allegedly broken into several hospitals in the USA, extracting data and planting ransomware. This can be seen in an X-Post from the HackManac group.
The facilities affected are Fairfield Memorial Hospital, Merryman House Domestic Crisis Center and the Florida Department of Health. However, there is no indication of IT incidents at the respective organizations, nor are the websites restricted. It therefore appears to be another bluff by the remnants of the cyber gang.
(dmk)
