What the Babuk?
The ransomware world was thrown into a frenzy earlier this week when Babuk appeared to rise from the dead, dragging with it around 60 victims. However, upon closer inspection, many of these claims appeared to be duplicated from other ransomware gangs (namely RansomHub, LockBit, and Funksec). Not only that, but the copy included in the claims was also…well, copied.
Five of its latest claims appear to be unique to Babuk (and are included in our stats) but none are confirmed. So we’ll remain skeptical for now.
Court’s adjourned! We’ve paid the cybercriminals off…
This week, Kansas law firm Berman & Rabin started notifying 151,944 people about a July 2024 data breach following a ransomware attack. The breach wasn’t discovered until October 2024 and no ransomware gangs came forward to claim the attack, suggesting a ransom could have been paid.
California’s Kronick Moskovitz Tiedemann & Girard also started issuing breach letters this week after a ransomware attack in August 2024. But this case appeared to involve a few twists and turns. Initially, Rhysida came forward to claim the attack at the time, demanding 16 BTC ($970K). But in its notification, KMTG appears to have paid off the hackers, stating “Kronick retrieved the exfiltrated data from the unauthorized actor and received assurances that all unauthorized copies of the data have been deleted.”
Healthcare ransomware attacks, INC.
One thing became quite apparent to us this week – ransomware gang INC has a penchant for healthcare companies. Of its 75 confirmed attacks, 30 are on companies operating in the healthcare sector.
After being added to INC’s data leak site, the International AIDS Vaccine Initiative (IAVI) and Menominee Tribal Clinic of Wisconsin became part of these stats this week. Both had confirmed they’d suffered attacks last month. Neither have disclosed the total number of people potentially impacted in these attacks but INC has a knack for stealing troves of data from healthcare companies, too
Across its 30 aforementioned attacks, over 3.1 million records have been breached (75% of the records breached across all of its 75 attacks).
Elsewhere, Frederick Health and New York Blood Center Enterprises are both struggling with ransomware attacks on their systems (via unknown hackers) while NorthBay Health has started notifying nearly 570,000 people of a data breach following its attack in April 2024. Embargo claimed this attack before removing the company from its data leak site, suggesting a ransom may have been paid.
3 Ways DeepSeek Is an IT Admin Nightmare
Earlier this week, China-based DeepSeek rose to prominence (and sent stocks plummeting) with its new, cheaply-created AI model. As expected, journalists and techies were thrilled to start pouring their data into DeepSeek's chatbot interface for its newly-released model.
For IT leaders and admins, this is rife for 3 key reasons:
1. Data privacy and security: DeepSeek's application collects extensive user data, including chat histories and personal information, which is stored on servers located in China. This raises concerns about potential unauthorized access and the possibility of data being shared with the Chinese government.
2. Security vulnerabilities: Wiz uncovered a serious data breach at DeepSeek that exposed over a million sensitive records, including secret keys and chat logs. Such vulnerabilities highlight potential risks associated with integrating this AI model into organizational systems.
3. Regulatory Compliance: Utilizing DeepSeek may lead to non-compliance with data protection regulations, especially those restricting data sharing with entities in certain countries. Organizations must ensure that their employees are aware of and comply with local and international data privacy laws. This may mean blocking all access to DeepSeek as quickly as possible.
Last week, we talked about how frequently companies need to give their teams security training. The answer was "more than once a year," but structured training is not the only need. IT leaders should regularly send notices to their teams when events arise that could slip right through the cracks. Such as a new AI chatbot with potential data security threats, for example.
Recommendation: Block DeepSeek at the network level as soon s you can, and notify remote employees of the potential risks.
Until next week. Let’s keep that zero-day count at zero!