Same %@#!, Different Day

While many of us are desperately trying to stick to all the New Year’s resolutions we’ve set for ourselves (I'll actually go to the gym this time...really...why are you laughing?), the only new thing we can expect in the world of ransomware is another recently formed gang.

And 2025’s first is (drumroll, please), Morpheus. Morpheus is, rather ironically, the Greek god of dreams. For Australia’s DBG Health, this year the new year meant getting red pilled. Morpheus claimed to have stolen 2.5TB of data from the pharmaceutical manufacturer (focusing specifically on its subsidiary Arrotex Pharmaceuticals). This comes after DBG issued a statement about a cybersecurity incident in August 2024.

Morpheus also alleged that there was a lot more to the attack than DBG had disclosed in its statement but the validity of this claim remains to be seen.

I hope DBG health had data backups

Ransomware roundup: 2024 end-of-year report

This week we released our end-of-year ransomware report. Also covered by Davey Winder at Forbes, our findings for 2024 include:

• 1,204 confirmed ransomware attacks
• 195,414,994 records compromised by these attacks
• Average ransom demand of over $3.5M
• Average ransom paid = $9,532,263
• Total ransom paid = $133.5M
• RansomHub was the most prolific gang (89 confirmed attacks) followed by LockBit (83), Medusa (62), and Play (57)

Get the full 2024 end-of-year report

The bigger they are, the harder they fall

When your company name contains words like excelsior (Latin for “higher” or “more elevated”), you’ve got a lot to live up to. Unfortunately, Excelsior Orthopedics fell from grace this week as it finally revealed the number of people impacted in its June 2024 ransomware attack via Monti.

An estimated 357,000 people are caught up in this breach with SSNs, medical data (including diagnoses, treatment costs, and procedure types), and financial information among some of the data impacted. This makes it 2024’s 14th largest data breach via ransomware on a US healthcare company.

Too little, too late, and customers are now holding the bags

What a load of Clop

Toward the end of December, Clop posted the partial names of 66 victims to its data leak site. Then, on Christmas Eve, it gave them 48 hours to meet its demands or face publication.

But on December 30, it delayed the release even further “since it’s holidays now."

Too much eggnog? A visit from the Ghost of Christmas Yet to Come? Or such good scare tactics that negotiations were still in full swing into the new year?

Who knows, but we’re still waiting for the full list to be revealed.

How...generous of them...I guess

​

Our Heart Goes Out to Cali Fire Victims

Usually, we'd use this space to offer up some interesting educational material. But we'd like to take a moment to send out positive thoughts and well-wishes to anyone in our email list who is currently suffering from or knows someone who is suffering from the current fires raging in Los Angeles.
​
This is one of the most destructive fires in LA history. And while it's easy to assume that only the rich, famous and elite are being impacted, that's not the case. Many areas, such as Altadena, are distinctly middle-class.

If you're the giving type, there are multiple ways you can donate or volunteer with the Red Cross, United Way of Greater Los Angeles, Emergency Network Los Angeles, and Los Angeles Regional Food Bank.
​
From a security perspective, many of these individuals impacted will be emotionally distraught and, unfortunately, easy victims for criminals (both physical and cyber) to take advantage of. Help where you can, how you can, and if you can.

Until next week. Let’s keep that zero-day count at zero!