TL; DR: REvil demands more and more, Irish healthcare system will assess the damages in hundreds of millions after the attack (27th week)

The cybercriminal group REvil seems unstoppable and is beginning to realize its value. After the attack on hundreds of companies, they demand a record amount as a ransom. After the ransomware attacks on Irish hospitals and healthcare organisations, state budget reserves are likely to be depleted due to bailout provision. 

Recently, however, security forces have been less successful in apprehending influential hackers.

Immodest REvil

Ransomware attack by REvil on the supply chain of Kaseya, a company providing update management and client monitoring, initially hit only 50 of the company’s clients.

Ransomware has spread to more than 1,500 companies through their service providers using software from Kaseya. REvil cybercriminals have offered a decryption key for the record price of $70 million.

After payment, decryption software should be available publicly. A Swedish supermarket chain Coop has also become the victim of the Kaseya attack, and was forced to close 800 retail stores because it was unable to control point-of-sale systems.

Damage costing hundreds of millions

Although the Conti ransomware group responsible for the ransomware attack on Irish healthcare system have gifted decryption keys, according to the Irish Health Service Executive the recovery will cost an estimated $600 million.

Approximately 120 million dollars will be used to restore the systems and the remaining 480 million dollars will be used to replace and improve ransomware-damaged systems.

However, Conti cybercriminals are still threatening to sell the data stolen from hospitals before encrypting the systems, unless a ransom of $20 million is paid.

Cyber “Puncture” of Mercedes

More than 1.6 million records and personal information of less than 1,000 Mercedes-Benz USA customers were exposed on an incorrectly configured cloud storage platform.

The information included names, e-mail addresses, residence addresses, phone numbers, payment card details, dates of birth, driving licence numbers, social security numbers and details on purchased vehicles.

Pirates versus pirates

Security researchers from Avast have found a new cryptomining malware targeting computer gamers.

Malware called Crackonosh spreads through torrent cracked or pirated versions of popular games. Since December 2020, it has infected over 222 thousand systems and earned over $ 2 million to attackers.

After installation it abuses Windows Safe Mode systems to impair system defences and antivirus.

The researchers also uncovered 8 backdoors allowing the access to Mongolian Certification Authority MonPass servers. Attackers successfully inserted a malicious Cobalt Strike code into the official installation of MonPass client.

Finally, after years, handcuffed

Interpol has arrested a Moroccan cybercriminal known under the nickname Dr Hex during the Lyrebird operation. The investigation lasted about two years.

The threat actor, responsible for multiply cyberattacks, carried out global phishing and payment card fraud.

Attacks documented between 2009 and 2018 were targeting individuals, telecommunication companies, banks and multinational corporations.


  • New South Wales Department of Education has become a target of a massive cyberattack. The attack has left local schools in a state of paralysis. A school staff is unable to access e-mails, calendars or teaching materials.
  • The Italian city of Cagliari has become a victim of the CryptoLocker ransomware attack. Services were limited for a short time and the employees were instructed not to turn on computers in offices and leave them disconnected from the network. The amount of ransom demanded is still unknown.
  • Several companies, including Roche, Siemens and Henkel, have become a target of Winnti cyberattack. A hacker group working for the Chinese government is suspected of the attack. The companies declare that they have not lost any sensitive data.
  • Japanese company providing aircraft refuelling services Japan Airport Fueling Service Co.,Ltd. experienced a ransomware attack on 21 June. The company received a ransom demand but the attacker, the amount of ransom and other details are unknown.
  • Denmark’s central bank was also compromised in the hacking operations abusing SolarWinds vulnerabilities. The attackers have had access to the banking network for 7 months but the bank declares that “there are no signs that the attack would have real consequences”.
  • A member of the cybercriminal APT group FIN 7 Andrii Kolpakov was fined $2.5 million and sentenced to 7 years in prison for cyberattacks that led to the compromise of millions of credit and debit cards.
  • The UK arm of international charity the Salvation Army has been hit by a ransomware attack. Services for the vulnerable people who depend on charity have not been impacted. The attacker, the type and volume of stolen data are not known.
  • Dutch cybersecurity firm Tesorion has released a decryptor for certain types of files encrypted by the Lorenz ransomware.
  • Researchers from Doctor Web have discovered 10 malicious apps, of them 9 on Google Play Store. The apps were designed to steal Facebook users’ logins and passwords and were installed almost 6 million times.

« Späť na zoznam