TL; DR: REvil in new clothes? (Week 42)

Microsoft faces an incident that may have resulted in the data leak of tens of thousands of entities, security forces arrested members of a car-jacking gang, and an Australian insurance company was the victim of a ransomware attack.

Microsoft incident

A configuration error led to a potential leak of Microsoft customer and partner information. SOCRadar security researchers report that they found 2.4 TB of emails and project information, containing e.g. project files and identifying information, related to 65,000 entities from 111 countries. Microsoft’s position on the researchers’ findings was that “the magnitude of the problem has been greatly exaggerated” and SOCRadar’s decision to create a search tool to search this data exposes customer to unnecessary risk. The organisations affected by the leak have reportedly been informed by Microsoft.

Arrest of a thieving gang

French security forces, in cooperation with Eurojust, Europol and Spanish and Latvian authorities, successfully dismantled a car theft ring. The action at 22 locations led to the arrest of 31 suspects, including developers of keyless car-opening malware, distributors of stolen cars and thieves who were stealing the cars themselves. Property worth €1 million was also seized.

Ransomware attack on an insurance company

Australian health insurance provider Medibank was the target of a ransomware attack that briefly disabled the company’s systems. After the attack, the attackers contacted the company and provided the insurer with data samples. These showed that the attackers had full identification and claims-related data of patients.

Ransom Cartel = REvil?

Cybersecurity researchers from Palo Alto Network’s Unit 42 reported their findings regarding the Ransom Cartel ransomware group. The summary of findings after analyzing the malware and the group’s practices suggests that Ransom Cartel members may be the original key members of REvil or may be a rebranding of the original “brand.”


  • Another member of the Lapsus$ gang has been arrested, this time by the Brazilian Federal Police,
  • GROUP-IB security researchers have published an analysis of the DeadBolt ransomware specialized for NAS storage,
  • decentralized cryptocurrency trading platform Moola Market was the target of a cyberattack resulting in the loss of $9 million in cryptocurrency,
  • The FBI has issued a warning against scammers posing as representatives of the federal student loan forgiveness program. The cybercriminals are attempting to extort sensitive information from victims by any means necessary (from a phone call to a written letter),
  • German newspaper publisher Heilbronn Stimme was the target of a ransomware attack that completely knocked out its mailserver, phones and made it impossible to print 75,000 copies of the magazine. The newspaper’s website is still accessible and the payment gateway has been temporarily shut down,
  • Japanese microelectronics design and manufacturing company Oomiya was the target of the LockBit 3.0 ransomware attack. The cybercriminals are allegedly in possession of the company’s data and are extorting it.


« Späť na zoznam