Double-Extortion Ransomware Attacks on the Rise with Clop and FIN11

Every day, more people get online - most do it for leisure, but organizations are increasingly moving into the digital environment.

What is there to know about a person? Certainly, their name, but how about their affiliations, philosophical beliefs, or sexual orientation?

Suppose someone left their home, got in their car, and drove to the grocery store. Much like data packets that travel over Internet highways, the car will use various pathways to reach its destination; however, once the car gets to the store, a question remains: what happened between the generating point and the destination?

Ever follow an ad featuring limited-time products to a company's web page only to find they're selling something else entirely?

In 2023, based on wire fraud statistics nearly a quarter of consumers received suspicious communications, which may have occurred over text, email, phone, or social media.

When we think of "property," the first thing that comes to our mind might be tangible objects—items we've purchased, like cars and homes, or entitlements we've procured, like land, titles, or even honorifics.

What is an Incident Response? After a bank heist, the work begins with specialized teams and plans engaged, allowing for analysis of the event, and from this analysis, the bank can prepare a response to the incident.

Everyone has received a spam text or email at some point. Their hallmarks are widely known; they often include poor or strange grammar, suspicious links, suggested connections with companies or people, or random individuals asking for help in some capacity.

Every year, millions of people get victimized by data breaches. Criminals steal their data from the network environments of organizations, vendors, providers, institutions, and governments; with ever-increasing frequency, cybercriminals are making big moves in the cyber wars—and making billions of dollars. 

When the pandemic hit in 2020, our world became chaotic overnight. Throughout the nation, individuals were met with layoffs or stringent checks—pushing the financials of families to their breaking points.

Based in Philadelphia, Pennsylvania, CGM is a nationwide cementitious vendor for industries and construction projects. They are a leader in manufacturing, labeling, and distributing custom cement and patching products.

Patients with cardiovascular issues may appear in one of the Chattanooga Heart Institute (CHI) facilities in Tennessee and Georgia.

INTEGRIS Health is the largest non-profit healthcare network in Oklahoma and surrounding regions. The network includes medical and surgical centers, hospitals, emergency rooms, hospice options, addiction recovery programs, and a holistic approach to health and wellness.

This week was particularly active in Cybersecurity—attacks rained upon all states, from the Great Basin of Nevada to the Volcanoes of Hawaii.

Navvis & Company is a comprehensive healthcare network throughout the US, including Hawaii. They offer scalable healthcare services that push patients towards their health and wellness goals while supporting providers' roles to achieve those milestones.

Azura Vascular Care operates a national network of health and wellness centers. They specialize in minimally invasive procedures and strive to treat vascular conditions in comfortable, out-patient settings.

Perry Johnson & Associates (PJ&A) is a medical transcription organization based in Nevada. Since the public learned about PJ&A's breach, we have featured it whenever large healthcare networks have announced data breaches stemming from their incident and when officials present updates.

Connecticut College (CC) is a private campus institution in New London, CT; initially opened as a women's college, the institution today serves a 2k-student population and offers more than 40 degree programs.

U.S. Renal Care (Renal) is a 32-state, 400-location, 26k-patient healthcare provider primarily concerned with kidney disease and longevity; Renal offers in-facility and at-home dialysis solutions.

This week, around 643k data records were announced as lost in the cyber wars. Early on, the public learned of HopSkipDrive's event, which impacted 155k student guardians.

The Bayer Heritage Federal Credit Union has headquarters in West Virginia. Like other unions, they offer various services that assist members in saving and investing no matter their life phase.

Infosys McCamish Systems (IMS) is a subsidiary of Infosys, a global outsourcing organization. IMS is primarily concerned with delivering life insurance and retirement solutions for clients of Infosys.

Verizon is a top-performing communications organization with clients and influence worldwide. They offer various electronic services, including physical technology, Internet services, entertainment programs, communications plans, etc.

Des Moines Orthopaedic Surgeons, P.C. (DMOS) has three clinics throughout Iowa's capital; they offer comprehensive solutions for ortho-care, from joints to extremities and MRI imaging to outpatient surgery.

Bankers Life and Casualty Company (Bankers) is a nationwide retirement solutions provider. Their services assist members in maintaining and stretching their retirement income, paying for health and treatment programs, finding excellent retirement care, and assisting families with final expenses.

HopSkipDrive is an education solution that assists guardians with their unique transportation needs; from planning bus logistics to utilizing live ride-share options, HopSkipDrive is a family's best resource for education transportation.

The Government Employees Insurance Company (GEICO) is a privately owned insurance group with 70 branches in the US. They provide insurance plans for all aspects of life, including auto, motorcycle, travel, pet, homeowner, renter, and jewelry options.

This week started with a cyber event targeting a Californian insurance brokerage, Keenan & Associates; the assailants garnered over 1.5 million records from the attack.

The Identity Theft Resource Center (ITRC) is a non-profit organization that minimizes and mitigates the risks of identity threats.

Planet Home Lending (PHL) is a real estate and homeowner agency that assists consumers in finding and financing lasting homes.

Effectively responding to cyber threats is all about speed and information. Defense specialists must react quickly to repel attacks and mitigate damages.

We don't think about it much, but moving data from our devices to various online locations is a complex process. It's just a single click for us but involves countless communications between servers.

Zero-day vulnerabilities have transformed into something of a boogeyman for business owners. They represent a significant threat to sensitive information and assets but are extremely challenging to respond to.

Nowadays, digital transactions and virtual interactions aren't exactly optional. People can't keep their information off the web due to professional reasons, and many processes are exponentially more convenient through an online profile.

A Californian insurance brokerage offering insurance and budgetary solutions for schools, community agencies, and healthcare organizations—Keenan & Associates, has announced a significant data breach.

Security Discovery is a cyber risks analyst and solution provider. They are an industry leader with a significant track record of discovering data breaches overlooked by their competitors.

This week in cybersecurity saw billions of records fall into the hands of criminals. The week began with a report of 132k records compromised from an Indiana healthcare system.

First Financial Security, Inc. (FFS) is a nationwide insurance brokerage agency that assists insurance representatives in training, equipment, and licensing.

Photo by loganrickert licensed under CC BY 2.0 DE Deli Management, Inc. does business as Jason's Deli. It is an organization with over 250 deli shops located in 28 states.

Based in Irvine, California, LoanDepot is a nationwide mortgage lender. Their solutions assist homeowners in purchasing land and obtaining reasonable equity costs.

This week was slow in the cybersecurity breach world; a combined 775k records got exposed stemming from two health centers (Singing River Health and Harris Center for Mental Health and IDD) and a nationwide mortgage lender (Academy Mortgage Corporation); a communications security solution (Egress) released a risk report urging action of business leaders; and Kansas State University suffered widespread disruptions, potentially compromising the sensitive data of their students and faculty.

Kansas State University (K-State) is below Tuttle Creek Lake in northeast Kansas. The university serves 20,000 students, employs a complex faculty of emeritus, postdocs, and graduates, and offers over 50 programs.

Egress Software is a cybersecurity firm specializing in digital communications. They analyze security risks within emails, messaging, documents, file-sharing gateways, and more.

Academy Mortgage Corporation (AMC) is a nationwide mortgage lender and home loan estate professional group. The organization has over 200 branches throughout the US and numerous loan, mortgage, and financing options.

Singing River Health System (SRHS) is a healthcare network located in the tail of Mississippi (and northern Alabama). They provide a comprehensive network of medical services for residents, including cancer, emergency, hospice, pediatrics, and urgent care.

The Harris Center for Mental Health and Intellectual and Developmental Disabilities (IDD) has six regional locations and assists those with behavioral health and developmental needs.

NASCO provides various healthcare solutions to serve Blue Cross and Blue Shield members. They offer a comprehensive portfolio of services and use industry insights to project the needs of their 20 million clients.

This week's featured cyber incidents included a combined 2.3 million, although one event remains under investigation. The week began with an update from the Edmonds School District regarding their January 2023 breach, which exposed 145,844 individuals.

Cooper Aerobics is a health and lifestyle entity concerned with providing comprehensive wellness solutions. As a business organization, their brand includes The Cooper Institute, a Clinic, a Fitness Center, a Spa, a Vitamin line, Wellness Strategies, and a Hotel.

Electrostim Medical Services Inc. (EMSI) is a healthcare servicer in Tampa, Florida. They create and disperse home electrical stimulation devices, brace accessories, pain management solutions, and physical rehabilitation tools.

LoanDepot is one of the nation's most widespread nonbank mortgage lenders, offering financial solutions and opportunities to homeowners.

Edmonds School District (ESD) is in south Snohomish County, Washington. The district involves 35 schools, including Brier, Edmonds, Lynnwood, and Woodway institutions.

The North Kansas City Hospital (NKCH) is just north of the Missouri River in North Kansas City, Missouri. The hospital boasts a considerable campus with 450 beds and over 100 more physicians.

This week, 2024, started with destructive numbers. Transformative Healthcare was featured early on; their breach happened in February 2023 and may impact over 900k people, including patients and former FAS employees.

For over a decade, the magnetic stripe was the authentication tool behind modern-day credit cards. Magnetic stripe technology was developed in the late 1960s, but it took time before widespread use.

Image: "INTEGRIS Grove Hospital" by Todd Stogner, CC BY-SA 3.0. Integris Health is one of Oklahoma's largest medical networks; they operate hospitals, clinics, and urgent care from their 24 non-profit campuses.

Fred Hutchinson Cancer Center (FHCC) is a three-location care network that delivers solutions for cancer patients. They are an independent organization that provides experience for the University of Washington's Medicine programs.

Bunker Hill Community College (BHCC) serves a population of about 13,000 across two campuses and dispersed locations. BHCC offers over 100 degrees, including arts, sciences, business, health, law, and STEM opportunities.

Photo by Mangocove under CC BY-SA 4.0 DEED Our first breach report of 2024 concerns Boston's retired Fallon Ambulance Service (FAS).

National Amusements (NA) is in Norwood, Massachusetts. They are the majority shareholder for media sources, including CBS, Viacom, and Paramount.

This week caps off our year of cyber breaches; in this week alone, we saw millions of records stolen, targeted health providers, mortgage servicers crumble, and the return of a year-old breach.

LoanCare is a sub-servicing entity that assists mortgage loan providers with finance and data functions; they service over 1.5 million customers across the states and beyond.

HealthEC (HEC) is an analytics and AI-assisted solution that siphons all relative information about patients into cohesive packages.

Welltok provides a multi-use platform allowing institutions and individuals to manage their health and well-being. It is a third-party solution that caters to clinics, health networks, industry leaders, and private clinics.

ESO Solutions is a primary software developer and analytics platform for emergency and associated services; its programs connect emergency response agencies, fire departments, hospitals, and state response offices.

Xfinity is the name of Comcast Communications' internet, TV, and phone service; it is the most significant cabled internet service in the states, with more than 32 million residential customers.

This week was devastating for data breaches. Across the US, cybercriminals stole the information of 58.4 million consumers, patients, and students.

The explosive growth of cryptocurrencies was nothing short of extraordinary. Even the most doubtful among us couldn't help but put a few dollars in to see what would happen.

Roughly 20 percent of all retail sales occur online. This statistic may sound lukewarm now, but e-commerce is rapidly becoming the lion's share of global transactions.

Embezzlement is an internal crime that someone commits against their organization. The perpetrator's inside knowledge helps them avoid detection and clean up the evidence.

Delta Dental of California (DDC), Delta Dental Insurance Company, Delta Dental of Pennsylvania, and other subsidiaries may have exposed data; the compromised data is not a product of the organizations.

The National Student Clearinghouse (NSC) is a provider of comprehensive skill sets; they work to better prepare students for success through grade school and during the transition into the workforce.

We reported on Mr. Cooper—one of the nation's largest mortgage providers—a month ago. Mr. Cooper was featured as they dealt with the throws of a cybersecurity event.

The West Virginia University Health System (WVUHS) contains multiple institution locations, hospitals, and clinics. Welltok is a communications platform that allows patients and physicians to speak while encouraging healthy lifestyles.

In the Valley of the Sun, Cardiovascular Consultants Ltd. (CVC) provides clinical, surgical, and consultation services; the Phoenix-based cardio group serves 11 of the region's hospitals—offering a range of assistance for patients and physicians.

This week, cybercriminals again targeted US medical records and patient identities. The attacks started with a 2.5 million record breach from Kentucky's Norton Healthcare circuit, including data from pediatric patients.

Southern Illinois Healthcare oversees the operations of Harrisburg Medical Center (HMC), a not-for-profit community hospital with over 70 beds and 140 physicians.

In Oregon, the Neuromusculoskeletal Center of the Cascades and Cascade Surgicenter collectively are "The Center. " The professionals that work there are highly trained doctors from many fields, including physiatry, occupational medicine, neurosurgical, and orthopedic care.

"The Ben E. Keith East Texas Division in Commerce, Texas (United States)" by Michael Barera is licensed under CC BY-SA 4.0. Source: Wikimedia Commons

Norton Healthcare consists of over 430 locations between Kentucky and Indiana. The clinics meet over two million a year, including adult and pediatric patients.

Cybersecurity breaches are at epidemic proportions; in the last two years, cybercriminals have stolen over 2.6 billion consumer records from thousands of organizations.

This week's data breaches contained significant impact figures from around the world. Malware on a vendor's computer inadvertently breached Japan's Line Messenger.

The number of victims caused by the global MOVEit data breach continues to climb; Welltok has announced more exposures, this time from three more health organizations.

"Pan American Life Insurance Group Building - New Orleans" by Tony Webster is licensed under CC BY 2.0. Source: Flickr

East River Medical Imaging (ERMI) has three locations in New York City and Westchester County.  ERMI is a "multi-modality radiology center," including patient-centered solutions like MRIs, CTs, ultrasounds, imaging, radiology, fluoroscopy, and x-rays.

Line Messenger is a communication app that allows users to communicate for free by sending messages and making voice calls. Japan's mega-corporation, LY Corp.

In 2015, Family Dollar acquired its biggest competitor, Dollar Tree. Family Dollar is one-half of a consumer's dream; they offer low-priced goods for families in 8,200 locations nationwide.

This week, cybercriminals targeted health lifestyle members, patients, gamblers, and general consumers. Early on, Welltok returned to the news, this time with over 426k member data stolen by assailants; the organizations impacted by the breach were Premier Health and Graphic Packaging International.

Caesars Entertainment (CE) oversees 58 gaming properties across the continental states. Their locations include world destinations, nightlife activities, a comprehensive concierge, and an industry-leading approach to draw millions of gamblers weekly.

Zeroed-In Technologies offers curated human resource solutions and analytics to organizations. Among those who use their services are the City of Detroit, Dollar Tree, Family Dollar, and the U.S. Department of Defense.

Robeson Health Care Corporation (RHCC) is a healthcare network serving North Carolina residents. They offer behavioral, dental, general, and outreach services in nine locations across six counties.

Welltok operates an online wellness program various organizations use to encourage healthy lifestyles. They've been in our news frequently as the global MOVEit breach continues.

This week, the cybersecurity environment continued to be rocked by the global MOVEit data breach. Various Stanford Health groups had information taken in the MOVEit event, up to 1.6 million patient records.

NSC Technologies is a workforce management solution pairing perfect prospective candidates with companies desiring long-term employees.

Group 1001 is the parent company of Delaware Life, a long-term financial consultant for organizations. Delaware Life uses a third-party vendor, Pension Benefit Information (PBI), for analysis and research services.

AutoZone is a vehicle parts replacement provider and servicer. Hosting over 5,300 stores across North America alone, AutoZone is a recognizably local option for car owners stateside.

Based in Central New York, Systems East, Inc. , is a finance, billing, and payment solution for commercial software products.

Stanford Health Care Alliance encompasses children's hospitals, care plans, medicine partners, scholars, and the Stanford University faculty.

Breaches were rampant this week, impacting as many as 15 million individuals. The State of Maine announced that it bled 1.3 million resident records due to the global MOVEit vulnerability.

Perry Johnson & Associates (PJ&A) is a medical transcription service assisting providers like Cook County Health and Northwell Health.

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

The dark web, also known as the "darknet", is a portion of the internet that lies outside the boundaries of traditional search engines.

Your Wi-Fi network is another handy access point that hackers use to infiltrate your computers, steal your identity, and grab your personal details.

Six databases that were owned by Friend Finder Networks, Inc. suffered a massive data breach in 2016, which cost 412 million users their accounts.

In this highly digital age, it is near impossible to erase all information online about yourself, but you can do a lot to remove online information and minimize your risk of identity theft or worse. 

With all our technology and connectedness comes a price, vulnerability. Now more than ever before, our credit and identities are at risk from cybercriminals, thieves, and hackers.