FBI has issued a fresh alert against the activities being carried out by a newly detected ransomware group dubbed OnePercent. The law enforcement agency says that the threat actors have been targeting companies since Nov’2020 by using the emulation software of Cobalt Strike.
In the latest discovery made by FBI, security analysts found that the OnePercent Ransomware group was compromised victims via phishing emails that were laced with malicious attachments such as Banking Trojans.
Once clicked and downloaded, the Banking Trojan downloads extra software onto the victims’ PC, including the red software of Cobalt Strike. Thereafter, OnePercent locks down the data and encrypts the network, after transmitting a portion of info to remote servers.
And if the victim denies paying a ransom, OnePercent threatens them of publishing the data to a ransomware group called REvil aka Sodinokibi.
In a second incident related to ransomware, the University Medical Center (UMC) based in Southern Nevada suspects that REvil ransomware gang might have entered its network last summer and might have stolen the data related to over 1,300,000 people.
Prima facie has revealed that the cyber crooks might have stolen info such as demographic data, clinical info history and financial data related to insurance numbers.
UMC stated that the network infiltration might have taken place for a day or so, but the hackers compromised some critical files on the network to demand $12 million.
Third, a ransomware attack targeting the third party servers leased by Indiana State Department of Health are reported to have compromised personal info related to over 750,000 Indiana residents.
Leaked or fraudulently accessed info includes names, addresses, email, gender, ethnicity, race, birth dates of the residents and excludes data such as medical and social security info.
As per the sources reporting to our Cybersecurity Insiders, the servers were targeted on July 2nd of this year and Indiana State Health department took all measures to contain the impact.
