1.) Notorious Hive Ransomware group has published details of 850,000 patient records belonging to Partnership HealthPlan of California and said that a portion of data will be sold on the dark web, if the healthcare provider doesn’t bow down to its ransom demands.
As an incident response, the Partnership HealthPlan of California says that it has set up a Gmail address for patients to respond and showed that a team of experts have been pressed to probe the incident.
A press update released by the company states that information such as email addresses, social security numbers, physical addresses of over 850,000 PII were stolen by Hive hackers and all measures were being taken to stop them from posting 400 GB data onto the dark web.
2.) Conti Ransomware group has published on the dark web that it has targeted the servers belonging to Shutterfly, an online store that sells and purchases photography related services via web.
The incident reportedly occurred in December 2021 and the threat actors gained access to their network via a Windows Domain Controller.
Online tech news resource Bleeping computer reported Conti gang encrypted over 4k devices and 120 VMware ESXi servers that stored information belonging to Shutterfly.
3.) Third, a ransomware group dubbed SunCrypt that involves in triple extortion tactics of file encryption, a threat to post data online and launching DDoS attack on victims failing to pay a ransom is doing round on internet. And as per the sources, SunCrypt Ransomware gang is back in business and is slowly picking up in 2022. Minerva Labs, a security firm has endorsed the news and added that the threat group is looking to target only large enterprises and is keeping its ransom negotiations anonymous, to stay away from the tracking radar of law enforcement agencies.
4.) Last, but not the least, is the information regarding how fast the ransomware encrypts files. Researchers from Spunk have found that most of the reputed ransomware groups encrypt servers within a matter of 5 minutes and 50 seconds to encrypt 100,000 files. And the quickest among them is LockBit Ransomware that encrypts over 100 GB data within 4 minutes 9 seconds. Other ransomware forms were found encrypting files in the following time frame- Babuk Ransomware- In 6 minutes 34 seconds for a data of 100GB; Avaddon Ransomware- In 13 minutes 14 seconds for a data of 100GB; RYUK at 14 minutes,30 seconds; REvil in 24 minutes 16 seconds and BlackMatter ransomware in a time frame of 45 minutes. DarkSide that has the history of encrypting databases of Colonial Pipeline took 47 minutes to encrypt data on the victim database and Conti Ransomware at a time of 59 minutes 23 seconds to lock down access to 54GB of data files. Maze and PYSA were slow in doing their work as they were found encrypting a 50GB data file in over 109 minutes.
