1.) Xerox Business Solutions (XBS), a division of Xerox Corporation, has fallen victim to a new ransomware variant known as INC Ransom. The tech giant has acknowledged the incident and promises to provide more details once a thorough investigation is complete.
XBS, specializing in digital document technology, is currently verifying the authenticity of the documents claimed to be stolen by the INC Ransom group. The company is enlisting the help of technology experts to address the situation. Samples of the pilfered data released by the cybercriminals include records of XBS payments from early last year, invoices, completed request forms, and purchase orders from technology clients and partners. Notably, Xerox faced a similar file-encrypting malware attack in 2020, with the Maze Ransomware group claiming to have stolen approximately 100GB of data from the corporation.
2.) In another cyber incident, a ransomware attack on Gallery Systems, a software provider for museums, has resulted in widespread disruptions to IT systems, causing financial losses for art galleries across the United States. The affected museums include the Museum of Modern Art in New York, the Metropolitan Museum of Art, the Chrysler Museum of Art, the Museum of Pop Culture in Seattle, The Barnes Foundation, the Crystal Bridges Museum of American Art, and the San Francisco Museum of Modern Art.
Gallery Systems, the targeted company, suffered a malware attack on December 28th, 2023, and the BlackCat ransomware gang has claimed responsibility for the incident. However, Artsystems (now Gallery Systems) has not confirmed the claim as they focus on recovering encrypted data from backups.
3.) In a different cyber threat landscape, hackers have been exploiting the name of ChatGPT since August of last year, hosting over 65,000 web domains to capitalize on the success of the Microsoft-owned and OpenAI-developed conversational chat-bot. Alarmingly, over 20% of these fraudulent websites are being utilized by online users to propagate ransomware. Those impersonating the tech giant’s AI offering are financially benefiting by providing premium services at international rates.
Moreover, these deceptive websites serve as platforms to extract sensitive information knowingly provided by users, including email IDs and passwords. These ill-intentioned sites also engage in malicious activities by deploying payloads onto users’ devices, enabling future espionage, data encryption, or content wiping. A ransomware report from ESET sheds light on these findings, emphasizing the constant threat posed by cybercriminals exploiting vulnerabilities, as seen in the MoveIT hack conducted by the Russian Ransomware gang CLOP.
