With ransomware attackers setting their sights on municipal targets, this past week Liege, Belgium became the latest city forced to close many of their critical systems after identifying a cyberattack. In other cybersecurity news, Wegmans Food Markets is busy closing access to private databases that have been publicly accessibly since April.
Over the weekend, operators of the Ragnar Locker ransomware released over 700GB of stolen data belonging to ADATA, a Taiwanese chip maker. The service hosting the files took action and closed the accounts controlled by Ragnar Locker, though there was still plenty of time for any interested parties to download the data. The data itself seems to have originated from a May attack on ADATA. ADATA was forced to take their systems offline, though they decided to restore them from their own backups rather than paying a ransom.
After receiving a tip from a security researcher, officials for Wegmans Food Markets have begun securing multiple misconfigured databases that have been publicly accessible since April. While the impact of this incident is still unclear, Wegmans has already started reaching out to customers who have had some information compromised. This marks the second potential security issue faced by Wegmans this year, after a suspected credential stuffing attack took place in February.
The city of Liege, Belgium took several of their critical systems offline earlier this week. The city was forced to shutter their systems after identifying a cyberattack affecting some of the municipality’s network services. It is believed that the Ryuk ransomware gang is responsible, potentially putting them back in the news. They’ve made headlines in the past for targeting both cities and major corporations in hopes of cashing in on a large ransom payment.
The Conti group has claimed responsibility for a May ransomware attack on Tulsa, Oklahoma. They’ve posted nearly 19,000 stolen files to their leak site, many of which contain highly sensitive information on citizens who have had interactions with the city or its police. Officials for the City of Tulsa have started contacting all affected citizens and are warning them to be vigilant for any fraudulent emails or other unexpected contact that they may receive in coming weeks.
Following a March attack on a third-party service provider, Air India has stated that nearly 4.5 million customers may have had their personally identifiable information compromised. The data spans a decade’s worth of Air India customer information. Air India is only one of many airlines that have been impacted by the attack on the third-party service provider.