CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.

Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp - used by double digit number of other credit unions across the United States.
A ransomware group gained entry to Trellance via Ongoing Operations.
ABC report homebuying in the US has stalled due to a ransomware incident at Fidelity National Financial.
Sadly, CitrixBleed isn't an isolated situation - it's just the perfect storm of the style of vulnerability combined with ransomware groups.
The security patch for this issue became available almost two months ago.
I then wrote a blog saying mass exploitation was happening, a companion piece to say ransomware groups are using the vulnerability to backdoor systems for later and continued to track threat actor activity.
First, many of the victim organisations either never appeared on ransomware group portals, or disappeared from ransomware group portals, because the organisations made the choice to pay the criminals.
I've spent 24 years non-stop working for medium to large size enterprises, from oil companies, telcos, ICS manufacturing, a security vendor etc, in cybersecurity.
What's happening with ransomware isn't normal, it has just become normalised.
Whilst it is absolutely true that ransomware and extortion groups are just a symptom of poor security - trust me, I've seen it - the reality is poor security isn't fixable any time soon, but the threat uncontrolled groups who've monetised said poor security poses is.
Legitimately annational security risk that is going to keep escalating until something goes very wrong, I fear.
It isn't just the criminals who have monetised poor security here - there's an industry which has sprung up monetising the victims and the fear of being a victim, too.
Netscaler runs on FreeBSD. FreeBSD supports security jails, to stop processes going rogue.
In short, I think security vendors like Citrix need to up their game, as things are real now - or be regulated.
It cannot be the position that every customer is expected to install 4239 security patches every year for 3294 different vendors largely for variations of the same classes of security bugs that the vendor has failed to address for decades, nor should it be the position that every customer has to apply 398 different security 'best practices' each year to make a product they just purchased secure.
It simply doesn't scale and is leading to a security poverty line which risks sinking small to medium sized businesses - which as Satya Nadell has said before, are the life blood of the global economy.
Payments to ransomware and extortion groups need to be outlawed.
We all know that Boeing is the outlier here, as currently every CISO is playing a Western game on TLP:RED. I think it's very clearly a race to the bottom, and history shows those who try to cover up ransomware incidents often end up directly in the spotlight as a result.
These play books should not have been used for ransomware.
We shouldn't have normalised ransomware like we have, especially given the escalating nature of the problem.


This Cyber News was published on doublepulsar.com. Publication date: Sun, 03 Dec 2023 23:43:05 +0000


Cyber News related to CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US.

Ransomware attack on Patelco Credit Union causes confusion ahead of holiday weekend - One of the largest credit unions on the West Coast continues to struggle with its operations following a ransomware attack that began on Saturday. Patelco Credit Union - one of the nation's oldest credit unions with more than $9 billion in assets - ...
3 months ago Therecord.media
60 US credit unions offline after cloud ransomware infection The Register - A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. This is according to the National Credit Union Administration, which on Friday told The ...
10 months ago Go.theregister.com
CitrixBleed ransomware group woes grow as over 60 credit unions, hospitals, financial services and more breached in US. - Credit union technology firm Trellance own Ongoing Operations LLC, and provide a platform called Fedcomp - used by double digit number of other credit unions across the United States. A ransomware group gained entry to Trellance via Ongoing ...
10 months ago Doublepulsar.com
Credit union operations restored after tech supplier ransomware attack - The federal agency that oversees credit unions said operations at about 60 of the organizations have been restored following a ransomware attack last month. Ongoing Operations, a cloud services provider owned by credit union technology firm ...
9 months ago Therecord.media
Hospitals Must Treat Patient Data and Health With Equal Care - COMMENTARY. Hospitals are in the crosshairs: As collectors of some of the most personal and sensitive data available, hospitals are a prime target for hackers and cyberattacks. Patient data needs to be treated with as much care and sensitivity as the ...
8 months ago Darkreading.com
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
1 week ago Securelist.com
Capital Health Hospitals hit by cyberattack causing IT outages - Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week. The healthcare system manages two hospitals, an outpatient facility in ...
10 months ago Bleepingcomputer.com
LockBit targets hospitals - We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. These attacks include ones against Yakult Australia and the Ohio Lottery by the new ...
9 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
Hospitals ask courts to force cloud storage firm to return stolen data - Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack and now stored on the servers of a Boston cloud storage company. Carthage Area Hospital and Claxton-Hepburn Medical Center have ...
9 months ago Bleepingcomputer.com
Cyberattacks on Hospitals Are Likely to Increase, Putting Lives at Risk, Experts Warn - Cybersecurity experts are warning that hospitals around the country are at risk for attacks like the one that is crippling operations at a premier Midwestern children's hospital, and that the U.S. government is doing too little prevent such breaches. ...
7 months ago Securityweek.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
8 months ago Securityboulevard.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
8 months ago Bleepingcomputer.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Bay Area Credit Union Struggles to Recover After Ransomware Attack - Tens of thousands of customers of Bay Area credit union Patelco remain without access to their accounts, following a crippling ransomware attack on the 88-year-old financial institution. The June 29 attack forced the credit union to shut down several ...
3 months ago Darkreading.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
9 months ago Bleepingcomputer.com
HHS warns of 'Citrix Bleed' attacks after hospital outages - The U.S. Department of Health and Human Services is warning hospitals and healthcare facilities across the country to patch a vulnerability known as "Citrix Bleed" that is being used in attacks by ransomware gangs. For weeks, cybersecurity experts ...
10 months ago Therecord.media
Nearly 3 million affected by ransomware attack on medical software firm - Millions of people across the U.S. had their information exposed following a ransomware attack on a company that provides software to hospitals and emergency medical services. The data theft occurred before the gang attempted to encrypt the ...
9 months ago Therecord.media
SW Ontario hospitals confirm patient data compromised in cyberattack - As the fallout from last week's cyberattack against five southwestern Ontario hospitals continues to spread, the organizations confirmed Tuesday that patient information was stolen and they now fear the blackmailers might publish it online. TransForm ...
10 months ago Windsorstar.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
8 months ago Unit42.paloaltonetworks.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
4 months ago Bleepingcomputer.com
New Jersey, Pennsylvania hospitals affected by cyberattacks - Hospitals in New Jersey and Pennsylvania are dealing with the ramifications of cyberattacks this week following several similar incidents that took place during the Thanksgiving holiday. This week, Capital Health said it is experiencing network ...
10 months ago Therecord.media
HHS proposes new cybersecurity requirements for hospitals through HIPAA, Medicaid and Medicare - The United States Department of Health and Human Services said it is planning to take a range of actions in an effort to better address cyberattacks on hospitals, which have caused dozens of outages across the country in recent months. First reported ...
10 months ago Therecord.media
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
8 months ago Darkreading.com
60 US credit unions offline after cloud ransomware infection The Register - A ransomware infection at a cloud IT provider has disrupted services for 60 or so credit unions across the US, all of which were relying on the attacked vendor. This is according to the National Credit Union Administration, which on Friday told The ...
10 months ago Theregister.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)