From the Better-Late-Than-Never Department:
"Washington County is preparing to implement a new policy on how to respond to future cybersecurity attacks after a ransomware strike crippled the county government for more than two weeks earlier this year.
County solicitor Gary Sweat is asking the commissioners to consider approving a “business continuity and disaster contingency” plan that would have a protocol for county workers and its IT department to follow in the event of another cyber emergency."
As a reminder, they paid $350k ransom to ransomware gang to get decryptor key.
In early October, Wayne County in Michigan announced it was the victim of a cyberattack that a source acknowledged involved disruption and a ransom demand.
Today, Interlock has claimed responsibility for the attack and leaked data. They claim: "We offer you more than 130 SQL databases. A large collection of confidential criminal investigation files, personal data of residents. "
The leak is 7.7 TB of data. There are six screencaps as POC, and a list of files that can be separately downloaded. From the list, it does look like there is a lot of PII and sensitive info. :(
There doesn't seem to be anything on Wayne's website or FB page at this point about today's leak and claims.
Army to defend small businesses against hackers with NCODE secure cloud enclave pilot:
Payroll-related cyberattack led to breach of Mass. state workers’ information, comptroller says
Threat actors called Valencia Ransomware claim to have hit the City of Pleasanton in California. They have leaked what they claim are 283 GB of files on their dark web leak site. They claim the data includes:
"PII (Names, Full Addresses, DOB, Drivers License's, Credit Cards, Personal Financial Data), Company Financial Data, Sensitive files containing passwords, Employee Resumes, Confidential company documents & more."
There is nothing on the city's website about any attack. I have sent an inquiry to the city to try to find out more. Downloading the data tranche is estimated to take another 29 days or more at the blistering download rates... ugh.
As an update on Hunters International's claims about the US Marshals data: the Marshals Service claims it is not a new #databreach or data but is from a breach last year that they had disclosed. Read more:
https://therecord.media/marshals-service-data-posted-ransomware-gang
It looks like the RA group called Hunters International claims to have exfiltrated data from the U.S. Marshals. They haven't leaked any actual proof of claims yet, but show some screencaps that are suggestive that they may have data to back up their claims.
Hunters uses icons on their listings. There is nothing on this one to suggest that they have locked/encrypted this target. Nor is it evident how much data they claim to have, total, or how much they are demanding in ransom.
There is no indication of any attack on the US Marshals website. I have emailed them and DOJ to inquire whether they will confirm or deny any claimed attack.
@JayeLTee Nice work on your part. It's a shame that too many entities don't even say a simple "thank you" to those who try to alert them to a leak or situation. And, of course, how many of those who don't even acknowledge will ever disclose a leak or breach on their own?