At a glance.
- Cocky Conti hackers tells RIPTA to Google them.
- Delivery fee comes with hidden costs.
- Georgia State Bar website down after cyberattack.
Cocky Conti hackers tells RIPTA to Google them.
The malware used in the August cyberattack on the Rhode Island Public Transit Authority (RIPTA) that compromised the data of 22,000 Rhode Islanders has been identified as Conti ransomware. Developed by Russian-speaking hackers, Conti has been responsible for nearly ninety incidents impacting US critical infrastructure last year. The threat actors who carried out the RIPTA attack left a ransom note reading, "All of your files are currently encrypted by CONTI strain. As you know (if you don't — just 'google it'), all of the data that has been encrypted by our software cannot be recovered by any means without contacting our team directly.” Though the US Federal Bureau of Investigation warns against meeting attackers’ ransom demands as there is no guarantee the cybercriminals will keep up their end of the bargain, RIPTA reportedly coughed up $170,000 (covered by the Authority’s cybersecurity insurance policy) to restore its systems and prevent the cybercriminals from publishing the stolen data. RIPTA spokesperson Cristy Raposo told the Providence Journal yesterday, "Since discovering the incident, RIPTA has taken appropriate steps to help ensure individuals’ sensitive data is not further exposed.”
Delivery fee comes with hidden costs.
Yahoo reports that scammers posing as representatives of UK delivery service Evri (formerly known as Hermes) have launched a smishing operation to trick targets into sharing their personal information. Victims receive a text message claiming that they need to pay a fee of £1.45 for redelivery, and the included link leads to a fraudulent website where they are asked to enter their payment details. The fee is small because the cybercriminals are not after the money, but the victim’s bank credentials. A warning from scam reporters Florence Trust says the texts began circulating last month, and the Evri website has issued advice on how to avoid the scam.
Georgia State Bar website down after cyberattack.
The State Bar of the US state of Georgia was forced to shut down its website after an intruder gained “unauthorized access to its network,” according to a message on a holding page that has replaced the site. An investigation is underway, and the association has enlisted the help of external incident response consultants. “An endpoint detection and response system is being deployed throughout our network, which includes real-time continuous monitoring, analysis and response capabilities,” the message reads. The Daily Swig adds that it is unclear what data the attacker might have accessed.