løysepengevirus

https://www.wired.com/story/universal-health-services-ransomware-attack/

a hospital and health care network with more than 400 facilities across the United States, Puerto Rico, and United Kingdom

UHS says it has 90,000 employees and treats about 3.5 million patients each year, making it one of the US’ largest hospital and health care networks.

“We are using paper for everything. All computers are completely shut down,”

https://www.theverge.com/2020/8/4/21353842/garmin-ransomware-attack-wearables-wastedlocker-evil-corp

https://www.zdnet.com/article/ransomware-gang-publishes-tens-of-gbs-of-internal-data-from-lg-and-xerox/

after failed extortion attempt.

If a victim refuses to pay the fee to decrypt their files and decides to restore from backups, the Maze gang creates an entry on a “leak website” and threatens to publish the victim’s sensitive data in a second form ransom/extortion attempt.

The victim is then given a few weeks to think over its decision, and if victims don’t give in during this second extortion attempt, the Maze gang will publish files on its portal

https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/

multiple flyGarmin services used by aircraft pilots are down, including the flyGarmin website and mobile app, Connext Services (weather, CMC, and position reports) and Garmin Pilot Apps (Flight plan filing unless connected to FltPlan, account syncing, and database concierge).

inReach satellite tech (Service Activation and Billing) and Garmin Explore (Explore site and Explore app sign) used for location sharing, GPS navigation, logistics, and tracking through the Iridium satellite network are also down.

Garmin did a hard shutdown of all devices hosted in a data center as well to prevent them from possibly being encrypted.

This company-wide shutdown is what caused the global outage for Garmin Connect and other connected services.

https://techcrunch.com/2020/06/09/honda-ransomware-snake/

https://www.bbc.com/news/technology-51564905

A malicious link sent to staff at the facility eventually caused the shutdown “of the entire pipeline asset”.

It was so severe in part because the organisation was not prepared for such an attack, the DHS statement said.

Often, the “operational network” which runs computers in the factory is separated from the office IT – but not in this case, meaning the ransomware infection was allowed to spread.

https://arstechnica.com/information-technology/2020/02/why-you-cant-bank-on-backups-to-fight-ransomware-anymore/

https://www.zdnet.com/article/company-shuts-down-because-of-ransomware-leaves-300-without-jobs-just-before-holidays/

As a result of the botched ransomware recovery process, the company’s leadership decided to suspend all services, leaving more than 300 employees without jobs.

Over the past two years, there have been many cases where smaller companies decided to shut down for good, lacking the funds to pay a ransom demand to get their data back or lacking the funds needed to rebuild their IT infrastructure

https://www.zdnet.com/article/us-coast-guard-discloses-ryuk-ransomware-infection-at-maritime-facility/

The maritime facility — believed to be a port authority — was forced to shut down its entire operations for more than 30 hours, the Coast Guard said.

https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/

an attacker in close proximity (WiFi), or an attacker who already hijacked our PC (USB), can also propagate to and infect our beloved cameras with malware