Found 7 bookmarks
Newest
Ingram Micro outage caused by SafePay ransomware attack
Ingram Micro outage caused by SafePay ransomware attack
An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. Update 7/6/25: Added Ingram Micro's confirmation it suffered a ransomware attack below. Also updated ransom note with clearer version. An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. Ingram Micro is one of the world's largest business-to-business technology distributors and service providers, offering a range of solutions including hardware, software, cloud services, logistics, and training to resellers and managed service providers worldwide. Since Thursday, Ingram Micro's website and online ordering systems have been down, with the company not disclosing the cause of the issues. BleepingComputer has now learned that the outages are caused by a cyberattack that occurred early Thursday morning, with employees suddenly finding ransom notes created on their devices. The ransom note, seen by BleepingComputer, is associated with the SafePay ransomware operation, which has become one of the more active operations in 2025. It is unclear if devices were actually encrypted in the attack. It should be noted that while the ransom note claims to have stolen a wide variety of information, this is generic language used in all SafePay ransom notes and may not be true for the Ingram Micro attack.
#bleepingcomputer#EN#2025#Cyberattack#Note#Computer#Security#Ransom#MicroIngram#Ransomware#VPN#SafePay
·bleepingcomputer.com·
Ingram Micro outage caused by SafePay ransomware attack
Johnson Controls starts notifying people affected by 2023 breach
Johnson Controls starts notifying people affected by 2023 breach
Building automation giant Johnson Controls is notifying individuals whose data was stolen in a massive ransomware attack that impacted the company's operations worldwide in September 2023. Johnson Controls is a multinational conglomerate that develops and manufactures industrial control systems, security equipment, HVAC systems, and fire safety equipment for buildings. The company employs over 100,000 people through its corporate operations and subsidiaries across 150 countries, reporting sales of $27.4 billion in 2024. As BleepingComputer first reported, Johnson Controls was hit by a ransomware attack in September 2023, following a breach of the company's Asian offices in February 2023 and subsequent lateral movement through its network. "Based on our investigation, we determined that an unauthorized actor accessed certain Johnson Controls systems from February 1, 2023 to September 30, 2023 and took information from those systems," the company says in data breach notification letters filed with California's Attorney General, redacted to conceal what information was stolen in the attack. "After becoming aware of the incident, we terminated the unauthorized actor's access to the affected systems. In addition, we engaged third-party cybersecurity specialists to further investigate and resolve the incident. We also notified law enforcement and publicly disclosed the incident in filings on September 27, 2023; November 13, 2023; and December 14, 2023."
#bleepingcomputer#EN#2025#Breach#Cyberattack#Dark-Angels#Data-Breach#Johnson-Controls#Ransomware
·bleepingcomputer.com·
Johnson Controls starts notifying people affected by 2023 breach
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack
The DragonForce ransomware operation successfully breached a managed service provider and used its SimpleHelp remote monitoring and management (RMM) platform to steal data and deploy encryptors on downstream customers' systems. Sophos was brought in to investigate the attack and believe the threat actors exploited a chain of older SimpleHelp vulnerabilities tracked as CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726 to breach the system. SimpleHelp is a commercial remote support and access tool commonly used by MSPs to manage systems and deploy software across customer networks. The report by Sophos says that the threat actors first used SimpleHelp to perform reconnaissance on customer systems, such as collecting information about the MSP's customers, including device names and configuration, users, and network connections. The threat actors then attempted to steal data and deploy decryptors on customer networks, which were blocked on one of the networks using Sophos endpoint protection. However, the other customers were not so lucky, with devices encrypted and data stolen for double-extortion attacks. Sophos has shared IOCs related to this attack to help organizations better defend their networks. MSPs have long been a valuable target for ransomware gangs, as a single breach can lead to attacks on multiple companies. Some ransomware affiliates have specialized in tools commonly used by MSPs, such as SimpleHelp, ConnectWise ScreenConnect, and Kaseya. This has led to devastating attacks, including REvil's massive ransomware attack on Kaseya, which impacted over 1,000 companies.
#bleepingcomputer#EN#2025#CVE-2024-57727#Data-Theft#DragonForce#Managed-Service-Provider#MSP#Ransomware#RMM#SimpleHelp-RMM
·bleepingcomputer.com·
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack
Hitachi Vantara takes servers offline after Akira ransomware attack
Hitachi Vantara takes servers offline after Akira ransomware attack
Hitachi Vantara, a subsidiary of Japanese multinational conglomerate Hitachi, was forced to take servers offline over the weekend to contain an Akira ransomware attack. The company provides data storage, infrastructure systems, cloud management, and ransomware recovery services to government entities and some of the world's biggest brands, including BMW, Telefónica, T-Mobile, and China Telecom. In a statement shared with BleepingComputer, Hitachi Vantara confirmed the ransomware attack, saying it hired external cybersecurity experts to investigate the incident's impact and is now working on getting all affected systems online. "On April 26, 2025, Hitachi Vantara experienced a ransomware incident that has resulted in a disruption to some of our systems," Hitachi Vantara told BleepingComputer. "Upon detecting suspicious activity, we immediately launched our incident response protocols and engaged third-party subject matter experts to support our investigation and remediation process. Additionally, we proactively took our servers offline in order to contain the incident. "We are working as quickly as possible with our third-party subject matter experts to remediate this incident, continue to support our customers, and bring our systems back online in a secure manner. We thank our customers and partners for their patience and flexibility during this time."
#bleepingcomputer#EN#2025#Akira#Cyberattack#Hitachi#Hitachi-Vantara#Ransomware
·bleepingcomputer.com·
Hitachi Vantara takes servers offline after Akira ransomware attack
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations. #CISA #Computer #Cring #Critical #FBI #Ghost #InfoSec #Infrastructure #Ransomware #Security
#bleepingcomputer#EN#2025#Ghost#Ransomware#Critical-Infrastructure#Cring#CISA#FBI
·bleepingcomputer.com·
CISA and FBI: Ghost ransomware breached orgs in 70 countries