Although it's not a good idea for hackers to work together in groups, this appears to be what's happening.
Recent evidence suggests that the QBot malware operation the is now in close cooperation with Black Basta ransomware. They have the common goal of inflicting maximum destruction on corporate targets.
Black Basta uses QBot to infect their first victims. However, there are many other groups that use QBot. Once they infect a computer, the group uses it to spread it laterally via a network.
This partnership is expected to prove to be extremely successful. Black Basta's ransomware, paired with QBot’s penchant to steal banking credentials and inject additional malicious payloads, could easily produce a two-two punch that is very difficult for companies to recover from.
Read our rent post on proactive cybersecurity to protect your company's data and secure your network.
QBot, also known as QakBot, can move fast once it is inside a compromised network.
Black Basta has leveraged QBot to spread ransomware. There is still time for QBot to move laterally, but there is an opportunity. IT Security professionals should be diligent enough to stop QBot spreading before the ransomware payload is distributed.
This is all well and good, but many companies don't act quickly enough to stop ransomware attacks. They will be left crippled and their banking credentials compromised. To prevent this from happening, call Integrated Technology Systems.
It remains to be seen how effective this partnership will be, but QBot and Black Basta are both well-known hacking groups. Black Basta has breached dozens of networks in their short time of existence, while QBot has established a reputation over a longer period.
2 Million Medical Service Providers Are at Risk of Data Breach
You may have received care from the Shields Health Care Group, or a provider affiliated with them depending on your location.
Be aware that a Massachusetts-based medical provider specializing on PET/CT scans and MRIs, radiation therapy, and ambulatory surgery services has been compromised.
Unknown hackers gained access and stole data from more than 2,000,000 users.
According to the breach notice that Shield published on their website on March 28th (2022), Shield was first made aware of the attack. They immediately engaged the services of third party cybersecurity specialists to help them determine the extent and severity of the incident.
This investigation is still ongoing. Here's what we know so far:
Unknown group attacked the network and gained entry from March 7 through March 21 2022.
They were able to access the database records of over two million users and steal the following information:
- User full name
- Social security number
- Date of birth
- User home address
- Information for providers
- Patient diagnosis
- Billing information
- Information about insurance numbers and other related topics
- Medical Record Number
- Patient ID
- Other information about various treatments
This is serious. The hackers were able to access enough data to steal identities. It remains to be determined if they will do it themselves or sell the data on the Dark Web. You are at great risk if your data was compromised by this breach.
You can find out more at the Shields website. You'll find a complete list of all the affected medical facilities on that website. Be on the lookout for any treatment you have received from any of the listed facilities and monitor your bank and credit statements.
This is a potentially dangerous situation. You should be alert for both ransomware and the hackers. Hackers pose real threats, whether they are operating in isolation or working together. Be proactive and call us today.
Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017
212-750-5420
https://www.itsnyc.com/