UK heath care service provider Medequip hit by Akira ransomware
Medequip is the leading provider of community equipment services to local authorities and the NHS across the U.K., delivering a wide range of equipment and support to people. Akira ransomware managed to compromise it with spear-phishing and usage of unpatched vulnerabilities, it confirmed on April 16. 50 GB of data, including personal information such as National Insurance numbers (NINOs), birth certificates, driver licenses, confidential reports and agreements, and other internal business information were stolen.
Acronis threat intelligence saw 19.5% of users experiencing at least one malware detection in April and 10.8% trying to visit a malicious URL at least once in the U.K. during the month.
German manufacturer Wasserkraft Volk A.G. compromised in 8Base ransomware attack
Wasserkraft Volk AG (WKV) is a German manufacturer of hydroelectric power plants. WKV offers comprehensive electromechanical equipment for design, engineering, manufacturing, supply, installation, commissioning and lifetime maintenance from a single source. They were compromised by 8Base ransomware through an unpatched vulnerability, which was confirmed on April 23. As a result, invoices, receipts, accounting documents, personal data, certificates, employment contracts, confidentiality agreements and personal files were stolen.
In April, Germany had a high level of cyberthreats with 27.5% of users experiencing at least one malware detection during the month and 16.3% trying to visit a malicious URL at least once.
French car repair specialist Speedy became yet another victim of 8Base ransomware
Speedy, established in 1978, is a car repair specialist, with a network of nearly 500 centers and a team of over 1,400 employees. On April 22, it was confirmed they became another victim of 8Base ramsomware. As usual, the crooks were after invoices, receipts, accounting documents, personal data, certificates, employment contracts, confidentiality agreements and personal files. Losses have been estimated in the millions of dollars.
France was also heavily targeted in April, with 26.7% of users experiencing at least one malware detection during the month and 21.5% trying to visit a malicious URL at least once.
SIS Automatisering and COIN of the Netherlands suffer a Play ransomware attack
SIS Automatisering, an information and communication technology company (ICT), works with another ICT company named COIN. Their focus is on small and medium enterprises (SMEs) with 1 to 100 employees that have little or no ICT knowledge in house. Unfortunately, these MSPs became a victim of Play ransomware that, using compromised passwords and phishing emails, was able to exfiltrate miscellaneous documents such as invoices, agreements, personal documents and financial data. The hack became public on April 19.
The Netherlands also continues to suffer from the attention of cybercriminals. In April, 26.1% of users experienced at least one malware detection and 16.7% tried to visit a malicious URL at least once.
Italy’s Benetton Group hit by Hunters International ransomware
Benetton Group, a renowned global fashion company headquartered in Italy with a revenue of over €1 billion last year, was attacked by Hunters International ransomware. This information became public on April 6. These cybercriminals were threatening to disclose 433 GB of clients' data if ransom demands were not met within a specified timeframe.
At Acronis, we saw that in April, 30.1% of users in Italy experienced at least one malware detection and 14% tried to visit a malicious URL at least once.