MSP cybersecurity news digest, March 26, 2024

Austrian municipality Korneuburg was compromised by LockBit ransomware

It was confirmed on February 5 that the municipality of Korneuburg in Austria which serves a population of under 13,000 people was attacked by LockBit ransomware. The attack has affected all of the data held by the administration, including the backup system. Officials have confirmed receiving an extortion demand. According to a spokesperson, “Everything is dead, we can’t even print out registration forms or death certificates or transfer bills.”

Overall, Austria, according to Acronis threat intelligence, was on a higher risk side in March as we saw 20.9% of users experiencing at least one malware detection during the month and 9.3% trying to visit a malicious URL at least once.

Greek software services company ATC attacked by Akira ransomware group

ATC, an international software company with annual revenue of about $15 million, was attacked by Akira ransomware group last November. For more than 25 years the company has provided innovative solutions for the central government, media, banking, distribution, manufacturing and services.

Corporate data was stolen and the impact can be estimated in the millions of dollars. That is not a surprise, as we at Acronis saw that during March in Greece, 31.2% of users experienced at least one malware detection and 17.1% tried to visit a malicious URL at least once. These numbers are high compared to other countries.

Portugal-based shipping company Portline became a victim of LockBit ransomware

Portline is a shipping company with general cargo services operate primarily in Europe, reaching to Cape Verde, the Canary Islands, West Africa and Brazil. With revenue of $18.8 million, it was an attractive target for bad guys and as a result, was compromised by LockBit on February 5. Most likely, the threat vector was spear phishing and malicious scripts. Criminals managed to exfiltrate invoices, receipts, accounting documents, personal data, certificates, employment contracts and in general, a huge amount of confidential information.

As with Greece, Portugal is not a safe country in terms of cyberthreats: in March, 33.8% of users experienced at least one malware detection and 20% tried to visit a malicious URL at least once.

Czech Republic entertainment center Chocotopia ransomed by DoNex ransomware

Chocotopia is a center of entertainment in the heart of Prague, with its Museum of Chocolate and chocolate workshops, wax museum of legends by Grévin, candy shop, etc. it was attacked by the DoNex ransomware group, who revealed this on their Tor leak site on February, 27. The exfiltrated data (33 GB in total) includes private, personal and confidential data, client documents, budgets, payroll, IDs, taxes, financial information, etc.

According to Acronis threat intelligence, the Czech Republic is also heavily attacked by bad guys. During March, 27.9% of users experienced at least one malware detection and 23.3% tried to visit a malicious URL at least once.

NHS Scotland suffers a ransomware attack

NHS Scotland is a publicly funded healthcare system, that employs approximately 140,000 staff. In 2023, the revenue for NHS Scotland was ₤14.6 billion for their core NHS services and an additional ₤7.2 billion for Integration Authorities. Bad guys exfiltrated 3 TB of data, and as always, were threatening to make it public if the ransom weren’t paid.

The United Kingdom and Ireland also have also suffered from the attention of cybercriminals: during March, 20% of users experienced at least one malware detection and 12.2% tried to visit a malicious URL at least once.