Svoboda Cybersecurity Brief April 27, 2025

Apr 27, 2025

bulletproof VPN - stay anonymous

Oregon DEQ Suffers Ransomware Attack, Employee Data Allegedly Stolen

The Oregon Department of Environmental Quality (DEQ) confirmed a cyberattack but declined to verify claims by the Rhysida ransomware group, which claims to have exfiltrated 2.5 TB of data, including SQL databases and employee records. Rhysida has allegedly leaked portions of the data after claiming the DEQ ignored their ransom demands.
Source: DataBreaches.net

ToyMaker IAB Deploys LAGTOY Malware to Facilitate CACTUS Ransomware Attacks

Initial access broker ToyMaker scans for vulnerable systems, deploys custom malware LAGTOY (HOLERUN), and sells access to ransomware groups like CACTUS. The malware enables reverse shells, credential theft, and command execution, with CACTUS observed exfiltrating data and encrypting systems shortly after access is granted.
Impact: Facilitates double extortion ransomware attacks.
Mitigation: Patch internet-facing applications, monitor for unusual SSH/SSHD activity, and enforce MFA.
Source: The Hacker News

North Dakota Enacts Stricter Data Security Laws for Financial Entities

North Dakota’s HB 1127 mandates financial institutions to implement encryption, MFA, annual penetration testing, and appoint a security officer. Non-compliance risks penalties, with breaches affecting 500+ consumers requiring 45-day reporting to regulators.
Source: DataBreaches.net

UK Court Orders £6M Payout for Insurer’s Failure to Report Data Breach

Watford Community Housing won a negligence case against broker Arthur J Gallagher for failing to notify insurers of a 2020 breach exposing tenant/employee data (e.g., sexual orientation, ethnicity). The delay voided £5M in coverage, highlighting liability for improper breach disclosure.
Source: DataBreaches.net

Oregon Dismisses MOVEit Breach Lawsuit Due to Lack of Demonstrated Harm

A lawsuit over the 2023 MOVEit breach (affecting 3.5M Oregonians) was dismissed as plaintiffs couldn’t prove financial losses. The breach exposed driver’s license data, but the judge noted no fraudulent activity beyond one blocked credit application.
Source: DataBreaches.net

Share this brief: https://svo.bz/HTgj

If you want to support us, you can donate here: Donate