Svoboda Cybersecurity Brief April 27, 2025
Apr 27, 2025bulletproof VPN - stay anonymous
Oregon DEQ Suffers Ransomware Attack, Employee Data Allegedly Stolen
The Oregon Department of Environmental Quality (DEQ) confirmed a cyberattack but declined to verify claims by the Rhysida ransomware group, which claims to have exfiltrated 2.5 TB of data, including SQL databases and employee records. Rhysida has allegedly leaked portions of the data after claiming the DEQ ignored their ransom demands.
Source: DataBreaches.net
ToyMaker IAB Deploys LAGTOY Malware to Facilitate CACTUS Ransomware Attacks
Initial access broker ToyMaker scans for vulnerable systems, deploys custom malware LAGTOY (HOLERUN), and sells access to ransomware groups like CACTUS. The malware enables reverse shells, credential theft, and command execution, with CACTUS observed exfiltrating data and encrypting systems shortly after access is granted.
Impact: Facilitates double extortion ransomware attacks.
Mitigation: Patch internet-facing applications, monitor for unusual SSH/SSHD activity, and enforce MFA.
Source: The Hacker News
North Dakota Enacts Stricter Data Security Laws for Financial Entities
North Dakota’s HB 1127 mandates financial institutions to implement encryption, MFA, annual penetration testing, and appoint a security officer. Non-compliance risks penalties, with breaches affecting 500+ consumers requiring 45-day reporting to regulators.
Source: DataBreaches.net
UK Court Orders £6M Payout for Insurer’s Failure to Report Data Breach
Watford Community Housing won a negligence case against broker Arthur J Gallagher for failing to notify insurers of a 2020 breach exposing tenant/employee data (e.g., sexual orientation, ethnicity). The delay voided £5M in coverage, highlighting liability for improper breach disclosure.
Source: DataBreaches.net
Oregon Dismisses MOVEit Breach Lawsuit Due to Lack of Demonstrated Harm
A lawsuit over the 2023 MOVEit breach (affecting 3.5M Oregonians) was dismissed as plaintiffs couldn’t prove financial losses. The breach exposed driver’s license data, but the judge noted no fraudulent activity beyond one blocked credit application.
Source: DataBreaches.net
Share this brief: https://svo.bz/HTgj