Updated my post on the Anubis attack on Mid South Pulmonary Specialists after getting additional info from Anubis.

It seems they used their wiper to delete all of MSPS's backups, and then encrypted all of their systems.

That sounds pretty grim. MSPS has not posted anything (perhaps they can't) or issued any notice anywhere about whether patient care has been affected at all by any breach.

https://databreaches.net/2025/12/07/theyve-escaped-a-lot-of-media-attention-but-anubis-raas-is-a-threat-to-the-medical-sector/

#HIPAA #healthsec #cybersecurity #databreach #ransomware #Anubis #wiper #backups #incidentresponse

@campuscodi @amvinfe

I commented on an attack on Trumbull County, Ohio, by Anubis that @amvinfe reported this week. I will continue to try to follow up, but in the meantime, I posted this:

"Tell the truth, or someone will tell it for you — Trumbull County, Ohio edition."
https://databreaches.net/2025/12/09/tell-the-truth-or-someone-will-tell-it-for-you-trumbull-county-ohio-edition/

#databreach #ransomware #wiper #govsec #incidentresponse #transparency #Anubis #Trumbull_County

Anubis hasn't really had a lot of media coverage, but @amvinfe's post about the attack on Mid South Pulmonary & Sleep Specialists was a wake-up call for me. So I took a look at Anubis's dark web leak site and saw they added -- and leaked -- five U.S. healthcare entities in November.

Given that they are not loath to encrypt and wipe victims' data... well... yikes.

My post:
https://databreaches.net/2025/12/07/theyve-escaped-a-lot-of-media-attention-but-anubis-raas-is-a-threat-to-the-medical-sector/

#databreach #ransomware #Anubis #HealthSec #cybersecurity #HIPAA #wiper

Predatory Sparrow’s toolkit and chain-of-execution highlight destructive-sabotage best practices for defenders:
- Multi-stage batch scripts with hostname checks (avoid accidental collateral).
- Scheduled-task detonation (msrun.bat → 23:55) and NIC disable via PowerShell.
- Log wiping (wevtutil) and BCD/shadow-copy removal to prevent recovery.
- XOR-encrypted configs (msconf.conf), encrypted payloads, and precise target enumeration.

Detection & response suggestions: immutable offline backups, firmware-level integrity checks, EDR + OT anomaly telemetry correlation, and scheduled-task auditing. Discuss what telemetry you’d add to catch the staging phase - then follow @technadu for more IOCs and deep dives.

#ThreatIntel #Wiper #IR #EDR #OTSecurity #ICS #TTPs #InfoSec

HybridPetya – Ransomware omijający zabezpieczenie UEFI Secure Boot

Badacze bezpieczeństwa z firmy ESET odkryli nowy wariant ransomware przypominający doskonale wszystkim znany Petya/NotPetya, rozszerzony o możliwość przejmowania systemów operacyjnych uruchamianych ze wsparciem UEFI. Malware wykorzystuje podatność CVE-2024-7344do ominięcia mechanizmu UEFI Secure Boot. W najnowszych systemach podatność ta została załatana, jednak schemat działania oprogramowania, tzn. wykorzystanie eksploitów na poziomie firmware...

#WBiegu #Notpetya #Petya #Ransomware #Secureboot #Wiper

https://sekurak.pl/hybridpetya-ransomware-omijajacy-zabezpieczenie-uefi-secure-boot/

👾 Chaos is a #RaaS that also acts as a #wiper, RAT, or even #DDoS botnet.

🎯 It targets both large companies across different industries and SMEs with weak #cybersecurity posture.

👉 Learn more & collect #IOCs: https://any.run/malware-trends/chaos/?utm_source=mastodon&utm_medium=post&utm_campaign=chaos&utm_content=linktomtt&utm_term=050525