The BlackCat ransomware group has targeted the website of Newton Media A.S., asserting responsibility for the Newton Media cyber attack.
Operating for nearly three decades, the renowned international media intelligence service is headquartered in Prague, Czech Republic, and harnesses artificial intelligence for comprehensive media monitoring, analysis, education, and training services.
The Newton Media cyber attack was brought to light by the ThreatMon Threat Intelligence Team.
Newton Media Cyber Attack
Not much has been found about the Newton Media cyber attack in terms of the attack type or ransom demanded by ALPHV. The website displayed a message that its application was back online.
It read, “The NewtonOne app is back online,” suggesting that the company suffered an IT incident that may be rooted in the alleged Newton Media cyber attack by the BlackCat ransomware group.
The Cyber Express emailed the officials of the company asking for a comment about the Newton Media ransomware attack and the claims of the group. We will add their response once they reply to our request.
Details About ALPHV Ransomware Group
The website of the ALPHV ransomware group has been in the news for its constant innovation and development.
Recently, the ALPHV developers added an instructions manual on their leak site on the dark web about using the Application Programming Interface (API).
API allows for seamless interaction across software components based on requests and response protocols.
In another update, the ALPHV developers added sections on its website to give information about its victims in an archive form. This would help individuals looking for specific information to find it in an orderly manner.
Boasting about this archive the hackers wrote, “….fetch updates since the beginning and synchronize each article with your database. After that, any subsequent updates call should supply the most recent ‘updatedDt’ from previously synchronized articles + 1 millisecond.”
Recently, the BlackCat/ ALPHV ransomware group named IBL Healthcare, Tempur Sealy, and Estée Lauder to its victim list. They also claimed cyber attacks on the websites of North East BIC, and SEIKO in the recent past.
The group has been using the Alphv ransomware, hence the name of the group being named after its tool. The Alphv ransomware has been used since 2021. They have targeted healthcare, critical infrastructure, and education sector among others.
The hackers from this group have been found to hack devices using leaked credentials from previous cyber attacks. Hence, it is always recommended to change the credentials periodically, especially if there has been a cyber attack noted in the company one works or a school one studies.
To prevent threats from the ALPHV ransomware group, the following steps have been recommended by Bitdefender, a global cybersecurity and threat intelligence platform.
- Enable multi-layered ransomware protection to protect all kinds of media including photos, documents, videos, audio, etc.
- Employ tools that perform all-around detection of malware.
- Opt for phishing email protection that detects spammy and suspicious emails and marks them separately from others.
- Use a behavior detection module that evaluates the status of active apps and blocks threats.
- Go for network threat prevention technology to detect and prevent malicious activities found in the network. This also prevents brute force attacks that involve trying to hack an account using random passwords.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.