NetWalker Ransomware Earns $25 Million in Just 5 Months

NetWalker Ransomware Earns $25 Million in Just 5 Months

Information Security
NetWalker Ransomware Earns $25 Million in Just 5 Months In the last 5 months, when most people were sheltering in place and working from home due to COVID-19 restrictions, the group behind the ransomware called “NetWalker” earned US $25 million by extorting organizations for large amounts of money. In the blog post "Take a 'NetWalk' on the Wild Side" published on August 3, 2020, researchers at McAfee reported that between March 1, 2020 and July 27, 2020, victims of NetWalker ransomware paid to the group behind the ransomware 2,795 bitcoin, valued at US $25 million. “Even though we do not have complete visibility into the BTC flow before NetWalker started ramping up, one thing is certain, this quarter alone it has been highly successful at extorting organisations for large amounts…
Read More
Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says

Information Security, IT Support
Canadian Organizations Attacked via Unpatched Devices & Inadequate Authentication, Canadian Centre for Cyber Security Says The Canadian Centre for Cyber Security recently revealed that in recent months several Canadian organizations' computer networks have fallen victim to cyberattackers via unpatched devices and inadequate authentication. "In recent months, the Cyber Centre [Canadian Centre for Cyber Security] has been made aware of several compromises of computer networks in Canada," the Canadian Centre for Cyber Security said. "In each case, a threat actor was able to compromise infrastructure exposed to the internet because it was not properly secured via 2FA and/or because software running on an exposed server was not patched to the latest version." Inadequate Authentication Inadequate authentication refers to the insecure process of accessing a device. According to the Canadian Centre for…
Read More
How to Protect Remote Workforce from Web Application-Based Attacks

How to Protect Remote Workforce from Web Application-Based Attacks

Information Security
How to Protect Remote Workforce from Web Application-Based Attacks The on-going pandemic has changed the way people work. Organizations around the globe have turned to cloud applications for better collaboration and productivity for their remote workforce. Microsoft has warned that today’s malicious actors are leveraging malicious web applications in gaining access to legitimate cloud services such as Office 365. In the blog post "Protecting your remote workforce from application-based attacks like consent phishing", Agnieszka Girling, Partner Group PM Manager at Microsoft said, "While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services." Consent phishing, Girling said, is an example of a web application-based attack that "can target the valuable data your…
Read More
Ransomware Attacks Are Now Being Reported as Data Breaches

Ransomware Attacks Are Now Being Reported as Data Breaches

Information Security
Ransomware Attacks Are Now Being Reported as Data Breaches Ransomware victims are now starting to report ransomware attacks as data breaches. Health care company Magellan Health is one of the companies that recently acknowledged that ransomware attack constitutes data breach. In May of this year, Magellan Health filed a breach notification with the office of the Attorney General of California stating that it fell victim to a ransomware attack and attackers exfiltrated a subset of data from a single Magellan corporate server. Magellan Health's notification to its customers and employees states that the notification was done "out of an abundance of caution." In April of this year, Cognizant, one of the Fortune 500 companies, admitted that its internal systems fell victim to Maze ransomware which caused service disruptions. Cognizant said,…
Read More
Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common

Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common

Information Security
Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common Cyberattacks involving the theft of personal information coupled with ransom demand are becoming prevalent. The cyberattack on LifeLabs exemplifies the trend of data theft coupled with ransom demand. In November 2019, LifeLabs informed the Office of the Information and Privacy Commissioner of Ontario and the Office of the Information and Privacy Commissioner for British Columbia that cybercriminals penetrated the company’s systems, extracted data and demanded a ransom. LifeLabs is Canada's largest provider of general and specialty laboratory testing services. The company reported that it supports 20 million patient visits each year and conducts more than 100 million laboratory tests each year. In December last year, Charles Brown, president and CEO of LifeLabs, said in a statement that information relating…
Read More
Darkside of a Ransomware Attack: Its Aftermath

Darkside of a Ransomware Attack: Its Aftermath

Information Security
Darkside of a Ransomware Attack: Its Aftermath It has been over five months since a ransomware attack hit eHealth Saskatchewan. Since then, officials at eHealth Saskatchewan said they still don't know what data was stolen, where it was taken, who stole it, and it will take months to restructure their IT infrastructure. The Ransomware Attack In January this year, eHealth Saskatchewan announced that it fell victim to a ransomware attack. eHealth Saskatchewan maintains the key electronic health information systems of the Canadian Province of Saskatchewan, including the Electronic Health Record (EHR). In a ransomware attack, computer files are encrypted denying legitimate users access to these files. In this type of attack, a ransom note is shown on the affected computers, demanding from victims to pay ransom in exchange for decryption…
Read More

Top Most Exploited Vulnerabilities in the COVID-19 Era

Information Security, IT Support
Top Most Exploited Vulnerabilities in the COVID-19 Era Year 2020 is a strange year. As a result of the COVID-19 pandemic, many organizations have hastily made a transition from office work to work from home model with little time to put in place the needed cybersecurity measures. Here are the top most exploited vulnerabilities (in no particular order) based on the alerts issued by the national cybersecurity centers and agencies in multiple countries, including Canada (Canadian Centre for Cyber Security), US (Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation) and UK (National Cyber Security Centre), as well as a report from a computer security company (McAfee Labs): RDP Vulnerabilities RDP, which stands for Remote Desktop Protocol, is a proprietary protocol developed by Microsoft for Windows operating systems,…
Read More
Microsoft Warns Almost All Ransomware Attackers Steal Data

Microsoft Warns Almost All Ransomware Attackers Steal Data

Information Security, IT Support
Microsoft Warns Almost All Ransomware Attackers Steal Data Almost all of ransomware attackers, even those that don’t threaten to leak data, steal data anyway, Microsoft Threat Protection Intelligence Team warned. In the blog post "Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk", Microsoft Threat Protection Intelligence Team said that “while only a few of these groups gained notoriety for selling data, almost all of them were observed viewing and exfiltrating data during these attacks, even if they have not advertised or sold yet.” Ransomware and Data Exfiltration Ransomware is a type of malicious software (malware) that encrypts computer or the files within, locking out legitimate users and demanding from victims ransom payment in exchange for the decryption keys. Many ransomware victims who were forced to…
Read More
Work-from-Home Intensifies Network Compromises, Study Shows

Work-from-Home Intensifies Network Compromises, Study Shows

Information Security
Work-from-Home Intensifies Network Compromises, Study Shows A recent study conducted by Finnish company Arctic Security found that the massive work-from-home movement as a result of the COVID-19 crisis has resulted in the intensification of network compromises. According to Arctic Security, between January and March of this year, it observed an uptick in the number of organizations experiencing network compromises. Arctic Security said that for a small country, Finland's normal number of organizations that experience network compromise is approximately 200. Starting in the third week of March of this year, the company said, the number of organizations that experienced network compromise jumped to 800. This uptick of the number of organizations that experienced network compromise, Arctic Security said, was also observed in eight other countries in Europe, including Sweden, Norway, Denmark,…
Read More
Manitoba Law Firms Hit by Maze Ransomware

Manitoba Law Firms Hit by Maze Ransomware

Information Security
Manitoba Law Firms Hit by Maze Ransomware The Law Society of Manitoba recently revealed that two Manitoba-based law firms have been hit by Maze ransomware. Over the past two weeks, the Law Society of Manitoba said, in a statement, that the two Manitoba-based law firms had told the Society that as a result of the attack, they haven’t been able to access their emails, computer files, accounting software and backups, including cloud backups. The Law Society of Manitoba added that the group behind the Maze ransomware asked the victims to pay an “enormous ransom” in order for the victims to regain access to any of their work. “At this point, we do not know when or if they will ever regain complete access to their kidnapped data,” the Society said.…
Read More