Tag: ransomware

NetWalker Ransomware Earns $25 Million in Just 5 Months

NetWalker Ransomware Earns $25 Million in Just 5 Months

Information Security
NetWalker Ransomware Earns $25 Million in Just 5 Months In the last 5 months, when most people were sheltering in place and working from home due to COVID-19 restrictions, the group behind the ransomware called “NetWalker” earned US $25 million by extorting organizations for large amounts of money. In the blog post "Take a 'NetWalk' on the Wild Side" published on August 3, 2020, researchers at McAfee reported that between March 1, 2020 and July 27, 2020, victims of NetWalker ransomware paid to the group behind the ransomware 2,795 bitcoin, valued at US $25 million. “Even though we do not have complete visibility into the BTC flow before NetWalker started ramping up, one thing is certain, this quarter alone it has been highly successful at extorting organisations for large amounts…
Read More
Ransomware Attacks Are Now Being Reported as Data Breaches

Ransomware Attacks Are Now Being Reported as Data Breaches

Information Security
Ransomware Attacks Are Now Being Reported as Data Breaches Ransomware victims are now starting to report ransomware attacks as data breaches. Health care company Magellan Health is one of the companies that recently acknowledged that ransomware attack constitutes data breach. In May of this year, Magellan Health filed a breach notification with the office of the Attorney General of California stating that it fell victim to a ransomware attack and attackers exfiltrated a subset of data from a single Magellan corporate server. Magellan Health's notification to its customers and employees states that the notification was done "out of an abundance of caution." In April of this year, Cognizant, one of the Fortune 500 companies, admitted that its internal systems fell victim to Maze ransomware which caused service disruptions. Cognizant said,…
Read More
Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common

Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common

Information Security
Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common Cyberattacks involving the theft of personal information coupled with ransom demand are becoming prevalent. The cyberattack on LifeLabs exemplifies the trend of data theft coupled with ransom demand. In November 2019, LifeLabs informed the Office of the Information and Privacy Commissioner of Ontario and the Office of the Information and Privacy Commissioner for British Columbia that cybercriminals penetrated the company’s systems, extracted data and demanded a ransom. LifeLabs is Canada's largest provider of general and specialty laboratory testing services. The company reported that it supports 20 million patient visits each year and conducts more than 100 million laboratory tests each year. In December last year, Charles Brown, president and CEO of LifeLabs, said in a statement that information relating…
Read More
Darkside of a Ransomware Attack: Its Aftermath

Darkside of a Ransomware Attack: Its Aftermath

Information Security
Darkside of a Ransomware Attack: Its Aftermath It has been over five months since a ransomware attack hit eHealth Saskatchewan. Since then, officials at eHealth Saskatchewan said they still don't know what data was stolen, where it was taken, who stole it, and it will take months to restructure their IT infrastructure. The Ransomware Attack In January this year, eHealth Saskatchewan announced that it fell victim to a ransomware attack. eHealth Saskatchewan maintains the key electronic health information systems of the Canadian Province of Saskatchewan, including the Electronic Health Record (EHR). In a ransomware attack, computer files are encrypted denying legitimate users access to these files. In this type of attack, a ransom note is shown on the affected computers, demanding from victims to pay ransom in exchange for decryption…
Read More
Microsoft Warns Almost All Ransomware Attackers Steal Data

Microsoft Warns Almost All Ransomware Attackers Steal Data

Information Security, IT Support
Microsoft Warns Almost All Ransomware Attackers Steal Data Almost all of ransomware attackers, even those that don’t threaten to leak data, steal data anyway, Microsoft Threat Protection Intelligence Team warned. In the blog post "Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk", Microsoft Threat Protection Intelligence Team said that “while only a few of these groups gained notoriety for selling data, almost all of them were observed viewing and exfiltrating data during these attacks, even if they have not advertised or sold yet.” Ransomware and Data Exfiltration Ransomware is a type of malicious software (malware) that encrypts computer or the files within, locking out legitimate users and demanding from victims ransom payment in exchange for the decryption keys. Many ransomware victims who were forced to…
Read More
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Information Security, IT Support
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack Maastricht University, a government-funded institution in the Netherlands, recently admitted that it paid ransomware attacker a ransom of 30 Bitcoin, valued nearly 220,000 USD at the time of payment. The University, in a statement, said it fell victim to a ransomware attack on December 23, 2019. While the University’s IT infrastructure consists of 1,647 Linux and Windows servers and 7,307 workstations, the University said, the attacker only hit 267 Windows servers. The University added that backups of these servers were also affected. In ransomware attacks, attackers prevent legitimate users from accessing their computers or files through the process known as encryption. Attackers then demand from their victims ransom in exchange for the decryption keys that would unlock the encrypted files.…
Read More
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Information Security, IT Support
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching The recent ransomware attack on Travelex, considered as the world's biggest foreign currency exchange company, highlights the importance of applying security patches in a timely manner. Travelex disclosed that on New Year’s Eve it’s corporate network was hit by the ransomware called “Sodinokibi”, also known as REvil ransomware. In a ransomware attack, legitimate users are prevented in accessing their computers or their data. The company said it immediately took all its systems offline to prevent the spread of REvil ransomware across the company’s network, forcing the company’s staff to resort to using pen and paper. The company’s ransomware attack disclosure came seven days after the attack. The group behind the REvil ransomware told the BBC that it gained access to Travelex’…
Read More
2019 Year-End Cyber Security Review; 2020 Prediction

2019 Year-End Cyber Security Review; 2020 Prediction

Information Security
2019 Year-End Cyber Security Review; 2020 Prediction Only a few days left until 2020 arrives, LifeLabs disclosed that it paid ransom to cyber attackers to “retrieve” the personal information of its15 million customers – affecting nearly half of the population in Canada. This data breach, the largest to date in this country, gives a glimpse of what the cyber security situation in 2019 looked like and what lies ahead in 2020. LifeLabs Data Breach President and CEO of LifeLabs Charles Brown, in a statement, said that personal information of approximately 15 million customers wasillegally accessed on the company’s computer systems, with the vast majority of the affected customers from British Columbia and Ontario. Brown said that stolen personal information includes name, address, email, login, passwords, date of birth and health…
Read More
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

Information Security, News
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom Ransomware attackers typically encrypt victims’ data and demand from victims ransom in exchange for the decryption keys. To pressure victims into paying ransom, attackers have added a new tactic: publication of stolen data in the event victims fail to pay ransom. While ransomware attackers in the past threatened victims to leak stolen data online for failing to pay ransom, many don’t follow through. Ransomware victims, as shown in their official statements, often view ransomware attacks not as data breaches – a type of cyber-attack that steals data. Ransomware victims, rather, believe that ransomware attackers can’t access the content itself. This perception that ransomware attackers can’t access the content itself is thrown out of the window as recent ransomware trend…
Read More

Tag: ransomware

NetWalker Ransomware Earns $25 Million in Just 5 Months

NetWalker Ransomware Earns $25 Million in Just 5 Months

Information Security
NetWalker Ransomware Earns $25 Million in Just 5 Months In the last 5 months, when most people were sheltering in place and working from home due to COVID-19 restrictions, the group behind the ransomware called “NetWalker” earned US $25 million by extorting organizations for large amounts of money. In the blog post "Take a 'NetWalk' on the Wild Side" published on August 3, 2020, researchers at McAfee reported that between March 1, 2020 and July 27, 2020, victims of NetWalker ransomware paid to the group behind the ransomware 2,795 bitcoin, valued at US $25 million. “Even though we do not have complete visibility into the BTC flow before NetWalker started ramping up, one thing is certain, this quarter alone it has been highly successful at extorting organisations for large amounts…
Read More
Ransomware Attacks Are Now Being Reported as Data Breaches

Ransomware Attacks Are Now Being Reported as Data Breaches

Information Security
Ransomware Attacks Are Now Being Reported as Data Breaches Ransomware victims are now starting to report ransomware attacks as data breaches. Health care company Magellan Health is one of the companies that recently acknowledged that ransomware attack constitutes data breach. In May of this year, Magellan Health filed a breach notification with the office of the Attorney General of California stating that it fell victim to a ransomware attack and attackers exfiltrated a subset of data from a single Magellan corporate server. Magellan Health's notification to its customers and employees states that the notification was done "out of an abundance of caution." In April of this year, Cognizant, one of the Fortune 500 companies, admitted that its internal systems fell victim to Maze ransomware which caused service disruptions. Cognizant said,…
Read More
Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common

Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common

Information Security
Cyberattacks Involving Data Theft Coupled with Ransom Demand Are Becoming Common Cyberattacks involving the theft of personal information coupled with ransom demand are becoming prevalent. The cyberattack on LifeLabs exemplifies the trend of data theft coupled with ransom demand. In November 2019, LifeLabs informed the Office of the Information and Privacy Commissioner of Ontario and the Office of the Information and Privacy Commissioner for British Columbia that cybercriminals penetrated the company’s systems, extracted data and demanded a ransom. LifeLabs is Canada's largest provider of general and specialty laboratory testing services. The company reported that it supports 20 million patient visits each year and conducts more than 100 million laboratory tests each year. In December last year, Charles Brown, president and CEO of LifeLabs, said in a statement that information relating…
Read More
Darkside of a Ransomware Attack: Its Aftermath

Darkside of a Ransomware Attack: Its Aftermath

Information Security
Darkside of a Ransomware Attack: Its Aftermath It has been over five months since a ransomware attack hit eHealth Saskatchewan. Since then, officials at eHealth Saskatchewan said they still don't know what data was stolen, where it was taken, who stole it, and it will take months to restructure their IT infrastructure. The Ransomware Attack In January this year, eHealth Saskatchewan announced that it fell victim to a ransomware attack. eHealth Saskatchewan maintains the key electronic health information systems of the Canadian Province of Saskatchewan, including the Electronic Health Record (EHR). In a ransomware attack, computer files are encrypted denying legitimate users access to these files. In this type of attack, a ransom note is shown on the affected computers, demanding from victims to pay ransom in exchange for decryption…
Read More
Microsoft Warns Almost All Ransomware Attackers Steal Data

Microsoft Warns Almost All Ransomware Attackers Steal Data

Information Security, IT Support
Microsoft Warns Almost All Ransomware Attackers Steal Data Almost all of ransomware attackers, even those that don’t threaten to leak data, steal data anyway, Microsoft Threat Protection Intelligence Team warned. In the blog post "Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk", Microsoft Threat Protection Intelligence Team said that “while only a few of these groups gained notoriety for selling data, almost all of them were observed viewing and exfiltrating data during these attacks, even if they have not advertised or sold yet.” Ransomware and Data Exfiltration Ransomware is a type of malicious software (malware) that encrypts computer or the files within, locking out legitimate users and demanding from victims ransom payment in exchange for the decryption keys. Many ransomware victims who were forced to…
Read More
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack

Information Security, IT Support
Dutch University Paid Cybercriminals Ransom; Lessons Learned from This Attack Maastricht University, a government-funded institution in the Netherlands, recently admitted that it paid ransomware attacker a ransom of 30 Bitcoin, valued nearly 220,000 USD at the time of payment. The University, in a statement, said it fell victim to a ransomware attack on December 23, 2019. While the University’s IT infrastructure consists of 1,647 Linux and Windows servers and 7,307 workstations, the University said, the attacker only hit 267 Windows servers. The University added that backups of these servers were also affected. In ransomware attacks, attackers prevent legitimate users from accessing their computers or files through the process known as encryption. Attackers then demand from their victims ransom in exchange for the decryption keys that would unlock the encrypted files.…
Read More
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company

Information Security
Cybercriminals Were Paid Nearly a Million Dollars After Ransomware Attack on Canadian Insurance Company A recently published decision by the High Court of Business and Property, a division of the High Court of England and Wales, revealed that the attacker or attackers behind the ransomware attack on a Canadian insurance company were paid nearly a million U.S. dollars. The ransomware attack at a Canadian insurance company and the issuing ransom payment, which were hidden from the public, only surfaced after the insurer of the Canadian insurance company, an insurance company based in the UK, filed a case in court to recover the ransom paid to the attackers. Ransomware is a type of malicious software (malware) that encrypts victims’ computers or data, locking out legitimate users from accessing these computers or…
Read More
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching

Information Security, IT Support
Travelex Ransomware Attack: Another Hard Lesson on Skimping Patching The recent ransomware attack on Travelex, considered as the world's biggest foreign currency exchange company, highlights the importance of applying security patches in a timely manner. Travelex disclosed that on New Year’s Eve it’s corporate network was hit by the ransomware called “Sodinokibi”, also known as REvil ransomware. In a ransomware attack, legitimate users are prevented in accessing their computers or their data. The company said it immediately took all its systems offline to prevent the spread of REvil ransomware across the company’s network, forcing the company’s staff to resort to using pen and paper. The company’s ransomware attack disclosure came seven days after the attack. The group behind the REvil ransomware told the BBC that it gained access to Travelex’…
Read More
2019 Year-End Cyber Security Review; 2020 Prediction

2019 Year-End Cyber Security Review; 2020 Prediction

Information Security
2019 Year-End Cyber Security Review; 2020 Prediction Only a few days left until 2020 arrives, LifeLabs disclosed that it paid ransom to cyber attackers to “retrieve” the personal information of its15 million customers – affecting nearly half of the population in Canada. This data breach, the largest to date in this country, gives a glimpse of what the cyber security situation in 2019 looked like and what lies ahead in 2020. LifeLabs Data Breach President and CEO of LifeLabs Charles Brown, in a statement, said that personal information of approximately 15 million customers wasillegally accessed on the company’s computer systems, with the vast majority of the affected customers from British Columbia and Ontario. Brown said that stolen personal information includes name, address, email, login, passwords, date of birth and health…
Read More
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom

Information Security, News
New Ransomware Tactic: Data Publication in Case Victims Don’t Pay Ransom Ransomware attackers typically encrypt victims’ data and demand from victims ransom in exchange for the decryption keys. To pressure victims into paying ransom, attackers have added a new tactic: publication of stolen data in the event victims fail to pay ransom. While ransomware attackers in the past threatened victims to leak stolen data online for failing to pay ransom, many don’t follow through. Ransomware victims, as shown in their official statements, often view ransomware attacks not as data breaches – a type of cyber-attack that steals data. Ransomware victims, rather, believe that ransomware attackers can’t access the content itself. This perception that ransomware attackers can’t access the content itself is thrown out of the window as recent ransomware trend…
Read More