Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Ransom. Show all posts
Ransom
Automobile Industry Cyber Attacks Hackers Ransom

Auto Industry Faces Sharp Rise in Cyberattacks, Raising Costs and Risks

 



The growing use of digital systems in cars, trucks, and mobility services has made the automotive industry a new favorite target for hackers. Companies involved in making vehicles, supplying parts, and even selling them are now dealing with a sudden rise in cyberattacks, many of which are leading to heavy losses.

A recent report by cybersecurity firm Upstream Security shows that these attacks are not only increasing but also affecting much larger groups of vehicles and connected systems. In 2024, nearly 60% of the reported incidents impacted thousands or even millions of assets—this includes vehicles, electric vehicle charging stations, smart driving apps, and other connected tools used in transportation.

Even more worrying is the spike in large-scale cyberattacks. Cases where millions of vehicles were hit at once rose sharply from 5% in 2023 to 19% in 2024. These massive events now account for almost 60% of all attacks recorded in the year.

Experts warn that attackers have changed their approach. Instead of just hacking into a single vehicle’s system, they now aim to cause widespread damage or steal large amounts of data. By doing so, they increase the pressure on companies to pay hefty ransoms to avoid public embarrassment or serious business disruption.

Jason Masker, a cybersecurity specialist from Upstream, explained that hackers often search for the most damaging way to force companies into paying them. If they can gain control of millions of vehicles or access sensitive information, they can easily threaten a company’s image and safety standards.

The report also shared a serious example of how hackers can even manipulate a car’s safety features. Researchers found that the radar used for adaptive cruise control— a system that keeps cars at a safe distance can be tricked. Hackers could make it appear that the vehicle ahead is speeding up when it isn’t, potentially causing a crash.

Several major cyber incidents have already occurred:

• A leading Japanese car company’s U.S. unit was targeted by ransomware, leaking 22GB of vehicle and customer data.

• A Chinese auto supplier suffered a large breach involving 1.2TB of sensitive information, affecting both local and global carmakers.

• In Italy, a German automaker’s branch faced a data breach that exposed private customer details.

The report further explains that traditional cyberattacks— like locking systems and demanding ransom, are slowly becoming less effective, as many companies have backups ready. Now, hackers prefer stealing data and threatening to leak it unless they’re paid.

What’s more concerning is the gap between what cybersecurity rules require and how prepared companies actually are. Many businesses falsely believe they are fully protected, while attackers continue finding new ways to break through.

Upstream Security suggests companies need to act beyond just following regulations. Safety, smooth operations, and protecting customer data must be prioritized.

To help prevent future attacks, Upstream monitors over 25 million vehicles worldwide, tracking billions of data points daily. They also watch online forums where cybercriminals sometimes plan their attacks.

Looking at the bigger picture, experts predict artificial intelligence will become a vital tool in spotting and blocking cyber threats quickly. As vehicles get more connected, the risk of cyberattacks is expected to grow, putting companies, drivers, and users of smart mobility systems at greater risk.


Read more »
Ransom
Cyber Attacks Data Breach Data Extortion FBI Ransom

FBI Warns Business Executives About Fake Extortion Scam

 



The Federal Bureau of Investigation (FBI) has warned corporate executives about a new scam designed to trick them into paying large sums of money. Criminals are sending threatening letters claiming to have stolen sensitive company data and demanding a ransom. They are falsely using the name of a well-known hacker group to appear more convincing. However, the FBI has found no actual link between the scammers and the group they claim to represent.  


How the Scam Operates  

According to an FBI alert issued on March 6, 2025, the scammers are mailing letters to company executives marked as urgent. These letters state that hackers have broken into their company's systems and taken confidential data. The scammers then demand a payment of anywhere between 250,000 and 500,000 dollars to prevent the data from being exposed online.  

To pressure victims into paying, the letter includes a QR code that directs them to a Bitcoin wallet for the ransom payment. The message also warns that the criminals will not negotiate, adding to the urgency.  

The letter claims to be from a group known for past cyberattacks, but investigators have found no evidence that the real organization is behind these threats. Instead, scammers are using the group's name to make their claims seem more credible and to scare victims into complying.  


Why Executives Are Being Targeted  

Top business leaders often have access to critical company information, making them valuable targets for cybercriminals. Attackers believe that these individuals will feel pressured to act quickly when they receive threats about stolen data. By creating a sense of urgency, the scammers hope their victims will pay the ransom without questioning its legitimacy.  

The FBI has stressed that companies should not assume the threats are real just because they mention a well-known hacking group. Instead, businesses should focus on improving their cybersecurity defenses and educating employees about potential scams.  


How to Protect Against This Scam  

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have shared several important steps businesses can take to safeguard themselves against such scams:  

1. Inform and Educate – Business executives and employees should be aware of this type of scam so they can identify suspicious threats and avoid panic.  

2. Strengthen Security Systems – Companies should ensure that their firewalls, antivirus software, and security protocols are up to date and functioning effectively.  

3. Establish a Response Plan – Organizations should have a clear strategy in place for handling extortion threats. They should not respond or pay the ransom but instead follow proper security procedures.  

4. Report Suspicious Activity – If a business receives one of these extortion letters, it should immediately inform the FBI or report the incident through the Internet Crime Complaint Center (IC3). Reporting such cases helps authorities track cybercriminals and take action against them.  


Why Awareness is Crucial  

This scam highlights the growing trend of cybercriminals using fear to manipulate victims into handing over large amounts of money. While there is no confirmation that the real hacker group mentioned in the letter is involved, this situation serves as a reminder for businesses to stay cautious.  

The best way to prevent falling victim to such scams is through strong security measures, employee awareness, and prompt reporting of suspicious activity. The FBI is closely monitoring the situation and urges companies to take cybersecurity seriously to avoid financial and reputational damage.

Read more »
Scam
Cybersecurity FBI malware Ransom Scam

FBI Warns of Fake Ransom Demands Sent by Mail to US Executives

 



A new scam is targeting top business leaders in the United States, where criminals are sending letters demanding large ransom payments. Unlike typical ransomware attacks that involve hacking into computer systems, this scheme relies on physical mail. The letters claim that hackers have stolen company data and will leak it unless a ransom of $250,000 to $500,000 is paid. However, cybersecurity experts believe this is a fraud, with no actual hacking involved.  


How the Scam Works  

Investigators from the GuidePoint Research and Intelligence Team (GRIT) discovered that several companies have received these ransom letters through the US Postal Service (USPS). The letters are addressed to high-level executives and claim to be from the BianLian ransomware group, a known cybercriminal organization.  

The message states that the company's confidential information has been stolen and will be exposed unless the demanded payment is made within ten days. To make the threat appear real, the letter includes a Bitcoin wallet address and a QR code that links directly to it. Some letters also provide links to BianLian’s dark web site to add legitimacy to the claim.  

Despite these details, security analysts have found no proof that any actual data theft has occurred. The scam relies on fear and deception, hoping that executives will panic and send money.  


Why Experts Believe the Threat Is Fake  

Cybersecurity specialists have carefully examined multiple cases of this scam and found no signs of hacking or data breaches. The companies targeted in this scheme have not reported any unusual activity or unauthorized access to their systems. This strongly suggests that the criminals behind the letters are only pretending to be the BianLian ransomware group.  

The FBI has confirmed that these letters are part of a fraud campaign and do not represent a real cyberattack. Many of the envelopes are marked as "Time Sensitive" to create urgency, and some even list a return address in Boston, Massachusetts, which appears to be another false detail.  

Since there is no actual ransomware attack, businesses do not need to take technical action like removing malware or restoring stolen files. The main risk comes from executives believing the scam and paying the ransom.  


What to Do If You Receive One of These Letters  

If your company receives a similar ransom demand, take the following precautions:  

1. Check Your Systems for Security Issues – Ensure that company networks are protected and that there are no signs of hacking or data leaks. Keeping cybersecurity measures updated is always important.  

2. Do Not Send Any Money – These threats are fake, and paying the ransom will only encourage further scams.  

3. Report the Scam – Contact law enforcement and inform the nearest FBI field office about the letter. Complaints can also be filed with the Internet Crime Complaint Center (IC3).  

4. Inform Key Personnel – Let executives and employees know about this scam so they can recognize and ignore similar fraud attempts in the future.  

 

This scam is a reminder that cybercriminals do not always rely on advanced hacking techniques. Sometimes, they use old-fashioned methods like physical mail to create fear and manipulate victims into paying. While real ransomware attacks remain a serious concern, this particular scheme is based on false claims.  

Companies should stay informed and take precautions to avoid falling victim to these types of fraud. Being aware of such scams is the best way to protect against them.

Read more »
Ransom
Crypto Extortion Crypto Scam Cyber Crime Kidnapping Ransom

Crypto Dealers Targeted in Alarming Kidnapping and Extortion Cases

 

Recent incidents have revealed a troubling trend of cryptocurrency dealers being targeted for kidnappings and extortion. These cases underline the risks associated with the growing prominence of the cryptocurrency sector.

French authorities recently rescued a 56-year-old man found tied in the trunk of a car in Le Mans. According to France Bleu Normandie, the man had been abducted on New Year’s Eve by masked assailants who broke into his home, tied him and his wife up, and transported him approximately 500 kilometers across the country.

The captors used encrypted communication networks to demand a ransom from his son, a cryptocurrency influencer based in Dubai. The victim was discovered disoriented and covered in gasoline, prompting an ongoing investigation as the perpetrators remain at large.

Global Surge in Crypto-Related Crimes

Cryptocurrency's rising value and adoption have made it a lucrative target for cybercriminals. On December 17, Bitcoin (BTC) reportedly reached significant highs, amplifying interest in the sector. This growth has drawn attention from threat actors engaging in malware attacks, kidnappings, and extortion schemes.

For instance, on December 25, a cryptocurrency merchant in Pakistan was kidnapped in Karachi. The assailants coerced the victim into transferring $340,000 in cryptocurrency before abandoning him. Seven individuals, including a Counter-Terrorism Department officer, were later arrested, and charges for kidnapping and extortion were filed under the Pakistan Penal Code.

Cryptocurrency and Ransom Scams

In Australia, a case involving a Saudi royal highlighted the use of social platforms in abduction schemes. The victim was lured via a dating app to a location where he was ambushed and restrained. Threatened with severe harm, he transferred $40,000 in Bitcoin. While the lead perpetrator, Catherine Colivas, avoided prison due to mitigating circumstances, the case underscores the broader vulnerabilities in cryptocurrency transactions.

According to analysts at Chainalysis, the expanding ransomware landscape compounds these risks. Tracking incidents and ransom payments made in cryptocurrencies remains a significant challenge, emphasizing the need for heightened security and vigilance in the sector.

Read more »
User Data
Data Breach Data Leak Ransom Stolen Data User Data

AT&T Paid Attackers $370K to Delete Stolen Customer Data

 

AT&T reportedly paid a hacker more than $370,000 to remove stolen customer data. In an extraordinary turn of events, the ransom may not have gone to those responsible for the breach.

Last Friday, AT&T disclosed that an April data breach had exposed the call and text records of "nearly all" of its customers, including phone numbers and call counts. In a filing with the Securities and Exchange Commission (SEC), AT&T claimed it has since tightened its cybersecurity measures and is working together with law authorities to investigate the incident.

It now appears that AT&T has taken additional steps in response to the intrusion. According to Wired, AT&T paid a ransom of 5.7 bitcoin to a member of the hacking group ShinyHunters in mid-May, which was worth little more than $373,000 at the time. In exchange for this money, the hacker allegedly deleted the stolen data from the cloud server where it was stored, as well as providing video footage of the act. 

However, there is no guarantee that the millions of people affected by the latest massive AT&T attack will be entirely safe, as digital data can be easily copied. The security expert who mediated negotiations between AT&T and the hacker told Wired that they believe the only complete copy of the stolen dataset was wiped. However, partial fragments may remain at large. 

Prior to AT&T's announcement of the incident, it was revealed that Santander Bank and Ticketmaster had also been penetrated using login credentials that had been taken by an employee of the independent cloud storage provider Snowflake. According to Wired, following the Ticketmaster breach, hackers may have infiltrated over 160 companies at once using a script.
Read more »
Ransomware
Cyber Attacks French HealthCare Ransom Ransomware

French Hospital CHC-SV Refuses to Pay LockBit Ransomware Demand

 

The Hôpital de Cannes - Simone Veil (CHC-SV) in France revealed that it has received a ransom demand from the Lockbit 3.0 ransomware gang and refused to pay the ransom. 

On April 17, the 840-bed hospital announced a serious operational disruption caused by a cyberattack, forcing it to shut down all computers and reschedule non-emergency procedures and appointments. 

Earlier this week, the establishment revealed on X that it had received a ransom demand from the Lockbit 3.0 ransomware operation, which it referred to the Gendarmerie and the National Agency for Information Systems Security (ANSSI). 

At the same time, the LockBit ransomware organisation added CHC-SV to their darkweb extortion site, warning to release the first sample pack of files stolen during the attack before the end of the day. The healthcare organisation tweeted that they will not pay the ransom and will notify affected individuals if the threat actors begin leaking data. 

“In the event of a data release potentially belonging to the hospital, we will communicate to our patients and stakeholders, after a detailed review of the files that may have been exfiltrated, about the nature of the stolen information.” 

Meanwhile, the hospital's IT workers are currently working to restore compromised systems to normal operational status, as internal inquiries into the incident continue. 

Ruthless stance 

 
The FBI's disruption of the LockBit ransomware-as-a-service operation through 'Operation Cronos' and the simultaneous release of a decryptor in mid-February 2024 have had a negative impact on the threat group. 

Affiliates have lost faith in the project, and others have chosen to remain anonymous for fear of being identified and prosecuted. Despite the inconvenience, the ransomware operation relaunched a week later, with fresh data leak sites and updated encryptors and ransom demands. 

LockBit's attitude regarding assaults on healthcare providers has always been ambiguous at best, with the group's leaders failing to enforce the declared restrictions on affiliates carrying out attacks that compromised patient care. The attack on CHC-SV confirms the threat group's utter disdain for the sensitive topic of preventing disruptions to healthcare services. 

Read more »
Ransom
Cyber Attacks Data Leak Healthcare Breach Patient Data Ransom

UnitedHealth Paid Ransom After Massive Change Healthcare Cyber Assault

 

The Russian cybercriminals who targeted a UnitedHealth Group-owned company in February did not leave empty-handed.

"A ransom was paid as part of the company's commitment to do everything possible to protect patient data from disclosure," a spokesperson for UnitedHealth Group stated earlier this week. 

The spokesperson did not reveal how much the healthcare giant paid following the cyberattack, which halted operations at hospitals and pharmacies for more than a week. Multiple media outlets claimed that UnitedHealth paid $22 million in bitcoin. 

"We know this attack has caused concern and been disruptive for consumers and providers and we are committed to doing everything possible to help and provide support to anyone who may need it," UnitedHealth CEO Andrew Witty said in a statement Monday. 

UnitedHealth attributed the intrusion on the Russian ransomware gang ALPHV, also known as BlackCat. The group claimed responsibility for the attack, stating that it took more than six terabytes of data, including "sensitive" medical records, from Change Healthcare, which handles health insurance claims for patients who visit hospitals, medical centres, or pharmacies. 

The attack's scale—Change Healthcare performs 15 billion transactions every year, according to the American Hospital Association—meant that even people who were not UnitedHealth clients could have been affected. The attack has already cost UnitedHealth Group almost $900 million, company officials said in reporting first-quarter earnings last week. 

Ransomware attacks, which include disabling a target's computer systems, are becoming more widespread in the healthcare industry. In 2022, a study published in JAMA Health Forum found that the yearly frequency of ransomware attacks against hospitals and other providers increased.

It was "straight out an attack on the U.S. health system and designed to create maximum damage," Witty informed analysts last week during an earnings call about the Change Healthcare incident. According to UnitedHealth's earnings report, the cyberattack is ultimately estimated to cost the organisation between $1.3 billion and $1.6 billion this year.
Read more »
USA
cyber attack Cyber Attacks Cyber Concerns Hospital Information System Ransom Threats to Hospitals USA

Cybersecurity Crisis on US Healthcare Sector Children Hospital in Alarms

 

In a recent and alarming development, Lurie Children's Hospital, a distinguished pediatric care facility in Chicago, has been forced to disconnect its network due to a pressing "cybersecurity matter." This precautionary step is a response to the escalating cyber threats targeting healthcare systems nationwide, causing concern among experts and regulatory bodies. 

The decision to take the network offline emphasizes the severity of the situation, highlighting the hospital's firm commitment to protecting patient data and maintaining operational integrity. Cybersecurity experts are issuing warnings, emphasizing the urgent need for heightened vigilance across the healthcare sector, as potential vulnerabilities pose a significant threat on a national scale. 

Lurie Children’s Hospital, utilizing Epic System’s electronic health record software, has affirmed its proactive response to the ongoing cybersecurity issue. The hospital is actively engaged in collaboration with experts and law enforcement to address the situation, underscoring the gravity of the threat. 

While the Illinois-based medical facility remains operational, it has proactively disabled phone lines, email services, and the electronic medical system. These necessary precautions have, unfortunately, led to disruptions, impacting scheduled surgeries and creating communication challenges for families attempting to reach doctors, CBSNews reported that these disruptions began on Wednesday. 

This incident further amplifies the growing concerns voiced by regulators and experts about the expanding landscape of cybersecurity threats in the healthcare sector. 

In response to a 2023 report warning of "dramatic increases" in cyber attacks impacting US hospitals, the Department of Health and Human Services has released voluntary cybersecurity objectives for the health sector. The report underscored the potential compromise of hospital operations and financial extortion, emphasizing the crucial need for heightened vigilance and proactive measures within the healthcare industry. Moreover, the health sector witnessed an unprecedented surge in data breaches last year, affecting a staggering 116 million patients, as reported by STAT

This significant increase is primarily attributed to the rise in hacking and IT incidents, more than doubling the impact compared to the preceding year, prompting a plea for strengthened cybersecurity measures to safeguard patient information. 

The concerning trend goes beyond data breaches, as evidenced by surpassing the record-breaking breaches of 2015 last year, impacting over 112 million individuals. The current year continues to witness a worrisome escalation, with numerous health organizations reporting breaches related to hacking or IT incidents. 

A recent incident at Chicago's Saint Anthony Hospital, involving an "unknown actor" copying patient data, further underscores the vulnerabilities in the healthcare sector. Ransomware attacks have surged, fueled by the widespread adoption of connected medical devices, cloud services, and remote work systems. 

John Riggi, the American Hospital Association's national cybersecurity and risk advisor, highlights the national security implications of these attacks, advocating for heightened cybersecurity measures. Riggi condemns attacks on children's hospitals, considering it a "new low" that directly impacts vulnerable patients. 

Nitin Natarajan from the federal Cybersecurity & Infrastructure Security Agency notes that health organizations are viewed as "target rich, cyber poor," making them attractive targets for adversaries. The broader spectrum of cybersecurity threats extends beyond healthcare, as FBI Director Christopher Wray alerts Congress to state-sponsored Chinese hackers targeting U.S. infrastructure. 

However, there is currently no indication that the Lurie incident is related to such a national security threat. The healthcare sector is now at a pivotal moment, necessitating immediate and robust responses to mitigate the growing risks posed by cyber threats.
Read more »
Ransom
Bank fraud Cyber Insurance Cyber Security Cyberattacks FBI Information Technology Insurance Policy Ransom

Cybersecurity Nightmare: A Bank's Dilemma – To Pay or Risk It All

 


Schools, hospitals, and other institutions need to take more precautions to prevent cybercrimes from disrupting operations and putting people's data and safety at risk. As part of a congressional hearing held on Wednesday in Washington, DC, a familiar face among the Navarro and Judson school districts testified about how this issue is affecting individual children. 

In the event of a major cyberattack taking place, the possibility of a bank's failure is not too remote. The number of cyberattacks against financial institutions has risen significantly since 2006, and the number of attacks is expected to continue to rise shortly.  

As a result of the increasing risk of cyberattacks, and their potential impact on banks, financial institutions and the government are the top concerns when it comes to cyberattacks. Financial institutions are 300 times more likely to experience them than other institutions. 

As part of a joint hearing of two committees of the House Committee on Oversight and Accountability, Gosch offered a rare view into how institutions faced with ransomware threats are coping with these increasingly common attacks. As Gosch and Judson Independent encountered, a wide range of institutions are facing the same dilemma, not the least of which are banks as they have become disproportionately attractive targets for cybercriminals searching for ransomware. 

The US credit bureaus have reported that at least 15 banks and credit unions have reported that ransomware groups have stolen customer information from them this summer. Several reports have been made recently by cyber security consortiums that offer security services to banks that frequently refer to ransomware as a major concern. 

According to the district's Assistant Superintendent of Technology, the Judson Independent School District in San Antonio, Texas, which has approximately 30,000 students and staff, was attacked by adversaries using ransomware in June 2021, but no state or federal agency ever visited or offered assistance for regaining access to school resources after the attack.  

On Sept. 27, Lacey Gosch, the chairwoman of the House Oversight Subcommittee, urged lawmakers not only to restore budgets for school libraries, but also to increase funding for cyberattack mitigation, data protection, and equipment upgrades. It was also recommended that formal programs be developed within schools to help with school cybersecurity recovery and mitigation. 

It was also reported that a witness from the University of Vermont Medical Center – which suffered from a ransomware attack in October of 2020 – was present at the joint hearing of the House Oversight Committees on Cybersecurity, Information Technology, Government Innovation, Economic Growth, Energy Policy, and Regulatory Affairs. 

As Stephen Leffler, the president of the medical centre, said during the hearing, it was by far much more difficult for his staff to deal with the cyberattack than what they had to deal with during the COVID-19 pandemic, which affected the entire area. As a result of the attack, the hospital was taken offline for 28 days and the organization had to pay 65 million dollars for the incident. 

The Pros and Cons of Paying Ransoms 


Gosch's story is a cautionary tale that illustrates the stakes banks face when trying to prevent and mitigate ransomware attacks as the threat of ransomware for banks continues to grow and the threat of ransomware is growing. 

Moreover, showing banks the dilemma they are facing when receiving a ransom note in the wake of an attack, serves as an illustration of the difficulty they face. As a result, the FBI claims that paying the ransom encourages perpetrators to target more victims and increases the likelihood that other individuals will engage in this type of criminal activity. 

The biggest problem with a ransom payment is that it does not even guarantee that the data has been deleted. It was not until 12 days after being informed of the ransomware attack that Judson Independent negotiated a ransom with the ransomware actors, on Gosch's 34th day at the company. 

In exchange for the promise, but not the guarantee, that the hackers would delete the stolen data, Judson Independent paid a negotiated ransom of $547,000 to them. It was a difficult decision for Gosch, but he felt it was necessary to protect his constituents, even though it was difficult. 

There is an insurance policy available to the district against cyber-attacks, but it is primarily for attorneys' fees, data mining, and identity protection. "The insurance does not cover ransom payments or the costs of upgrading to mitigate damage to the system," Gosch stated. Cyber insurance coverage for ransom payments is a hot topic among experts.  

There has been some controversy about it. It has been reported, however, by the Royal United Services Institute, a London-based think tank, that cyber insurance providers do sometimes cover ransom payments. Despite this, according to the institute, there is no evidence that victims with cyber insurance are significantly more likely to pay ransom than victims without cyber insurance. 
Read more »
Vulnerabilities and Exploits
BBA Clop Ransomware Cyberattacks CyberCrime Cybersecurity malware MOVEit Ransom Ransomware Software Security Technical Security Vulnerabilities and Exploits

Security in the Software Sector: Lessons Learned from the MOVEit Mass Hack

 


MOVEit's mass hack into its system will likely be remembered as one of the most damaging cyberattacks in history, and it is expected to make history. 

An exploit in Progress Software's MOVEit managed file transfer service was exploited by hackers to gain access to customers' sensitive data through SQL commands injected into the system. The MOVEit service is used by thousands of organizations to secure the transfer of large amounts of sensitive files. 

There was a zero-day vulnerability exploited in the attack, which meant Progress was not aware of the flaw and was not able to patch it in time, which essentially left Progress' customers without any defence from the attack. 

There has been a public listing of alleged victims of the hacks started by the Russia-linked Clop ransomware group since June 14, the group that claimed responsibility for the hacks. Banks, hospitals, hotels, energy giants, and others are all included in the growing list of companies affected, part of a campaign being conducted in an attempt to pressure victims into paying ransom demands so that their information will not be breached online. 

The company Clop announced in a blog post this week that it will release the "secrets and data" of all victims of MOVEit who refused to negotiate with Clop on August 15. There had been similar hacks targeting the file-transfer tools of Fortra and Acellion earlier in the year as well; it was unlikely that this was Clop's first mass hack. 

The latest Emsisoft statistics indicate that more than 40 million people have been affected by the MOVEit hack, according to Emsisoft's latest statistics. Since the hacks started almost a year ago, those numbers have continued to increase almost daily. 

"Without being able to assess the depth and scope of the damage, at this point, there is no way to make an informed guess," Brett Callow, a ransomware expert and threat analyst at Emsisoft, told TechCrunch+. "We do not yet know how many organizations were affected and what data was compromised.” 

There is no doubt that around a third of those known victims have been affected by third parties, and others are impacted by vendors, subcontractors, and other third parties. According to him, because of this complexity, it's very likely that some organizations that may have been affected aren't aware that they have been affected, and that's what makes it so irreparable. 

While this hack had an unprecedented impact because of its scale, its methodology isn't new and there's nothing innovative about the way it was executed. In recent years, supply chain attacks have become more prevalent as a result of zero-day flaws being exploited by adversaries, and one exploit can potentially affect hundreds if not thousands, of customers due to the potential for the release of a zero-day vulnerability. 

Taking action now to prevent the threat of a mass hack should be as critical for organizations as anything else they can do. 

Recovering From the Disaster 


When you have been the victim of a hack, it may seem like the damage has already been done and there is no way to recover from it. Even though it can take months or years to recover from an incident like this, and many organizations are likely to be affected by it, they need to act quickly to understand not only which type of data was compromised, but also their possible violations of compliance standards or laws governing data privacy. 

Demands For Ransom


"Supply-chain attacks" are what is referred to as the hack in question. Initially, the news was announced in November last year when Progress Software revealed hackers had managed to infiltrate its MOVEit Transfer tool using a backdoor. 

In an attempt to gain access to the accounts of several companies, hackers exploited a security flaw in the software. Even organizations that do not use MOVEit themselves are affected by third-party arrangements because they do not even use MOVEit themselves. 

It has been understood by the company that uses Zellis that eight companies are affected, many of them airline companies such as British Airways and Aer Lingus, as well as retailers like Boots that use Zellis. It is thought that MOVEit is also used by a slew of other UK companies. 

A hacker group linked to the ransomware group Clop has been blamed for the hack. It is believed to be based out of Russia, but the hackers could be anywhere. As a consequence, they have threatened to publish data of companies that have not emailed them by Wednesday, which is the deadline for beginning negotiations. 

As the BBC's chief cyber correspondent Joe Tidy pointed out, the group has a reputation for carrying out its threats, and organizations in the next few weeks may find their private information published on the gang's dark website. 

The information told me that there is a high probability that if a victim does not appear on Clop's website then they may have signed up for a ransom payment by the group in which they may have secretly paid it, which can range from hundreds of thousands to millions of dollars. 

The victims are always advised not to pay to prevent the growth of this criminal enterprise as paying can fuel the growth of this malicious enterprise, and there is no guarantee that the hackers will not use the data for a secondary attack. 

When such a massive breach like MOVEit Mass Hack occurs, it is highly challenging to recover data from such an event, which requires meticulous efforts to identify the extent of the compromised data, and any potential compliance violations, as well as violations of local privacy laws. 

Many articles warn that paying ransom demands is not a guarantee that a cybercriminal will not come after you in the future, and will not perpetuate the criminal enterprise. MOVEit Mass Hack can be viewed as an example of a cautionary tale about the software sector that shouldn't be overlooked. A key aspect of this report is the emphasis it places on cybersecurity strategies and supply-chain vigilance so that the effects of cyber threats can be mitigated as quickly as possible.
Read more »
zero Day vulnerability
CLOP Clop Ransomware Data Evade Detection Extortion MOVEit Ransom Ransomware Safety Security zero Day vulnerability

Clop Ransomware Adopts Torrents for Data Leaks in Effort to Evade Detection

 

The Clop ransomware group has once again adjusted its tactics for extortion, now employing torrents to disseminate stolen information obtained from MOVEit attacks. 

Beginning on May 27th, the Clop ransomware syndicate initiated a series of data theft assaults by exploiting a zero-day vulnerability within the MOVEit Transfer secure file transfer system. Exploiting this flaw enabled the hackers to pilfer data from nearly 600 global organizations, catching them off guard.

On June 14th, the ransomware group commenced their extortion endeavors by gradually unveiling victims' names on their Tor-based data leak site and eventually making the files public. 

Nevertheless, the use of a Tor site for data leakage had limitations due to sluggish download speeds, which curtailed the potential damage of the leak.

In a bid to overcome these issues, the Clop group established clearweb sites to release stolen data from some of the victims of the MOVEit data theft. However, this approach was susceptible to being dismantled by authorities and companies. In response, the group has turned to torrents as a new method for disseminating the stolen data from the MOVEit breach.

This novel approach was identified by cybersecurity researcher Dominic Alvieri. The Clop ransomware gang has developed torrents for twenty victims, including well-known entities like Aon, K & L Gates, Putnam, Delaware Life, Zurich Brazil, and Heidelberg. 

In the fresh extortion strategy, Clop has established a new Tor site that provides guidance on using torrent clients to download the leaked information. They have also included lists of magnet links for the twenty affected parties.

Torrents leverage peer-to-peer transfers among different users, resulting in faster transfer speeds compared to traditional Tor data leak sites. Testing by BleepingComputer demonstrated improved data transfer speeds, reaching 5.4 Mbps, even when seeded from a single IP address in Russia. 

Additionally, this distribution technique is decentralized, making it difficult for law enforcement to shut down. Even if the original seeder is taken offline, a new device can take over seeding duties.

Should this approach prove effective for Clop, it's likely they will continue to utilize it due to its ease of setup, lack of need for a complex website, and the potential for wider distribution of stolen data, which could place more pressure on victims. 

Coveware has estimated that the Clop gang could amass between $75 million and $100 million in extortion payments. This projection is not solely due to numerous victims paying, but rather a small number of companies being persuaded to pay substantial ransom amounts. Whether the use of torrents will contribute to more payments remains uncertain; however, given the substantial earnings, the outcome may be inconsequential.
Read more »
User Security
Cyber Attacks Cyber Safety Data Leak Data Privacy Ransom Research School Targets Schools Student Data User Data User Safety User Security

Schools: Prime Targets for Hackers Amid Poor Cybersecurity and Ransom Payments

 

New data indicates that school districts have become highly susceptible to online exploitation, emerging as the primary target for hackers. According to a recent global survey conducted by the British cybersecurity company 

Sophos, a staggering 80% of schools experienced ransomware attacks last year, representing a significant increase from the 56% reported in 2021. This doubling of the victimization rate over two years has led researchers to label ransomware as the most significant cyber risk faced by educational institutions today.

Comparing various industries, schools fared the worst in terms of victimization rates, surpassing even sectors like healthcare, technology, financial services, and manufacturing. 

The survey, which included responses from 400 education IT professionals worldwide, revealed that United States institutions are particularly attractive targets for hacking groups, especially since the events surrounding Russia's invasion of Ukraine.

Two factors have made schools especially vulnerable to cyber threats in the United States. First, the cybersecurity measures in educational settings often lag behind those in major businesses, such as banks and technology companies. Second, schools prove to be easy targets for exploitation due to their willingness to pay ransoms. 

Last year, nearly half of the attacks on schools resulted in ransom payments, further enticing threat actors. Unfortunately, this combination of weak defenses and a readiness to pay has made schools a "double whammy" for hackers, according to Chester Wisniewski, the field chief technology officer of applied research at Sophos.

The motivation to pay ransoms seems to be influenced by insurance coverage. In districts with standalone cyber insurance, 56% of victims paid the ransom, while those with broader insurance policies covering cybersecurity saw a payment rate of 43%. Insurance companies often cover ransom demands, giving them significant sway over which districts comply with the extortion demands.

Elder, a school representative, acknowledges the difficult decisions schools face when dealing with ransomware attacks. While it is essential to safeguard confidential information and protect people, the pressure to manage resources and finances can make the choice challenging.

Ultimately, the data suggests that schools must prioritize and strengthen their cybersecurity practices to avoid falling prey to hackers and ransom demands. 

Relying on insurance alone may not provide a comprehensive solution, as hackers continue to exploit vulnerabilities, and insurance companies struggle to keep pace with evolving threats.
Read more »
Security
Cyber Attacks Data Data Safety data security Ransom Ransomware Safety Security

Inside the World of Ransomware Negotiations: From Colonial Pipeline to JBS

 

In January 2021, JBS, the world's largest meat-processing company, revealed that it paid a ransom of $11 million in Bitcoin to cyber attackers. 

Similarly, in May of the same year, Colonial Pipeline, the largest refined-products pipeline in the U.S., experienced a severe cyber attack, leading to the company shutting down operations and freezing its IT systems. To restore operations, Colonial Pipeline paid a ransom of $4.4 million in Bitcoin.

What linked both incidents was the use of ransomware. Ransomware is a type of malware designed to deny users access to their data, with attackers demanding a ransom in exchange for restoring access.

Despite reports of a decrease in ransomware attacks in 2022, a Statista survey showed that 71% of companies worldwide were affected by ransomware that year, with the average ransom payment reaching $925,162. Now, in 2023, there is a resurgence of ransomware attacks, as reported by security company Black Kite.

The negotiation tactics for ransom payments are seldom reported in the news due to law enforcement agencies like the FBI and Cybersecurity and Infrastructure Security Agency strongly advising against paying ransoms. However, many organizations still choose to pay the ransom as they consider it the quickest way to recover their systems.

The process of ransom payments involves the attackers dictating the communication and payment channels, often utilizing cryptocurrencies like Bitcoin for their anonymity and speed. 

Ransomware attackers typically exploit the sensitive data they have encrypted to put pressure on affected organizations during negotiations. Negotiators might assume different personas, even pretending to be empathetic and building a rapport with attackers to secure the best deal possible.

The recovery of ransom payments can be challenging, but it is not impossible. In some cases, law enforcement agencies have successfully followed the money trail in cryptocurrency wallets to recover part of the ransom. However, tracing illicit ransom payments remains costly and time-intensive.

While paying a ransom might lead to data recovery, it does not guarantee full restoration, and organizations often remain vulnerable to subsequent attacks from the same threat actors.

Banning ransom payments entirely might not solve the problem, as some situations may warrant paying the ransom, such as critical infrastructures being affected.

The battle against ransomware requires cooperation between the private sector and government agencies. The government's involvement is crucial in intelligence gathering and threat mitigation, as cyber attackers constantly evolve their tactics.

Regulatory compliance also plays a significant role in cybersecurity at the national level, setting the tone for security measures in the private sector.

The U.S. government's National Cyber Strategy aims to hold private companies responsible for cybersecurity, emphasizing their role in cybersecurity efforts and engaging the private sector in disruption activities through scalable mechanisms.

It remains to be seen how these strategies will unfold, but tapping into offensive cyber talent could potentially enhance America's defensive and offensive cyber capabilities significantly.
Read more »
Ransomware Gang
Cyber Crime Data Backup Data Recovery Online Security Ransom Ransomware Gang

Backups can be Quicker and Less Expensive than Paying the Ransom

 

Ransomware operators want to spend as little time as possible within your systems, which means the encryption they use is shoddy and frequently corrupts your data. 

As a result, paying ransoms is typically a more expensive chore than simply refusing to pay and working from our own backups. That is the perspective of Richard Addiscott, a senior director analyst at Gartner. 

"They encrypt at an extremely fast rate," he said on Monday at the firm's IT Infrastructure, Operations, and Cloud Strategies Conference 2023 in Sydney. "They encrypt faster than you can run a directory listing."

Therefore, ransomware creators use poor encryption techniques and end up losing some of the data they later try to sell you. If ransomware operators deliver all the data they claim, Addiscott said, it is not simple to restore from corrupt data dumps delivered by criminals. Many people don't; instead, they start a new round of discussions regarding the cost of more releases by demanding a ransom. 

According to him, just 4% of ransomware victims actually manage to get all of their data back. Only 61 percent actually retrieve any data. Additionally, the average disruption to a victim's business is 25 days. 

Addiscott proposed that organisations design and practise ransomware recovery playbooks to shorten the period. Securing funding to prepare for a speedy post-ransomware recovery requires couching the risk in business terms rather than IT terms. 

According to Addiscott, the themes that are likely to release the purse strings are revenue protection, risk reduction, and cost control. Although he shook his head as he recalled instances when business leaders authorised enormous and speedy ransom payments that dwarfed the denied investments that may have rendered them unnecessary. 

He advised good preparation because ransomware crooks have figured out one technique to speed up stalled payment negotiations: whacking their victims with a DDoS attack, so they're battling two fires at once, and are thus willing to pay to make at least one problem go away. 

Ransomware operators also like to double-dip by demanding payment from the organisations whose data they have stolen, then mining the data to locate new targets. Addiscott mentioned an attack on a healthcare provider in which clients were confronted with a payment demand or their medical records will be revealed. 

Customers identified in a stolen data heist may be targeted with the suggestion that they notify suppliers that they want payments made in order to reduce the risk of their data being disclosed. Immutable backups and an isolated recovery environment, according to Addiscott, are a good combination of defences. 

However, he also stated that the people behind ransomware are brilliant, vicious, inventive, and relentless, so they will find new and even more nefarious ways to strike. 

The analyst did have one piece of good news: there would be a 21% decrease in ransomware attacks in 2022 compared to 2021. He hypothesised that the decline was caused by sanctions making it more difficult for Russian-based ransomware groups to operate.
Read more »
Security
cyber attack Cyber Data LockBit Ransom Ransomware Security

The LockBit Ransomware Takes Responsibility for the Royal Mail Cyberattack

 

The LockBit ransomware operation has asserted responsibility for the cyberattack on Royal Mail, the UK's leading mail delivery service, which forced the company to stop its international shipping services due to "severe service disruption." 

This emerges after LockBitSupport, the public-facing representative of the ransomware group, earlier told BleepingComputer that the LockBit cybercrime group did not target Royal Mail. They instead blamed the attack on other threat actors who used the LockBit 3.0 ransomware builder, which was leaked on Twitter in September 2022. LockBitSupp did not clarify why printed Royal Mail ransom notes seen by BleepingComputer included links to LockBit's Tor negotiation and data leak sites rather than those operated by a different threat actor.

However, LockBitSupp validated LockBit's involvement in the attack in a post on a Russian-language hacking forum after discovering that one of their affiliates deployed the gang's ransomware payloads on Royal Mail's systems.

The representative of the ransomware gang also stated that they would only provide a decryptor and delete data stolen from Royal Mail's network after a ransom was paid. The entry for the Royal Mail attack on LockBit's data leak site currently states that stolen data will be published online on Thursday, February 9, at 03:42 AM UTC.

The attack was termed a "cyber incident"

On January 10, Royal Mail discovered the attack and hired outside forensic experts to assist with the investigation.

A Royal Mail spokesperson told BleepingComputer on January 11 when we reached out for more details, "Incident was detected yesterday, UK/ domestic mail remains unaffected."

"We're experiencing disruption to our international export services and are temporarily unable to despatch items to overseas destinations. Please do not post any export items while we work to resolve the issue. Sorry for any disruption this may cause," the company tweeted.

The incident was also reported to UK security agencies, and the company is investigating it alongside the National Crime Agency and the UK National Cyber Security Centre (NCSC).

However, Royal Mail has yet to acknowledge that it is the victim of a ransomware attack, which could result in a data breach because LockBit ransomware operators are known for stealing data and leaking it online if their ransom demands are not met.

For the time being, the company is still referring to the attack as a "cyber incident" and claims to have restored some of the services that were impacted by the attack. The incident last month follows a November 2022 outage that caused the Royal Mail's tracking services to be unavailable for more than 24 hours.

The Royal Mail's recurring IT problems come at a time when its mailing services are already under strain due to planned national strikes and ongoing talks with the Communication Workers Union.     

Read more »
Victims
data security malware Ransom Ransom Payment Ransomware Safety Victims

Ransomware Profits Shrink, as Victims Refuse to Pay

 

As per data from blockchain analysis firm Chainalysis, ransomware revenue for 2022 has dropped from $765.6 million to at least $456.8 million, representing a -40.3% year-over-year drop. The number of attacks is as high as it has ever been, but the number of victims who refuse to pay the ransom has increased as well. 

Working with Coveware, Chainalysis has observed a significant decrease in the number of ransomware victims willing to pay: 76% in 2019, but only 41% in 2022. According to Chainalysis, this is a "highly encouraging" trend that is likely influenced by a variety of factors. 

Ransomware victims have realized that even if they pay the ransom, there is no guarantee that their data will be handed back or that the ransomware actor will delete the "stolen" files instead of selling them on the dark web. But since the public perception of the ransomware phenomenon has matured, data leaks no longer pose the same risks to brand reputation as they did in previous years.

Companies and government agencies, which are the primary targets of modern ransomware operations, have also improved their backup strategies, making data recovery a much cleaner and easier process than it was only a few years ago.

Insurance companies are also much less likely to permit their customers to use an insurance payout to satisfy a ransom demand. Eventually, because many ransomware operations are based in Russia, victims who choose to pay may face harsh legal consequences as a result of the country's economic sanctions following the invasion of Ukraine.

Despite the fact that victims are not paying as much as they used to, the ransomware industry is far from dead: in 2022, the average lifespan of file-encrypting-malware strains has dropped from 153 days to just 70 days year on year. The "Conti" ransomware operation ended, while other ransomware-as-a-service (raas) operations, such as Royal, Play, and BlackBasta, went live. At the end of 2022, LockBit, Hive, Cuba, BlackCat, and Ragna were still in business (and still demanding ransom payments).


Read more »
Ransomware
Bots Cryptominers Digital Infrastructure Firewalls Linux Linux Servers malware Ransom Ransomware

This Linux Malware Bombards Computers with DDoS Bots and Cryptominers

 

Security experts have discovered a new Linux malware downloader that uses cryptocurrency miners and DDoS IRC bots to attack Linux servers with weak security. After the downloader's shell script compiler (SHC) was uploaded to VirusTotal, researchers from ASEC found the attack. It appears that Korean users were the ones who uploaded the SHC, and Korean users are also the targets. 

Additional research has revealed that threat actors target Linux servers with weak security by brute-forcing their way into administrator accounts over SSH. Once inside, they'll either set up a DDoS IRC bot or a cryptocurrency miner. XMRig, arguably the most well-liked cryptocurrency miner among hackers, is the miner that is being used.

It generates Monero, a privacy-focused cryptocurrency whose transactions appear to be impossible to track and whose users are allegedly impossible to identify, using the computing power of a victim's endpoints.

Threat actors can use the DDoS IRC bot to execute commands like TCP Flood, UDP Flood, or HTTP Flood. They can execute port scans, Nmap scans, terminate various processes, clear the logs, and other operations. Malicious deployments are continuously thrown at Linux systems, most frequently ransomware and cryptojacking.

"Because of this, administrators should use passwords that are difficult to guess for their accounts and change them periodically to protect the Linux server from brute force attacks and dictionary attacks, and update to the latest patch to prevent vulnerability attacks," ASEC stated in its report. "Administrators should also use security programs such as firewalls for servers accessible from outside to restrict access by attackers."

The continued success of Linux services in the digital infrastructure and cloud industries, as well as the fact that the majority of anti-malware and cybersecurity solutions are concentrated on protecting Windows-based devices, according to a VMware report from February 2022, put Linux in a risky situation.
Read more »
Security
Cyber Security Data data security Hackers Ransom Safety School Security

How Can Schools Minimize Cybersecurity Risks?

 

Cyberattacks are now a daily threat to K-12 schools, and the problem may worsen as educators rely more on technology for teaching and learning, and as hackers become more sophisticated. As per the K12 Security Information Exchange, a nonprofit dedicated to assisting schools in preventing cyberattacks, there have been over 1,330 publicly disclosed attacks since 2016, when the organization began tracking these incidents. Hackers have targeted municipalities of all sizes. 

Most notably, two central districts—Los Angeles Unified and New York City—will face cybersecurity challenges in 2022. Experts say that if the largest districts can be affected, anyone can. Smaller districts are especially vulnerable because they frequently lack the cybersecurity resources required to protect themselves.

Cyberattacks are costly to school districts. According to a recent GAO report, districts lose three to three weeks of instructional time on average after an attack, and recovery time can range from two to nine months. To prevent unnecessary costs, districts should ensure that their networks are secure.

Education Week has extensive coverage on what to do if your school or district is the victim of a cyberattack, as well as how to prevent attacks. Here is an accumulation of articles and videos on this topic published by Education Week that you can use to tackle this challenge.

Guidance from the FBI and the Cybersecurity and Infrastructure Security Agency discourages paying the ransom because it doesn't guarantee that the data hackers are holding ransom will be decrypted or that the systems will no longer be compromised. Despite this advice, the decision of whether or not to pay a ransom can be complicated.

Two district leaders also spoke with Education Week about how they handled the aftermath of a ransomware attack that shut down schools for two days. There is no magic formula that will entirely protect districts from cyberattacks, but there are steps that can be taken to mitigate the risks. In this special report, K-12 technology leaders and experts offer recommendations on how to prevent these incidents, particularly with the emergence of school-issued devices, as well as what districts' top cybersecurity priorities should be.  

Student data privacy concerns a wide range of issues, from students' smartphones to classroom applications discovered and adopted by teachers, to district-level data systems, to state testing programmes. Experts offer their perspectives on why schools struggle to protect student data.
Read more »
Security
Cyber Attacks Data Ransom Ransomware Safety Security

Executives and Telemedicine: Targets of New Ransom Payment Schemes.

 

Ransomware developers are constantly coming up with new ways to infect victims and persuade them to pay up, but a couple of recent strategies appear especially cunning. The first involves targeting healthcare organizations that provide online consultations and sending them booby-trapped medical records for the "patient," while the second involves carefully editing email inboxes of public company executives to make it appear that some were involved in insider trading. Last month, the United States 

The Department of Health and Human Services (HHS) issued a warning that Venus ransomware attacks were targeting a number of healthcare organizations in the United States. Venus, which was discovered in mid-August 2022, is known for hacking into victims' publicly exposed Remote Desktop services in order to encrypt Windows devices.

According to Holden, internal Venus group discussions show that this group has no trouble gaining access to victim organizations.

“The Venus group has problems getting paid,” Holden said. “They are targeting a lot of U.S. companies, but nobody wants to pay them.”

That could explain why their latest scheme focuses on framing executives at public companies for insider trading charges. Venus recently reported success with a method that entails carefully editing one or more email inbox files at a victim firm — to insert messages discussing plans to trade large volumes of the company's stock based on non-public information.

“We imitate correspondence of the [CEO] with a certain insider who shares financial reports of his companies through which your victim allegedly trades in the stock market, which naturally is a criminal offense and — according to US federal laws [includes the possibility of up to] 20 years in prison,” one Venus member wrote to an underling.

“You need to create this file and inject into the machine(s) like this so that metadata would say that they were created on his computer,” they continued. “One of my clients did it, I don’t know how. In addition to pst, you need to decompose several files into different places, so that metadata says the files are native from a certain date and time rather than created yesterday on an unknown machine.”

Planting emails into an inbox is difficult, according to Holden, but it is possible with Microsoft Outlook.pst files, which the attackers may also have access to if they have already compromised a victim network.

“It’s not going to be forensically solid, but that’s not what they care about,” he said. “It still has the potential to be a huge scandal — at least for a while — when a victim is being threatened with the publication or release of these records.”

According to Holden, the CLOP ransomware gang is currently experiencing a different issue: a lack of victims. According to the intercepted CLOP communication obtained by KrebsOnSecurity, the group boasted twice about successfully infiltrating new victims in the healthcare industry by sending infected files disguised as ultrasound images or other medical documents for a patient seeking a remote consultation.

CLOP members reported that one tried-and-true method of infecting healthcare providers involved accumulating healthcare insurance and payment data to use in submitting requests for a remote consultation on a patient with liver cirrhosis.

“Basically, they’re counting on doctors or nurses reviewing the patient’s chart and scans just before the appointment,” Holden said. “They initially discussed going in with cardiovascular issues, but decided cirrhosis or fibrosis of the liver would be more likely to be diagnosable remotely from existing test results and scans.”

While CLOP as a money-making collective is a relatively new organization, security experts say CLOP members come from a Threat Actor (TA) group known as "TA505", which MITRE's ATT&CK database describes as a financially motivated cybercrime group active since at least 2014. According to MITRE, "this group is known for frequently changing malware and driving global trends in criminal malware distribution."

In April 2021, KrebsOnSecurity detailed how CLOP helped pioneer another innovation aimed at convincing more victims to pay an extortion demand: directly emailing the ransomware victim's customers and partners and alerting that their data would be leaked to the dark web unless the victim firm paid up.

According to Tripwire, the HHS advisory on Venus states that multiple threat actor groups are likely distributing the Venus ransomware. Tripwire's advice for all organizations on avoiding ransomware attacks includes the following:
  • Making secure offsite backups.
  • Running up-to-date security solutions and ensuring that your computers are protected with the latest security patches against vulnerabilities.
  • Using hard-to-crack unique passwords to protect sensitive data and accounts, as well as enabling multi-factor authentication.
  • Encrypting sensitive data wherever possible.
  • Continuously educating and informing staff about the risks and methods used by cybercriminals to launch attacks and steal data.
Read more »
Security
Data Data Breach Data Hackers data security Hackers Ransom Safety Security

Medibank: Hacker Gained Access to 9.7M Customers' Data and Refuses to Pay a Ransom

 

On Monday, Medibank Private Ltd (MPL.AX), Australia's largest health insurer, stated that no ransom payment will be made to the criminal responsible for a recent data theft in which the data of approximately 9.7 million current and former customers was compromised. 

Highlighting the findings of the firm's investigation thus far, Medibank confirmed that the data theft accessed the name, date of birth, address, phone number, and email addresses of approximately 9.7 million current and former customers. Cyber security issues in Australia have skyrocketed in recent years, according to a government report, with one attack occurring every seven minutes.

"Based on the extensive advice we have received from cybercrime experts we believe there is only a limited chance paying a ransom would ensure the return of our customers' data and prevent it from being published," Medibank CEO David Koczkar said.

Paying a ransom could encourage the hacker to directly extort customers, causing more people to suffer, according to Koczkar. The insurer reiterated that business operations remained normal during the cyberattack, with customers continuing to have access to health care.

Medibank has warned its customers to be cautious because the criminal may leak the data online or attempt to contact them directly.

In the last few weeks, Singapore Telecommunications' (STEL.SI) unit Optus disclosed a breach of up to 10 million customer accounts, and Woolworths (WOW.AX) revealed that the data of millions of customers using its bargain shopping website had been compromised.  

Medibank has announced that it will commission an external review in order to learn from the cyberattack, as well as expand its Cyber Response Support Program. 
Read more »
Subscribe to: Posts (Atom)