Archive for the ‘Ransomware’ category

Massive New Ransomware Attack

June 29th, 2017

Recently world suffered a massive WannaCry attack. Now new ransomware attack was launched using same Windows vulnerability. Ukraine is the most affected country affecting government, transport systems, banks and power utilities and companies like WPP, pharma giant Merck, manufacturing company Saint-Gobain, and Russian steel and oil giants Evraz and Rosneft.

One WPP subsidiary has asked staff to turn off and disconnect all Windows machines as it was a victim of “massive global malware attack, affecting all Windows servers, PCs and laptops.”

Shipping company Maersk tweeted, “We can confirm that Maersk IT systems are down across multiple sites and business units due to a cyber attack. We continue to assess the situation. The safety of our employees, our operations and customers’ business is our top priority.”

Merck tweeted “We can confirm our company’s computer network was compromised today as part of the global hack. Other organizations have also been affected. We are investigating the matter and will provide additional information as we learn more.”

Kaspersky Lab researchers mentioned that it is entirely new threat and named it as NotPetya.

“Organizations in Russia and the Ukraine are the most affected, and we have also registered hits in Poland, Italy, the UK, Germany, France, the U.S. and several other countries,” the researchers mentioned. ”This appears to be a complex attack which involves several attack vectors. We can confirm that a modified EternalBlue exploit is used for propagation at least within the corporate network.”

Jake Kouns, CISO at Risk Based Security mentioned that the attack by WannaCry should have been taken seriously. “Unfortunately, the fast spread of Petya makes it pretty clear that regardless of the reasons for not updating systems, whether they were valid or not, many companies were unable to properly address things the first time around,” he said.

He added that unpatched software is at risk.

“It is critical that all organizations which are able to apply patches for these known vulnerabilities,” he said. “If there is some legit reason for this not being possible, it is imperative to take other precautions and implement compensating controls to protect their systems and mitigate the risk.”

“Companies need to rapidly adopt a much more continuous strategy around patching and security testing, along with a robust disaster recovery plan that gets tested frequently.”Cybric CTO Mike Kail mentioned.

Netskope co-founder and CEO Sanjay Beri said the implications could be massive. “The Petya ransomware attack should serve as an urgent warning for the U.S. — we need a plan in place and the administration has to stop dragging its feet on hiring a Federal CISO,” he said.

“Worse than the recent WannaCry attack, the Petya ransomware campaign is targeting critical infrastructure which, according to an MIT report, is essentially defenseless against cyber criminals,” Beri added. “If this attack reaches us — and given the rate and manner with which it’s spreading it’s only a matter of time — the country’s critical infrastructure is at enormous risk of shutting down.”

“The extortion model is here to stay,” the report states. “More stable growth, which is at a higher level on average, could indicate an alarming trend: a shift from chaotic and sporadic actors’ attempts to gain foothold in [the] threat landscape to steadier and higher volumes.”

___________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. 

WannaCry ransomware attacked Honda

June 28th, 2017

Honda recently stopped its production at its Sayama, Japan plant due WannaCry ransomware.

The production facility manufactures 1,000 vehicles per day. The plant was started next day.

Along with Honda, Nissan and Renault also halted production at plants in Japan, Britain, France, Romania and India.

“We recommend that you revisit your security patches immediately and ensure that all of your networked computers can connect to kill switches.”Webroot senior threat research analyst Tyler Moffitt said.

Tripwire senior systems engineer Paul Norris mentioned that companies need to take steps to protect themselves.”Effective measures in defeating these sorts of attacks include implementing an effective email filtering solution that is capable of scanning content on emails, hazardous attachments and general content for untrusted URLs,” he said. “Another option would be to better educate the workforce on how to recognize a suspicious email from unknown senders, knowing not to click an untrusted URL, as well as not opening an unexpected attachment.”

RiskVision CEO Joe Fantuzzi mentioned that the Honda plant shutdown shows growing risks in the manufacturing industry. “While manufacturing hasn’t experienced the same attention as other sectors in regards to emerging ransomware trends, it’s now clear that WannaCry and other advanced threats pose severe and crippling risks to this sector, which among other things can halt production, expose blueprints and intellectual property, aid competitors and decimate profit margins, while taking weeks or months to be fully remediated,” he said.

“What’s more, manufacturing isn’t beholden to the same security and compliance standards as healthcare, financial services and other market verticals, making enforcement of consistent security standards even more difficult,” Fantuzzi added. “Consequently, it’s imperative that manufacturers categorize assets in terms of business criticality to see where their most important vulnerabilities reside because taking the initiative to find and prioritize critical vulnerabilities is a small investment in comparison to the long-term damage that could result if these vulnerabilities are ever found by cyber criminals and exploited.”

“Warding off cyber threats, including cyber espionage, is a top corporate priority across industries, but manufacturers and distributors need to do much more to protect their patents, designs and formulas, as well as their private company and employee information,” Jim Wagner, partner-in-charge of Sikich’s manufacturing and distribution practice, said in a statement.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware Attack at Airway Oxygen

June 25th, 2017

Michigan-based Airway Oxygen, Inc. recently suffered data breach due to ransomware attack. Facility is notifying patients that their PHI may have been affected. Airway Oxygen supplies medical equipment.  It mentioned that facility becomes aware of the breach when ransomware was installed in its technical infrastructure. The incident prevented Airway from accessing its own data.

Affected information included full names, home addresses, dates of birth, telephone numbers, diagnoses, types of services provided, and health insurance policy numbers. Bank account numbers, debit or credit card numbers, and Social Security numbers were not included in the breach.

As per the OCR tool, 500,000 individuals were affected by the breach.

“Since learning of the incident, we immediately took steps to secure our internal systems against further intrusion, including by scanning the entire internal system, changing passwords for users, vendor accounts and applications, conducting a firewall review, updating and deploying security tools, and installing software to monitor and issue alerts as to suspicious firewall log activity,” explained the statement, which was signed by Airway Oxygen President Stephen Nyhuis.

Facility in the statement mentioned that it has notified FBI. Also, the cyber security firm is hired to help in the investigation.

“We take the security of those with whom we work and their data very seriously and our team is working diligently to ensure breaches of this type do not happen in the future.”

As per the statement, facility mentioned that steps were taken to secure internal systems. Scanning of the technical infrastructure was carried out. Passwords were changed for the users. Vendor accounts are monitored and review is done for security firewall, security tools. New software installation is done to alert for any such incidents in future.

Customers are advised to place a credit fraud alert. Also, a toll-free number is provided to assist the users.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Seventy four countries hit with WannaCry ransomware

May 14th, 2017

Kaspersky researchers mentioned that tens of thousands of computers are infected in 74 countries worldwide by WannaCry ransomware.

“It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher,” the researchers mentioned.

MalwareTech has published live map for the area affected in the world.

“Russia, Ukraine and Taiwan leading,” Avast researcher Jakub Kroustek tweeted on Friday. “This is huge.”

Major company affected included FedEx, the Spanish phone company Telefonica, the Russian mobile phone operator MegaFon, and the UK’s National Health Service (NHS).

“This attack was not specifically targeted at the NHS and is affecting organizations from across a range of sectors.” NHS mentioned.

Joshua Douglas, chief strategy officer at Raytheon Foreground Security mentioned that the target was vital services like healthcare.

“Organizations are beginning to fully appreciate their exposure to risk, whether from negligent or malicious insiders, the growing attack surface are represented by the Internet of Things, or from the growing number of sophisticated attackers,” Douglas said.

“Healthcare, an industry with mountains of sensitive personal data and lives at stake, should consider security measures that take into account network users in addition to outside threats,” Douglas added. “When dealing with ransomware, advance security protections, basic cyber hygiene, tested disaster recovery plans and employee training are critical to protecting data.”

The attack has devastating impact on the services and systems.

“This is the first time that a worm-link tool has been used in conjunction with ransomware that has created devastating impact against entire organizations,” Fidelis Cybersecurity threat research manager John Bambenek said by email. “Strong and swift patching would have helped mitigate this threat. It has undoubtedly captured the imagination of criminals who don’t want to hold individual machines ransom but to take entire organizations hostage, and surely we will see much more of this in the coming weeks.”

“The fact that a vulnerability developed by the NSA was used in this attack shows the dangers that can happen when this knowledge gets out into the wild even after a patch has been developed,” Bambenek added. “Intelligence agencies will always be developing zero-days, but unlike traditional weapons, these tools can be repurposed quickly for devastating criminal attacks.”

“The intelligence community should develop strong procedures that when such tools leak, they immediately give relevant information to software developers and security vendors so protections can be developed before attacks are seen in the wild,” Bambenek said.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Ransomeware attack at ABCD

April 8th, 2017

ABCD Pediatrics recently suffered ransomware attack. According to the statement, a virus was inserted to gain access to the healthcare organization’s servers. Patient data was encrypted in the process. Facility contacted IT personnel to take all servers offline. It is conducting detailed analysis.

Experts came to conclusion that this particular type of virus has likely not removed the information from the server.  Facility also mentioned that user accounts may have been accessed through it’s network. Affected information includes names, addresses, phone numbers, dates of birth, Social Security numbers, insurance billing information, medical records, and lab reports.

As per the OCR data breach reporting tool, approximately 55,447 patients may have been affected. ABCD has successfully removed the virus from the system. Corrupted data was also removed from its servers. Secure backup of the facility is not affected and thus used to restore all impacted data. It also mentioned that no PHI was lost or destroyed in the incident.

“Also, please note that ABCD never received any ransom demands or other communications from unknown persons,” ABCD stated. “However, ABCD remains concerned because it discovered user logs indicating that computer programs or persons may have been on the server for a limited period of time.”

Facility has upgraded it cyber security monitoring program to stop future incidents. Call centre is setup for the affected patients.

“Patients also can place a fraud alert on their credit files with the three major credit reporting agencies. A fraud alert is a consumer statement added to one’s credit report. The fraud alert signals creditors to take additional steps to verify one’s identity prior to granting credit. This service can make it more difficult for someone to get credit in one’s name, though it may also delay one’s ability to obtain credit while the agency verifies identity.”

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach trends in 2016

April 5th, 2017

As per the IBM report, data breach increased 566 percent in 2016 from 600 million to more than 4 billion. The report also mentioned that healthcare in no longer the most attacked sector. Most of the attack was carried out on financial services industry.

In 2016, 12 million records were affected in healthcare. In previous year, the breach was 100 million records which counts to eighty eight percent drop. IBM surveyed 8000 security clients in 100 countries.

IBM Security Vice President of Threat Intelligence Caleb Barlow mentioned that the cyber attacks was carried out with innovative techniques.

“While the volume of records compromised last year reached historic highs, we see this shift to unstructured data as a seminal moment,” Barlow said in a statement. “The value of structured data to cyber-criminals is beginning to wane as the supply outstrips the demand. Unstructured data is big-game hunting for hackers and we expect to see them monetize it this year in new ways.”

IBM mentioned that for ransomware attacks, 70 percent of the companies paid more that $10,000 to regain the access to data. According to the FBI, cyber-criminals were paid $209 million in first three months of 2016.

Ransomware attacks are on the rise with 400 percent increase. In the coming time healthcare will do many reforms which includes increase in internet of things (IoT) technology. This will increase the attacks.

“Retail and financial services have battened down their hatches,” IDC Health Insights Research President Lynne Dunbrack told HealthITSecurity.com in a 2016 interview. “Now the cyber criminals might still be nipping at those heels, but they are looking at other targets, healthcare being one of them.”

CynergisTek Vice President Dan Berger mentioned that attacks against healthcare are carried out with sophistication.

“The dramatic increase in hacking attacks in 2016, coupled with the large number of patient records compromised in those incidents, points to a pressing need for providers to take a much more proactive and comprehensive approach to protecting their information assets in 2017 and beyond,” Berger stated.

___________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Hackers demand ransom to open disabled door locks

February 12th, 2017

Austria’s four-star, 111-year-old Romantik Seehotel Jagerwirt mentioned that its internal systems were recently breached. Hackers disabled both the hotel’s electronic door locks and the reservation system. The attack against the facility means that the new keys couldn’t be created and also reservations couldn’t be checked or confirmed.

Hotel has to pay 2 Bitcoins (almost $2,000) to get control of the systems back to the hotel.

“The house was totally booked with 180 guests, we had no other choice,” hotel managing director Christoph Brandstaetter told The Local. “Neither police nor insurance help you in this case.”

This was the third cyber attack for the hotel, Brandstaetter said.  It also faced fourth attack as new computers were placed along with new security standards.

“The restoration of our system after the first attack in summer has cost us several thousand Euros,” Brandstaetter said. “We did not get any money from the insurance so far because none of those to blame could be found.”

“We are planning at the next room refurbishment for old-fashioned door locks with real keys,” he said. “Just like 111 years ago at the time of our great-grandfathers.”

As per the recent research survey of nearly 1,000 enterprise IT buyers, half believe that the security is crucial.  Still many are moving towards IOT. Around 90 percent of enterprises plan to increase IoT spending. The research showed that the IoT-related spending will increase by 33 percent.

Other finding include:

Fifty four percent said a lack of trained IoT staff is not an issue for their organizations.

Forty six percent said they’re having difficulty filling IoT-related positions.

“When it comes to IoT adoption, pragmatism rules,” 451 Research director Laura DiDio said in a statement. “The survey data indicates enterprises currently use IoT for practical technology purposes that have an immediate and tangible impact on daily operational business efficiencies, economies of scale and increasing the revenue stream.”

___________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Data breach at Delaware

January 21st, 2017

Sixteen self-insured customers and nineteen thousand Highmark members were vulnerable due to a potential attack at Highmark Blue Cross Blue Shield in Delaware.The Delaware Department of Insurance released the information to the public after the incident.

Summit Reinsurance Services, Inc., in Indiana and BCS Financial in Illinois were the two subcontractors involved in the breach. Highmark didn’t specify the explicit nature of the breach. According to the reports, this incident is one of the several data breaches which is related to Summit Reinsurance Services, Inc. in 2016.

Early in November 2016, Summit reported a ransomware attack which impacted thousands of current and former Black Hawk College employees. Affected information contained PHI, including Social Security numbers and health insurance information.

There was also a potential data breach at Louisiana Health Cooperative, Inc. A ransomware compromised sensitive patient information including Social Security numbers.

Trinidad Navarro, the Delaware Insurance Commissioner mentioned that they are looking into the breach.

“I would like to ensure Delaware consumers that the Department of Insurance takes this matter seriously and is currently investigating how this occurred,” Navarro said. “I have directed my staff to closely monitor the situation as it develops. Many Delawareans have received mailed correspondence from Summit Reinsurance explaining the breach. Unfortunately, we fear that many may have misinterpreted or inadvertently discarded the latter as some form of sales ad.”

The Delaware Department of Insurance is helping affected patients by providing resources to answer any questions.

“The Commissioner has ordered an investigation into the reported breach. Highmark Blue Cross Blue Shield of Delaware is cooperating with the Delaware Department of Insurance to resolve the matter.”

“If consumers have received a letter from SummitRe regarding this situation and have questions, they may contact the Delaware Department of Insurance.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ransomware attacks

January 13th, 2017

The Susan M. Hughes Center recently announced a data breach due to ransomware attack on its computer system. The incident has potentially affected patients. Facility has immediately launched an investigation. Also, they have reset all passwords and removed the infected server from the system.

A Forensic firm is employed for investigation. It determined that an unknown person accessed server files. The affected information included patient names, telephone numbers, dates of service, types of service or treatment, and amounts paid.

Facility mentioned that there is no evidence of misuse of patient information. Also, sensitive PHI including Social Security numbers or account numbers have not been accessed.

The Hughes Center has started mailing advisory letters to potentially impacted patients. Also, the facility established a call center to answer queries.

“We regret any inconvenience or concern this may have caused our patients. To help prevent something like this from happening in the future we are working with a security firm to enhance the security of our systems.”

Another ransomeware attack involves Summit Reinsurance Services, Inc. who alerted Alliant Health Plans, Inc. of a ransomware attack on its servers.  The affected server contained patient data of more than 1,000 Alliant members.  Facility mentioned that the investigation didn’t provided any evidence of data misuse. Also, Alliant mentioned that its members are at very low risk of data breach consequences.

Affected information included Social Security numbers, health insurance information, and claim-focused medical records.

Summit is updating its policies, procedures and protections for member information to minimise the damage.It also working on other precautionary measures to prevent further incident. Alliant will be continuing encryption to prevent foreign access of sensitive information.

Summit is notifying the affected individuals and also offering one year of identity theft protection to potentially impacted Alliant members.

“As always, Alliant and Summit recommend taking steps to prevent identity theft by monitoring your credit reports for any unusual activity.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware leads to data breach

January 7th, 2017

Arizona-based Desert Care Family & Sports Medicine recently announced data breach due to ransomware attack. The incident has affected up to 500 patient records. Desert Care has notified local police and the FBI. It has also taken its server to IT specialists so that ransomware encryption can be broken to retrieve affected patient data. But they are not able to access the encrypted data. All hacked patient records remain unavailable.

Desert Care in the statement mentioned that “We understand that this may pose an inconvenience to you. We sincerely apologize and regret that this situation has occurred. Desert Care is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy.”

Facility mentioned that it does not know whether the information has been exposed. It said that by the type of ransomware the intention was to gain access to information. It also mentioned that it doubts any information has been affected or copied onto a different system.

Affected patients are sent notification by the facility. It alerted them about the incident. According to the reports – full name, dates of birth, home addresses, account numbers, and disability codes are potentially exposed. Desert Care started a forensic investigation into the incident. Also, it is updating its technology and policies to prevent future attacks.

“Desert Care is taking steps to mitigate any data disclosure and to prevent any future incidents. The ransomware attack was reported to the authorities and we fully intend to cooperate with any investigations. In addition, we are conducting our own forensic investigation into the attack. We are also updating our technology and policies to prevent future incidents. “

Facility has advised the patients to make effort for protection which includes-

Consumers should register a fraud alert with one of three credit bureaus

Monitor all account statements, and contact the Consumer Protection Division of the Arizona Attorney’s General Office or the Federal Trade Commission’s Fraud Victim Assistance Department for assistance.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.