Tag Archive for: Counting

Johnson Controls Ransomware Cleanup Costs Top $27M & Counting


Johnson Controls International (JCI) spent $27 million remediating a September 2023 ransomware attack on its systems — an attack that government officials warned at the time could threaten physical security.

According to a filing with the US Securities & Exchange Commission (SEC) this week, the building automation, HVAC, and fire protection giant uncovered the attack the weekend of Sept. 23, after receiving reports of system outages. It was a ransomware hit that locked up internal IT infrastructure and allowed assailants to exfiltrate company data.

The filing didn’t mention which gang JCI determined to be behind the cyberattack, but at the time researchers attributed it to Dark Angels using a custom VMware ESXi encryptor.

“The company implemented its incident management and response plan and business continuity plans, including implementing remediation measures to mitigate the impact of the incident and restore affected systems and functions,” JCI noted in the SEC filing, adding that the $27 million price tag for the effort takes into account cyber insurance payouts, and includes the cost of retaining outside cybersecurity specialists.

The filing noted that the investigation and remediation efforts remain ongoing, “including the analysis of data accessed, exfiltrated or otherwise impacted during the cybersecurity incident,” and expects to spend more on the recovery as a result.

Contrary to fears floated by the Department of Homeland Security after the attack, JCI also said that there is “no evidence of any impact to its digital products, services, and solutions including OpenBlue and Metasys,” referring to its smart-building and AI-enabled lines of business, which are often deployed in industrial settings and bring operational technology (OT) together with IT systems.

Source…

Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority • The Register


An organisation whose network was infected by Ryuk ransomware has spent $8.1m over seven months recovering from it – and that’s still not the end of it, according to US news reports.

The sum, spent by Baltimore County Public Schools, will doubtless raise some eyebrows and the public breakdown of the costs will be eye-opening for the infosec industry and potential corporate ransomware victims alike.

A spreadsheet obtained by Fox 45 News Baltimore, a TV station, revealed the $8.1m spending and also broke it down into individual line items.

Of the full sum, $2m alone was spent on “ERP cloud transition and recovery” with provider CGI. A Dell (VMware) Carbon Black cloud-based endpoint security licence for one year of Windows protection came in at $699,298, while $606,648 was spent on device monitoring and tracking.

Just $2m of the $8m spend was covered by insurance, the spreadsheet showed, also noting $11,500 in ransomware negotiation costs. There was no line item explaining whether a ransom was paid or if so, how much it was.

As we reported when it first happened, the BCPS network was infected by Ryuk ransomware in November last year. 115,000 children were unable to access remote classes (being held online due to the pandemic) and were cut off from school for a week while administrators rebuilt critical systems.

The attention of news outlets moved on after a few days (possibly a result of BCPS’ $50,000 spend with FTI Consulting on PR advice), but the enduring tech and financial damage is still being felt months later.

Infosec firm Sophos said in April that the average cost of getting over a ransomware attack is $2m, a sum that “has more than doubled in a year”. Last year French-headquartered IT outsourcer Sopra Steria said a Ryuk attack was set to cost it between 40 and 50 million euros after “a previously…

Source…

Your money or your data! Counting the costs of ransomware


A spike in ransomware attacks on schools should be spurring leaders – and the Department for Education – to pre-emptive action, writes Hayley Dunn

Since February, there has been a disturbing rise in ransomware attacks on schools, prompting the National Cyber Security Centre to issue an alert to the sector in March. So while we welcome the government’s announcement that it is responding with training and guidance, we are concerned that they are simply not doing enough relative to the size of the risk.

A faceless crime, ransomware is a type of cyber attack that prevents users from accessing their IT system and/or the data it holds. Usually, large amounts of data are encrypted, but fraudsters may also steal or delete it. An initial attack will be promptly followed by a threatening demand for funds in the form of cryptocurrency to release or restore the compromised files.

As those who have been attacked will attest, ransomware has a devastating impact. Restoring services to their usual capacity and functionality can take weeks, if not months, of work. And imagine the burden of responsibility on the individual – staff or student – who unwittingly clicked the link that triggered the attack.

Cybercrime is nothing new to the sector, but attackers have become more devious. Their previous modus operandi of blocking access and locking users out of their data was largely thwarted by the move to offsite backups and cloud-based technologies, which protect information and reduce the impact of disabling hardware.

Now, they have moved to focus on confidential and sensitive information. They target networks using remote access systems and virtual private networks, often using convincing phishing emails designed to catch out unwary employees to deploy their ransomware. These are aimed at exploiting unpatched software vulnerabilities, weak passwords and lack of multi-factor authentication processes. Most mobile phones, for example, have only one-step authentication via a passcode.

Cybercrime is not new but attackers have become more devious

The NCSC reports the new trend is to threaten to publish stolen sensitive information. Given the volume of highly sensitive pupil and…

Source…

SamSam ransomware hackers bank $6 million and counting from victims

  1. SamSam ransomware hackers bank $ 6 million and counting from victims  Healthcare IT News
  2. SamSam ransomware can shut your city down | Avast  Security Boulevard
  3. Security Roundup: Sophos On SamSam, FireEye, Cofense, Pulse Secure  Channel Partners
  4. Full coverage

Ransomware – read more