Tag Archive for: Disrupted

The Year Ransomware Disrupted Infrastructure

/in


What was the top cyber story in 2021? How will the cyber industry remember this year?

The headline answer clearly includes disruptive ransomware that, perhaps for the first time ever, seized global attention by crippling critical infrastructure — in the form of the Colonial Pipeline incident in the southeastern U.S.

And while the Colonial Pipeline leads the list of top cyber stories, there are many other critical infrastructures that were disabled by ransomware. Here is an excerpt on this topic from a “Lohrmann on Infrastructure” July blog:


“Back in April of this year, a BBC News headline read, ‘The ransomware surge ruining lives.’ And that was before the cyberattacks on critical infrastructure sectors like Colonial Pipeline, meat-processing giant JBS, the Irish Health Service and so many others.”

As the year progressed, President Biden warned Russian President Putin against cyber attacks on U.S. critical infrastructure:

And ransomware continues to headline across the Internet.

c|net — Hacks, ransomware and data privacy dominated cybersecurity in 2021: “The year started off on a sour security note. In January, the FBI, the National Security Agency and the Cybersecurity and Infrastructure Security Agency jointly suggested that Russia was responsible for an attack against SolarWinds, a Texas-based company whose software was used by everyone from the federal government to railroads, hospitals and major tech companies.”

HelpNet Security — Alarming rise in cyberattacks against healthcare facilities, 68 attacks in Q3 2021 only: “Hackers sponsored by the Iranian government were inside the networks of a U.S. children’s hospital earlier this year, poised to launch a ransomware attack at any moment. And that’s just the tip of the iceberg. On Nov. 17, the United States, Britain, and Australia issued a joint warning that Iranian actors have conducted ransomware attacks against U.S. targets and gained…

Source…

Google disrupted the Glupteba botnet used to steal personal information and mine cryptocurrency

/in


Google found that Glupteba has infected about a million Microsoft Windows devices worldwide, which would put it among the largest botnets analyzed by security experts. In a complaint filed in federal court in New York on Tuesday, Google detailed several different crimes it alleges hackers use the botnet to perpetuate, including stealing and selling log-in information for Google accounts, and selling access to captured devices to other criminals who want to hide their Internet activity.

Source…

Sinclair hit by ransomware attack, TV stations disrupted |

/in


Sinclair Broadcast Group, which operates dozens of TV stations across the U.S. including WPBN and WTOM in northern Michigan, said some of its servers and work stations were encrypted with ransomware and that data was stolen from its network.

The company said it started investigating Saturday and on Sunday it found that some of its office and operational networks were disrupted. The broadcast group did not immediately say how many TV stations were directly affected.

The Hunt Valley, Maryland-based company either owns or operates 21 regional sports networks and owns, operates or provides services to 185 television stations in 86 markets.

In Toledo, Ohio, WNWO appeared to be off the air Monday afternoon. The station posted on Facebook that “our operations are currently limited. We will provide further updates as they become available.”

On WJLA, a Sinclair-owned ABC affiliate in Washington, anchors opened their 4 p.m. newscast by telling viewers the station was under cyberattack and its computers and video servers were down. Nashville, Tennessee’s WZTV put out a notice on its website Monday about “serious technical issues” at the TV station affecting its ability to stream content.

“We are also currently unable to access our email and your phone calls to the station,” it said.

Sinclair said it’s taken measures to contain the breach and that its investigation is ongoing. However, it said that the data breach has caused — and may continue to cause — disruption to parts of its business, including aspects of local advertisements by local broadcast stations. The company said it is working to restore operations.

Sinclair said it can’t determine whether or not the data breach will have a material impact on its business, operations or financial results.

Ransomware attacks, in which cyber criminals encrypt an organization’s data and then demand payment to unscramble it, are a growing scourge in the United States. The Biden administration has pledged to disrupt and prosecute criminal networks like the one that attacked a major U.S. pipeline company in…

Source…

Fresno FOX affiliate among TV stations disrupted by hackers. Here are the attack’s impacts

/in


Oct. 19—Some operations at Fresno’s FOX television affiliate, KMPH Channel 26, and its parent company Sinclair Broadcast Group have been disrupted by a ransomware attack on their computer systems.

Justin Willis, an anchor for the station’s Great Day morning show, took to Facebook on Tuesday to explain that the weekend attack by hackers at the station and at Sinclair “left us unable to log into our systems that allow us to produce our newscasts as we normally would.”

On Facebook and on Twitter, the station acknowledged Monday that systems at Sinclair had been hacked, reporting that “certain servers and workstations in its environment were encrypted with ransomware and that certain office and operational networks were disrupted.”

Also on Monday, in a press release and in a filing with the U.S. Securities and Exchange Commission, Sinclair reported that the hack “has caused — and may continue to cause — disruption to parts of the company’s business,” including service to its advertisers.

The company’s statement added that “data was also taken from the company’s network.”

Telephone calls from The Bee could not be completed to either the KMPH studio in Fresno or to Sinclair’s headquarters in Maryland as the company’s phone systems were down.

The station reported Tuesday that all Sinclair stations were operational, but that “certain features, such as online live streams, have been interrupted.”

Cybersecurity firm Recorded Future, in its online publication The Record, reported Sunday that the attack “took down the Sinclair internal corporate network, email servers, phone services, and the broadcasting systems of local TV stations.”

Citing multiple sources, The Record reported that “as a result of the attack, many channels weren’t able to broadcast morning shows, news segments, and scheduled NFL games, according to a barrage of tweets coming from viewers and the TV channels themselves.”

The Fresno station’s social media posts and the company’s statements came after Sinclair said it had identified “a potential security incident” on Saturday. On Sunday, it determined that some of its systems were affected by ransomware.

In early July, Sinclair alerted its stations of “a serious…

Source…