Responding to a cyber incident – a guide for CEOs – National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs National Cyber Security Centre
Tag Archive for: Incident
Ransomware payment debate resurfaces amid Change Healthcare incident
A hotly debated flashpoint in the cybersecurity community is getting renewed attention as healthcare stakeholders work to rebound from a major ransomware attack that’s roiled the U.S. health insurance market over the past month.
The Feb. 21 Change Healthcare ransomware attack carried out by the ALPHV/Blackcat hacking gang has delayed prescription fillings and led to cash crunches at clinics and other facilities. The American Healthcare Association said that 94% of hospitals are signaling financial impact due to the incident, with some providers losing upwards of $1 billion per day in revenues.
Change Healthcare reportedly made a $22 million ransom payment to the hackers. Soon after, the cybercrime collective appeared to stage a fake takedown of their own site. But analysts expect the group to reemerge under a new name.
The U.S. over the past year has been working with international partners to take a firm stance against ransom payments, though surveyed experts have not agreed on a single policy.
Some cyber industry leaders say that paying ransoms should be banned because it emboldens cybercriminals and helps fund more illicit activities, and that, in some cases, paying a ransom does not necessarily guarantee that compromised data will be returned.
Others argue that total bans put too much pressure on victims, and that sometimes payments need to be made in order to recover vital systems, like those seen in hospitals and critical infrastructure.
In a briefing with reporters Monday, the Department of Health and Human Services said it has not yet taken an official position on whether ransom payments should be banned, and later told Nextgov/FCW it would defer to the National Security Council and FBI on the matter.
The White House is maintaining its previously established position that ransoms should not be paid because payment incentivizes cybercriminals to conduct more ransomware attacks.
The Biden administration “strongly discourages paying of ransoms, to stop the flow of funds to these criminals and disincentivize their attacks,” Anne Neuberger, deputy national security advisor for cyber and emerging technology at NSC said in a statement to Nextgov/FCW.
The FBI declined to…
Ransomware attack leads to cyber incident in Clay County
(Moorhead, Minn.) — Clay County officials say they discovered a cyber incident involving personal information relating to individuals the county serves.
According to a letter sent to Clay County residents, the county says they “are not aware of any misuse of any information involved in this incident.” Beginning on December 22, 2023, Clay County mailed notifications to individuals whose protected health information and/or personal information was impacted by this incident.
On October 27, 2023, Clay County determined that its network had been impacted by a ransomware attack that affected the electronic document management system (“CaseWorks”), which is hosted by Clay County and used by other Minnesota County social services entities. Clay County immediately initiated its incident response process and began working with its local information technology partner to investigate, to securely restore operations, and determine the effects of the incident. Clay County also worked with a nationally recognized digital forensics firm to assist with the investigation and notified federal law enforcement and the Minnesota Department of Human Services.
Through the investigation, Clay County determined that there was unauthorized access to its network between October 23, 2023 and October 26, 2023, and that the cyber criminals responsible for this attack took some data from Clay County’s network. As soon as Clay County learned this, it started notifying the other impacted counties and began an extensive review to determine what information may have been involved and who may have been affected, so that we could provide notice.
Ubisoft reportedly shutdown a “data security incident” earlier this week
Ubisoft is reportedly investigating an “unknown threat actor” who allegedly gained access to the company’s Microsoft Teams, Confluence, Atlas, and SharePoint channels for 48 hours before access was revoked.
According to the Gaming Leaks and Rumours subreddit and as reported by Bleeping Computer, screenshots allegedly taken during the 20th December hack have since been leaked online. Ubisoft has reportedly confirmed it is investigating an “alleged data security incident”.
“December 20th, an unknown Threat Actor compromised Ubisoft,” tweeted vx-underground. “The individual had access for roughly 48 hours until administration realised something was off, and access was revoked.
“They aimed to exfiltrate roughly 900GB of data but lost access,” vx-underground adds. It’s not clear what, if any, data the hacker obtained before they were kicked from the system.
December 20th an unknown Threat Actor compromised Ubisoft. The individual had access for roughly 48 hours until administration realized something was off and access was revoked.
They aimed to exfiltrate roughly 900gb of data but lost access.
— vx-underground (@vxunderground) December 22, 2023
Apparently, the “threat actor” would not share how they got initial access, but upon entry into Ubisoft’s internal systems, the hacker “audited users access rights and spent time thoroughly reviewing Microsoft Teams, Confluence, and SharePoint”.
Access was revoked before the threat actor successfully exfiltrated Rainbow Six Siege user data.
“We are aware of an alleged data security incident and are currently investigating. We don’t have more to share at this time,” Ubisoft said in a statement to BleepingComputer.
Marvel’s Spider-Man developer Insomniac Games has now released a statement addressing the ransomware attack on its studio earlier this month, the release of stolen data this week, and the spread of information on upcoming projects now circulating the internet.
The PlayStation studio had stayed silent until now, something it said was a result of it being “focused inward” to support team members. Personal data was included in…