Tag Archive for: Ransomware

Trustwave report says businesses need to get more proactive about ransomware

/in


Trustwave researchers said ransomware groups will continue to develop and expand if they continue to have success with their attacks. (iStock via Getty Images)

Trustwave released its 2022 ransomware report, pointing out that just as security researchers continue to develop new methodologies and techniques to keep adversarial groups at bay, ransomware groups continue to do the same.

In a Jan. 5 blog post, Trustwave’s SpiderLabs detailed the activities of the leading ransomware threat groups: LockBit 3.0, Black Basta, Hive and BlackCat/ALPHV.

The researchers said these groups will continue to develop and expand if they continue to have success with their attacks — and they have. SpiderLabs said with an average of 1 out of every 40 organizations being hit by ransomware, it’s clear the industry needs proactive identification of potential threats so they can be mitigated properly before costing an organization millions of dollars.

SpiderLabs said early identification of a threat can be the difference between taking a single host offline for a few hours to remediate or taking an average of 22 days of recovery to bounce back after a ransomware attack, potentially from one of the leading ransomware groups.

Ransomware continues to reward its creators financially and they invest some of those rewards back into making the next version more profitable, said Joseph Carson, chief security scientist and Advisory CISO at Delinea. Carson said while some countries continue to provide safe havens for cybercriminal gangs to operate, ransomware will continue to cause havoc for many organizations around the world. 

“Eventually, ransomware will evolve so much it will start to impact the physical world, locking you out of your car, your home and your digital life,” Carson said. “Cybercriminals are also researching ways around the latest security controls and have invested resources and time into social engineering focused on abusing users’ trust and targeting cyber fatigue. It’s critical that IT professionals are current with the ransomware trends and techniques as it will help IT professionals identify the best ways to reduce those risks and enhance the security controls for the business they…

Source…

Hackers Behind Ransomware Attack on Rackspace Accessed Customer Data

/in


The hackers behind the ransomware attack on cloud computing provider Rackspace also accessed the email data of a small subset of customers. 

Attackers had access to the Personal Storage Table for 27 Hosted Exchange customers on Rackspace, the company reported on Thursday. The same storage table contains calendar events, contacts, and email messages, putting affected customers at serious risk of data exposure. 

However, Rackspace added: “There is no evidence that the threat actor actually viewed, obtained, misused, or disseminated emails or data in the PSTs for any of the 27 Hosted Exchange customers in any way,” citing forensic findings from cybersecurity from Crowdstrike. 

Texas-based Rackspace provided the update a month after a ransomware attack disrupted access to its Hosted Exchange business, which offers cloud-based email services to 30,000 clients. Rackspace is now blaming the attack on a relatively new ransomware gang called Play. 

The company’s forensic investigation found that the group used a previously unknown attack method in Microsoft Exchange Server to gain access to Rackspace’s Hosted Exchange systems. The attack method is actually connected to the CVE-2022-41080 vulnerability, which was disclosed in November and can give a hacker elevated privileges once inside an Exchange Server environment. However, Rackspace discovered the hackers also used the flaw to help them execute rogue computer code over the company’s systems.

Crowdstrike spotted the ransomware gang Play exploiting the same attack vector to attack victims. However, it noted that installing a November patch can stop the threat—an indicator that Rackspace was slow to install security updates for its Hosted Exchange systems. 

In responding to the breach, Rackspace says it will abandon its Hosted Exchange email environment. Instead, the company is proceeding with existing plans to migrate customers’ accounts to Microsoft 365. Meanwhile, Rackspace Email will be offered as an alternative to clients, who wish to remain off Microsoft 365.

“While the Hosted Exchange email environment was a small part of our business, it represents thousands of long-time and loyal customers whom we deeply…

Source…

Patient sues CommonSpirit over ransomware attack

/in


A CommonSpirit patient filed a lawsuit against the health system after it suffered a ransomware attack last year that compromised the private health information of more than 623,000 people.

Leeroy Perkins, a Washington state resident, filed suit in federal court in Illinois last week alleging the Chicago-based system failed to implement basic data security measures to protect patient health information.

Perkins’ lawsuit claims he and others are at risk of identity theft and alleges his personal health information is now in the hands of cybercriminals, according to the lawsuit that is seeking class action status. Perkins, who is being represented by the law firm Lynch Carpenter, was a patient at Virginia Mason Franciscan Health, part of CommonSpirit Health.

CommonSpirit is one of the largest hospital operators in the country with more than 142 hospitals and 2,200 care sites across 21 states. The health system declined to comment on the lawsuit. 

CommonSpirit Health hospital locations

 

On Dec. 1, CommonSpirit reported the ransomware attack to regulators after it first announced an “IT security incident” in October.

CommonSpirit later confirmed it was hit by a ransomware attack that interrupted access to electronic health records and delayed patient care in multiple regions.

CommonSpirit said it notified law enforcement of the attack and brought in leading cybersecurity experts to assess the impact.

Source…

Swansea Public Schools issues update regarding ransomware attack, return to school – Fall River Reporter

/in


Superintendent John Robidoux has issued an update regarding a ransomware attack on #Swansea Public Schools’ network.

On Tuesday, January 3rd, Swansea Public Schools’ network experienced a ransomware attack. Within minutes of this attack, Swansea Public Schools’ cybersecurity company, Hub Technology, was able to isolate the attack and shut down the network system.

While the district worked to resolve the attack, all schools were closed on Wednesday, January 4th.

The cybersecurity company, in collaboration with the district’s IT Department, was able to remove any viruses, worms and ransomware on the network and add additional security measures.

Through a preliminary investigation, it was determined that no personal student or staff information was compromised and no cloud-based files or information was affected by the attack.

It is believed that this attack occurred due to an encrypted download that was run by someone within the district, but is not believed to be malicious. Swansea Public Schools will continue to participate in ongoing KnowBe4 training to assist school community members in learning more about security awareness and how to identify phishing attacks.

“I am thankful that our district has security measures attached to our network that prevented a much larger issue from occurring,” Superintendent Robidoux said. “I would like to thank Randi Arruda, Gilly Pereira and Gio Pimental for their hard work in ensuring that we are able to resolve this matter efficiently and proceed with teaching and learning in a safe manner.”

School will resume tomorrow, Thursday, January 5, for all students at their regular times.

Source…