Ransomware Critici Cover Giacomo Lanzi

Critical ransomware: examples of successful attacks

There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals in September. The first took place in Germany, in Düsseldorf, where a woman lost her life following an attack that also blocked the machinery that kept her alive. The second happened in the USA and involved UHS (Universal Health Services). In that case, patient care was kept secure, but the IT applications were out of order.

For the uninitiated, ransomware-type attacks happen this way: attackers take possession of the data on a computer and remove or encrypt it. They ultimately render them unusable and require the victim to pay a ransom to free up the data again.

The costs of an attack

According to the Cost of a Data Breach report, a critical ransomware attack can cost an average of $ 4.44M. It is an impressive figure that should make us reflect on the value of data managed by companies and on their protection.

Let’s see in detail some attacks and what consequences they had.

A fatal ransomware

ambulance critical ransomware

For the first time, a woman dies after a cyber attack on a hospital. On September 9, 2020, a critical ransomware attack, launched at a hospital in Düsseldorf, caused the vital systems to which the patient was connected to no longer function properly. The victim had to be transferred to another hospital as quickly as possible. For more than 30 kilometers, the paramedics fought for the victim’s life, but ultimately without success. Many questions remain pending regarding this case, first of all why the machines that kept the woman alive were connected to a hackable network. The investigations continue, however, showing how the network must be protected for the physical safety of users, to avoid tragic consequences.

An attack on research

critical ransomware tor vergata

The access of students and teachers was blocked at the University of Tor Vergata with a critical ransomware attack that made documents concerning the research on COVID-19 inaccessible. The attackers managed to break into systems within hours and encrypt files on hard drives. A month later, no ransom had yet been requested.

Such an attack could slow down the search, hampering the process. Even if no ransom was required, the damage would still be tangible.

Attack on UHS

Fortunately, it finished better than the attack in Düsseldorf, another episode hit areas close to health. Facilities using Universal Health Services (UHS) systems have seen access to the system freeze due to an attack. Fortunately, there were no casualties and patient care was guaranteed all the time, as stated by UHS itself.

Other critical ransomware attacks

Critical ransomware attacks happen all the time and can have non-immediate implications. For example, Fragomen, a New York law firm, suffered an attack and a consequent data breach involving the personal data of some Google employees.

Another attack hit Enel, which was asked for a ransom of € 14M in bitcoin. The attack refers to the download of private data, contacts, databases, financial and customer documents for a total of 4.5 TB. Enel did not provide any press release regarding the attack.

Run for cover

Unfortunately, ransomware attacks are among the most subtle and annoying, because they also leverage a psychological factor of the victim who sees a way out (payment) and tries to cover what happened in order not to lose reputation.Unfortunately, following a successful attack, the data is still breached and security has proved ineffective.

So how do you make sure these attacks are neutralized? Adequate security measures must be implemented to prevent attacks as much as possible and provide a quick response in critical situations.

Security services

Services such as those offered in partnership with Acronis and SOD’s SOCaaS are essential tools for defending your data and corporate network. The first proposed service secures data through backups and monitors file changes. As soon as an encryption attempt is detected, the data is locked and secured to avoid the worst. In the unfortunate event that the attack is successful, backups reduce the severity of the consequences and prevent actual data loss.

SOC as a Service is an all-round solution that monitors all the IT infrastructure referred to. The defense is not specific to a type of attack, but instead focuses on detecting anomalies, even in user behavior, which can indicate ongoing attacks of all kinds.

Prevention

Finally, to verify that your system is protected, it is possible to request preventive services such as Vulnerability Assessment and Penetration Test. These test the infrastructures with controlled attacks in order to stimulate the security response and identify the areas that need to be reinforced. We recommend implementing this type of service regularly throughout the year as a preventative measure.

If you have any questions about the services or want to talk to us about your situation to request an intervention, do not hesitate to contact us, we will be happy to answer your questions.

Useful links:

 

Acronis Disaster Recovery Cloud

The most dangerous Ransomware in 2020

Acronis Active Protection: defense against ransomware 

Contact us


Contact us

Share


RSS

More Articles…

Categories …

Tags

RSS Dark Reading

RSS Full Disclosure

  • Defense in depth -- the Microsoft way (part 84): (no) fun with %COMSPEC% March 24, 2023
    Posted by Stefan Kanthak on Mar 24Hi @ll, the documentation of the builtin START command of Windows NT's command processor CMD.EXE states: | When you run a command that contains the string "CMD" as the first | token without an extension or path qualifier, "CMD" is replaced | with the value of the COMSPEC variable. […]
  • Invitation to the World Cryptologic Competition 2023 March 22, 2023
    Posted by Competition Administrator on Mar 21The WCC 2023 is a fully-online and open competition using GitHub. The language of the competition is English. The WCC 2023 has a total duration of 295 days, from Sunday January 1st 2023 to Monday October 23rd 2023. Teams and Judges must complete registration before Wednesday June 1st. The […]
  • Insecure python cgi documentation and tutorials are vulnerable to XSS. March 22, 2023
    Posted by Georgi Guninski on Mar 21Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS (cross site scripting) https://docs.python.org/3/library/cgi.html ``` form = cgi.FieldStorage() print("name:", form["name"].value) print("addr:", form["addr"].value) ``` First result on google for "tutorial python cgi" is...
  • Re: Microsoft PlayReady security research March 22, 2023
    Posted by Adam Gowdiak on Mar 21Hello, I feel obliged to provide additional comments to this paragraph as I start to believe that CANAL+ might not deserve sole blame here... While Microsoft claims there is absolutely no bug at its end, I personally start to perceive the company as the one that should be also […]
  • Re: Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) March 22, 2023
    Posted by Arik Seils on Mar 21Hi there, One can use the Metasploit Framework Module post/windows/local/bypassua _fodhelper to achieve this. Greetings from Germany, A.Seils 17.03.2023 06:26:56 Stefan Kanthak :
  • Re: Microsoft PlayReady security research March 21, 2023
    Posted by Security Explorations on Mar 21Hello, I feel obliged to provide additional comments to this paragraph as I start to believe that CANAL+ might not deserve sole blame here... While Microsoft claims there is absolutely no bug at its end, I personally start to perceive the company as the one that should be also […]
  • Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) March 17, 2023
    Posted by Stefan Kanthak on Mar 16Hi @ll, with Windows 2000, Microsoft virtualised the [HKEY_CLASSES_ROOT] registry branch: what was just an alias for [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] before became the overlay of [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] and [HKEY_CURRENT_USER\Software\Classes] with the latter having precedence: Note: while [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] is writable only by...
  • [CFP] Security BSides Ljubljana 0x7E7 | June 16, 2023 March 17, 2023
    Posted by Andraz Sraka on Mar 16MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...
  • Full Disclosure - Fastly March 12, 2023
    Posted by Andrey Stoykov on Mar 11Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST /user/mwebsec%40gmail.com/password/request_reset HTTP/2 Host: api.fastly.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 […]
  • Full Disclosure - Shopify Application March 12, 2023
    Posted by Andrey Stoykov on Mar 11Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionality that has not been tested yet. Two emails and several reports, […]

Customers

Newsletter