Critical ransomware: examples of successful attacks
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals in September. The first took place in Germany, in Düsseldorf, where a woman lost her life following an attack that also blocked the machinery that kept her alive. The second happened in the USA and involved UHS (Universal Health Services). In that case, patient care was kept secure, but the IT applications were out of order.
For the uninitiated, ransomware-type attacks happen this way: attackers take possession of the data on a computer and remove or encrypt it. They ultimately render them unusable and require the victim to pay a ransom to free up the data again.
The costs of an attack
According to the Cost of a Data Breach report, a critical ransomware attack can cost an average of $ 4.44M. It is an impressive figure that should make us reflect on the value of data managed by companies and on their protection.
Let’s see in detail some attacks and what consequences they had.
A fatal ransomware
For the first time, a woman dies after a cyber attack on a hospital. On September 9, 2020, a critical ransomware attack, launched at a hospital in Düsseldorf, caused the vital systems to which the patient was connected to no longer function properly. The victim had to be transferred to another hospital as quickly as possible. For more than 30 kilometers, the paramedics fought for the victim’s life, but ultimately without success. Many questions remain pending regarding this case, first of all why the machines that kept the woman alive were connected to a hackable network. The investigations continue, however, showing how the network must be protected for the physical safety of users, to avoid tragic consequences.
An attack on research
The access of students and teachers was blocked at the University of Tor Vergata with a critical ransomware attack that made documents concerning the research on COVID-19 inaccessible. The attackers managed to break into systems within hours and encrypt files on hard drives. A month later, no ransom had yet been requested.
Such an attack could slow down the search, hampering the process. Even if no ransom was required, the damage would still be tangible.
Attack on UHS
Fortunately, it finished better than the attack in Düsseldorf, another episode hit areas close to health. Facilities using Universal Health Services (UHS) systems have seen access to the system freeze due to an attack. Fortunately, there were no casualties and patient care was guaranteed all the time, as stated by UHS itself.
Other critical ransomware attacks
Critical ransomware attacks happen all the time and can have non-immediate implications. For example, Fragomen, a New York law firm, suffered an attack and a consequent data breach involving the personal data of some Google employees.
Another attack hit Enel, which was asked for a ransom of € 14M in bitcoin. The attack refers to the download of private data, contacts, databases, financial and customer documents for a total of 4.5 TB. Enel did not provide any press release regarding the attack.
Run for cover
Unfortunately, ransomware attacks are among the most subtle and annoying, because they also leverage a psychological factor of the victim who sees a way out (payment) and tries to cover what happened in order not to lose reputation.Unfortunately, following a successful attack, the data is still breached and security has proved ineffective.
So how do you make sure these attacks are neutralized? Adequate security measures must be implemented to prevent attacks as much as possible and provide a quick response in critical situations.
Services such as those offered in partnership with Acronis and SOD’s SOCaaS are essential tools for defending your data and corporate network. The first proposed service secures data through backups and monitors file changes. As soon as an encryption attempt is detected, the data is locked and secured to avoid the worst. In the unfortunate event that the attack is successful, backups reduce the severity of the consequences and prevent actual data loss.
SOC as a Service is an all-round solution that monitors all the IT infrastructure referred to. The defense is not specific to a type of attack, but instead focuses on detecting anomalies, even in user behavior, which can indicate ongoing attacks of all kinds.
Finally, to verify that your system is protected, it is possible to request preventive services such as Vulnerability Assessment and Penetration Test. These test the infrastructures with controlled attacks in order to stimulate the security response and identify the areas that need to be reinforced. We recommend implementing this type of service regularly throughout the year as a preventative measure.
If you have any questions about the services or want to talk to us about your situation to request an intervention, do not hesitate to contact us, we will be happy to answer your questions.
Acronis Disaster Recovery Cloud
The most dangerous Ransomware in 2020
Acronis Active Protection: defense against ransomware
- The SOAR benefits: simplifying investigation and response
- Security Code Review: How the service works
- Integration of the automated response: the automations in SOCaaS
- Coordination between CTI and SOC: how to further raise the defenses
- New Cloud Server: redundant internet
- Quality certificate for the SOCaaS of SOD
- Managed Detection and Response: a new preventive approach
- CLUSIT: our collaboration for better services
- Backup as a Service (17)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (22)
- Conferenza Cloud (4)
- ICT Monitoring (5)
- Log Management (2)
- News (21)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (170)
- Cyber Threat Intelligence (CTI) (6)
- Ethical Phishing (8)
- Penetration Test (5)
- SOCaaS (55)
- Vulnerabilities (84)
- Web Hosting (15)
- Twitter's Source Code Leak on GitHub a Potential Cyber Nightmare March 27, 2023Indicators point to Twitter's source code being publicly available for around 3 months, offering a developer security object lesson for businesses.
- 7 Women Leading the Charge in Cybersecurity Research & Analysis March 27, 2023From rising stars to veterans heading up research teams, check out our profiles of women making a big impact in cyber defense as the threat landscape expands.
- Drive to Pervasive Encryption Boosts Key Management March 27, 2023Key vaults, aka key-management-as-a-service (KMaaS), promise to allow companies to encrypt sensitive data across cloud and third parties with granular control.
- Cybersecurity vs. Everyone: From Conflict to Collaboration March 27, 2023Don't assume stakeholders outside security understand your goals and priorities, but consider how you'll communicate with them to gain their support.
- CyberSecure Announces Strategic Alliance March 24, 2023The joint partnership represents expanded market opportunities.
- Tesla Model 3 Hacked in Less Than 2 Minutes at Pwn2Own Contest March 24, 2023In two days, ethical researchers from 10 countries have unearthed more than 22 zero-day bugs in a wide range of technologies at the annual hacking contest.
- GitHub's Private RSA SSH Key Mistakenly Exposed in Public Repository March 24, 2023GitHub hastens to replace its RSA SSH host key after an exposure mishap threatens users with man-in-the-middle attacks and organization impersonation.
- Zoom Zoom: 'Dark Power' Ransomware Extorts 10 Targets in Less Than a Month March 24, 2023A new threat actor is racking up victims and showing unusual agility. Part of its success could spring from the use of the Nim programming language.
- Malicious ChatGPT Extensions Add to Google Chrome Woes March 24, 2023The second malicious ChatGPT extension for Chrome has been discovered, giving malicious actors access to users' Facebook accounts through stolen cookies.
- Red Teaming at Scale to Uncover Your Big Unknowns March 24, 2023A contrarian mindset with applied imagination allows security professionals to assess problems in their organizations, prevent failures, and mitigate vulnerabilities.
- Defense in depth -- the Microsoft way (part 84): (no) fun with %COMSPEC% March 24, 2023Posted by Stefan Kanthak on Mar 24Hi @ll, the documentation of the builtin START command of Windows NT's command processor CMD.EXE states: | When you run a command that contains the string "CMD" as the first | token without an extension or path qualifier, "CMD" is replaced | with the value of the COMSPEC variable. […]
- Invitation to the World Cryptologic Competition 2023 March 22, 2023Posted by Competition Administrator on Mar 21The WCC 2023 is a fully-online and open competition using GitHub. The language of the competition is English. The WCC 2023 has a total duration of 295 days, from Sunday January 1st 2023 to Monday October 23rd 2023. Teams and Judges must complete registration before Wednesday June 1st. The […]
- Insecure python cgi documentation and tutorials are vulnerable to XSS. March 22, 2023Posted by Georgi Guninski on Mar 21Is there low hanging fruit for the following observation? The documentation of the python cgi module is vulnerable to XSS (cross site scripting) https://docs.python.org/3/library/cgi.html ``` form = cgi.FieldStorage() print("name:", form["name"].value) print("addr:", form["addr"].value) ``` First result on google for "tutorial python cgi" is...
- Re: Microsoft PlayReady security research March 22, 2023Posted by Adam Gowdiak on Mar 21Hello, I feel obliged to provide additional comments to this paragraph as I start to believe that CANAL+ might not deserve sole blame here... While Microsoft claims there is absolutely no bug at its end, I personally start to perceive the company as the one that should be also […]
- Re: Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) March 22, 2023Posted by Arik Seils on Mar 21Hi there, One can use the Metasploit Framework Module post/windows/local/bypassua _fodhelper to achieve this. Greetings from Germany, A.Seils 17.03.2023 06:26:56 Stefan Kanthak :
- Re: Microsoft PlayReady security research March 21, 2023Posted by Security Explorations on Mar 21Hello, I feel obliged to provide additional comments to this paragraph as I start to believe that CANAL+ might not deserve sole blame here... While Microsoft claims there is absolutely no bug at its end, I personally start to perceive the company as the one that should be also […]
- Defense in depth -- the Microsoft way (part 83): instead to fix even their most stupid mistaskes, they spill barrels of snakeoil to cover them (or just leave them as-is) March 17, 2023Posted by Stefan Kanthak on Mar 16Hi @ll, with Windows 2000, Microsoft virtualised the [HKEY_CLASSES_ROOT] registry branch: what was just an alias for [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] before became the overlay of [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] and [HKEY_CURRENT_USER\Software\Classes] with the latter having precedence: Note: while [HKEY_LOCAL_MACHINE\SOFTWARE\Classes] is writable only by...
- [CFP] Security BSides Ljubljana 0x7E7 | June 16, 2023 March 17, 2023Posted by Andraz Sraka on Mar 16MMMMMMMMMMMMMMMMNmddmNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMN..-..--+MMNy:...-.-/yNMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MMy..ymd-.:Mm::-:osyo-..-mMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM MM:..---.:dM/..+NNyyMN/..:MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM Mm../dds.-oy.-.dMh--mMds++MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM My:::::/ydMmo..-hMMMmo//omMs/+Mm+++++shNMN+//+//+oMNy+///ohM MMMs//yMNo+hMh---m:-:hy+sMN..+Mo..os+.-:Ny--ossssdN-.:yyo+mM...
- Full Disclosure - Fastly March 12, 2023Posted by Andrey Stoykov on Mar 11Correspondence from Fastly declined to comment regarding new discovered vulnerabilities within their website. Poor practices regarding password changes. 1. Reset user password 2. Access link sent 3. Temporary password sent plaintext // HTTP POST request POST /user/mwebsec%40gmail.com/password/request_reset HTTP/2 Host: api.fastly.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:108.0) Gecko/20100101 […]
- Full Disclosure - Shopify Application March 12, 2023Posted by Andrey Stoykov on Mar 11Correspondence from Shopify declined to comment regarding new discovered vulnerabilities within their website. Although 'frontend' vulnerabilities are considered out of scope, person/tester foundhimself a beefy bugbounty from the same page that has been listed below, including similar functionality that has not been tested yet. Two emails and several reports, […]
Estimated reading time: 6 minutes L'impatto crescente delle minacce informatiche, su sistemi operativi privati op… https://t.co/FimxTS4o9G
Estimated reading time: 6 minutes The growing impact of cyber threats, on private or corporate operating systems… https://t.co/y6G6RYA9n1
Tempo di lettura stimato: 6 minuti Today we are talking about the CTI update of our services. Data security is… https://t.co/YAZkn7iFqa
Estimated reading time: 6 minutes Il tema della sicurezza delle informazioni è di grande attualità in questo peri… https://t.co/tfve5Kzr09
Estimated reading time: 6 minutes The issue of information security is very topical in this historical period ch… https://t.co/TP8gvdRcrF
Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.