Critical ransomware: examples of successful attacks
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals in September. The first took place in Germany, in Düsseldorf, where a woman lost her life following an attack that also blocked the machinery that kept her alive. The second happened in the USA and involved UHS (Universal Health Services). In that case, patient care was kept secure, but the IT applications were out of order.
For the uninitiated, ransomware-type attacks happen this way: attackers take possession of the data on a computer and remove or encrypt it. They ultimately render them unusable and require the victim to pay a ransom to free up the data again.
The costs of an attack
According to the Cost of a Data Breach report, a critical ransomware attack can cost an average of $ 4.44M. It is an impressive figure that should make us reflect on the value of data managed by companies and on their protection.
Let’s see in detail some attacks and what consequences they had.
A fatal ransomware
For the first time, a woman dies after a cyber attack on a hospital. On September 9, 2020, a critical ransomware attack, launched at a hospital in Düsseldorf, caused the vital systems to which the patient was connected to no longer function properly. The victim had to be transferred to another hospital as quickly as possible. For more than 30 kilometers, the paramedics fought for the victim’s life, but ultimately without success. Many questions remain pending regarding this case, first of all why the machines that kept the woman alive were connected to a hackable network. The investigations continue, however, showing how the network must be protected for the physical safety of users, to avoid tragic consequences.
An attack on research
The access of students and teachers was blocked at the University of Tor Vergata with a critical ransomware attack that made documents concerning the research on COVID-19 inaccessible. The attackers managed to break into systems within hours and encrypt files on hard drives. A month later, no ransom had yet been requested.
Such an attack could slow down the search, hampering the process. Even if no ransom was required, the damage would still be tangible.
Attack on UHS
Fortunately, it finished better than the attack in Düsseldorf, another episode hit areas close to health. Facilities using Universal Health Services (UHS) systems have seen access to the system freeze due to an attack. Fortunately, there were no casualties and patient care was guaranteed all the time, as stated by UHS itself.
Other critical ransomware attacks
Critical ransomware attacks happen all the time and can have non-immediate implications. For example, Fragomen, a New York law firm, suffered an attack and a consequent data breach involving the personal data of some Google employees.
Another attack hit Enel, which was asked for a ransom of € 14M in bitcoin. The attack refers to the download of private data, contacts, databases, financial and customer documents for a total of 4.5 TB. Enel did not provide any press release regarding the attack.
Run for cover
Unfortunately, ransomware attacks are among the most subtle and annoying, because they also leverage a psychological factor of the victim who sees a way out (payment) and tries to cover what happened in order not to lose reputation.Unfortunately, following a successful attack, the data is still breached and security has proved ineffective.
So how do you make sure these attacks are neutralized? Adequate security measures must be implemented to prevent attacks as much as possible and provide a quick response in critical situations.
Services such as those offered in partnership with Acronis and SOD’s SOCaaS are essential tools for defending your data and corporate network. The first proposed service secures data through backups and monitors file changes. As soon as an encryption attempt is detected, the data is locked and secured to avoid the worst. In the unfortunate event that the attack is successful, backups reduce the severity of the consequences and prevent actual data loss.
SOC as a Service is an all-round solution that monitors all the IT infrastructure referred to. The defense is not specific to a type of attack, but instead focuses on detecting anomalies, even in user behavior, which can indicate ongoing attacks of all kinds.
Finally, to verify that your system is protected, it is possible to request preventive services such as Vulnerability Assessment and Penetration Test. These test the infrastructures with controlled attacks in order to stimulate the security response and identify the areas that need to be reinforced. We recommend implementing this type of service regularly throughout the year as a preventative measure.
If you have any questions about the services or want to talk to us about your situation to request an intervention, do not hesitate to contact us, we will be happy to answer your questions.
- HTTP / 3, everything you need to know about the latest version protocol
- Machine learning and cybersecurity: UEBA applications and security
- Logic Bomb: what they are and how to prevent them
- Pass the hash: how to gain access without password
- Ransomware and NAS: a risk that is not considered
- SIEM monitoring: best practices
- Cyber Threat Hunting: on the hunt for security threats
- Ethical hacking: defending knowing how to attack
- Backup as a Service (2)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (17)
- ownCloud (4)
- Privacy (6)
- Secure Online Desktop (14)
- Security (9)
- Web Hosting (15)
- Battle for the Endpoint April 9, 2021How to build a new cyber strategy for 2021 and beyond.
- CISA Launches New Threat Detection Dashboard April 9, 2021Aviary is a new dashboard that works with CISA's Sparrow threat detection tool.
- Unofficial Android App Store APKPure Infected With Malware April 9, 2021The APKPure app store was infected with malware that can download Trojans to other Android devices, researchers report.
- 8 Security & Privacy Apps to Share With Family and Friends April 9, 2021Mobile apps to recommend to the people in your life who want to improve their online security and privacy.
- Women Are Facing an Economic Crisis & the Cybersecurity Industry Can Help April 9, 2021Investing in women's cybersecurity careers can bring enormous benefits and help undo some of the significant economic damage wrought by the pandemic.
- Zoom Joins Microsoft Teams on List of Enterprise Tools Hacked at Pwn2Own April 8, 2021White-hat hacking event shows yet again why there's no such thing as foolproof security against modern attacks.
- 600K Payment Card Records Leaked After Swarmshop Breach April 8, 2021A leaked database also contains the nicknames, hashed passwords, contact details, and activity history of Swarmshop admins, sellers, and buyers.
- Handcuffs Over AI: Solving Security Challenges With Law Enforcement April 8, 2021We've tried everything else ... now it's time to make the prospect of getting caught -- and punished -- a real deterrent to cybercrime.
- SecOps and DevOps: From Cooperation to Automation April 7, 2021Omdia Principal Analyst Eric Parizo discusses the major obstacles SecOps organizations face as they seek to build ties with DevOps teams, and offers a programmatic approach to help create a path toward DevSecOps.
- CFP ZeroNights 2021 April 10, 2021Posted by CFP ZeroNights on Apr 09ZeroNights 2021 CFP is OPEN: Offensive and defensive research (15/30/45min). Submit your talk! # About conference Place: Saint-Petersburg, Russia Date: 30 June Timeslots: 15/30/45 min Site: https://zeronights.org # CFP Timeline CFP start: 1 March CFP end: 15 May CFP page: https://01x.cfp.zeronights.ru/zn2021/ # Conditions: A speaker may deliver either a […]
- Backdoor.Win32.Small.n / Unauthenticated Remote Command Execution (SYSTEM) April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/fb24c3509180f463c9deaf2ee6705062.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Small.n Vulnerability: Unauthenticated Remote Command Execution (SYSTEM) Description: The backdoor malware listens on TCP Port 1337, upon successful connection we get handed a remote shell from the infected host with SYSTEM...
- [SYSS-2020-032] Open Redirect in Tableau Server (CVE-2021-1629) April 8, 2021Posted by Vladimir Bostanov on Apr 08Advisory ID: SYSS-2020-032 Product: Tableau Server Manufacturer: Tableau Software, LLC, a Salesforce Company Affected Version(s): 2019.4-2019.4.17, 2020.1-2020.1.13, 2020.2-2020.2.10, 2020.3-2020.3.6, 2020.4-2020.4.2 Tested Version(s): 2020.2.1 (20202.20.0525.1210) 64-bit Windows Vulnerability Type: URL Redirection to Untrusted Site (CWE-601) Risk Level: Medium Solution Status: Fixed Manufacturer Notification: 2020-07-29 Solution Date:...
- Backdoor.Win32.Hupigon.das / Unauthenticated Open Proxy April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/7afe56286039faf56d4184c476683340.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.das Vulnerability: Unauthenticated Open Proxy Description: The malware drops an hidden executable named "winserv.com" under Windows dir, which accepts TCP connections on port 8080. Afterwards, it connects to a...
- Trojan.Win32.Hotkeychick.d / Insecure Permissions April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/aff493ed1f98ed05c360b462192d2853.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Hotkeychick.d Vulnerability: Insecure Permissions Description: creates an insecure dir named "Sniperscan" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
- Trojan-Downloader.Win32.Genome.qiw / Insecure Permissions April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/5cddc4647fb1c59f5dc7f414ada7fad4.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Genome.qiw Vulnerability: Insecure Permissions Description: Genome.qiw creates an insecure dir named "tmp" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can...
- Trojan-Downloader.Win32.Genome.omht / Insecure Permissions April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/01055838361f534ab596b56a19c70fef.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan-Downloader.Win32.Genome.omht Vulnerability: Insecure Permissions Description: Genome.omht creates an insecure dir named "wjmd97" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can...
- Trojan.Win32.Hosts2.yqf / Insecure Permissions April 8, 2021Posted by malvuln on Apr 08Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/274a6e846c5a4a2b3281198556e5568b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Hosts2.yqf Vulnerability: Insecure Permissions Description: Hosts2.yqf creates an insecure dir named "mlekaocYUmaae" under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can...
- usd20210005: Privileged File Write in Check Point Identity Agent < R81.018.0000 April 8, 2021Posted by Responsible Disclosure via Fulldisclosure on Apr 08### Advisory: Privileged File Write Description =========== The Check Point Identity Agent allows low privileged users to write files to protected locations of the file system. Details ======= Advisory ID: usd-2021-0005 Product: Check Point Identity Agent Affected Version: < R81.018.0000 Vulnerability Type: Symlink Vulnerability Security Risk: High […]
- CVE-2021-26709 - Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem April 8, 2021Posted by Gabriele Gristina on Apr 08Multiple Pre-Auth Stack Buffer Overflow in D-Link DSL-320B-D1 ADSL Modem ======== < Table of Contents > ========================================= 0. Overview 1. Details 2. Solution 3. Disclosure Timeline 4. Thanks & Acknowledgements 5. References 6. Credits 7. Legal Notices ======== < 0. Overview > =============================================== Release Date: 7 March 2021 Revision: […]
ICON_PLACEHOLDEREstimated reading time: 6 minutes Out of nowhere, someone replies to an email conversation dated… https://t.co/kXIx3FPWfm
L'hacking etico e la salvaguardia del patrimonio aziendale https://t.co/SLncmaZ1ci
ICON_PLACEHOLDERTempo di lettura: 5 minutes Le ransomware gang hanno preso di mira le aziende negli ultimi tempi,… https://t.co/3hF62deo6S
ICON_PLACEHOLDEREstimated reading time: 10 minutes Ingegneria sociale è il termine usato per una vasta gamma di a… https://t.co/gj1hMDdfjn
Enterprise e piccole aziende, l'importanza di un Next Generation SIEM https://t.co/qT4PxR13Li