Giacomo Lanzi
Critical ransomware: examples of successful attacks
There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals in September. The first took place in Germany, in Düsseldorf, where a woman lost her life following an attack that also blocked the machinery that kept her alive. The second happened in the USA and involved UHS (Universal Health Services). In that case, patient care was kept secure, but the IT applications were out of order.
For the uninitiated, ransomware-type attacks happen this way: attackers take possession of the data on a computer and remove or encrypt it. They ultimately render them unusable and require the victim to pay a ransom to free up the data again.
The costs of an attack
According to the Cost of a Data Breach report, a critical ransomware attack can cost an average of $ 4.44M. It is an impressive figure that should make us reflect on the value of data managed by companies and on their protection.
Let’s see in detail some attacks and what consequences they had.
A fatal ransomware
For the first time, a woman dies after a cyber attack on a hospital. On September 9, 2020, a critical ransomware attack, launched at a hospital in Düsseldorf, caused the vital systems to which the patient was connected to no longer function properly. The victim had to be transferred to another hospital as quickly as possible. For more than 30 kilometers, the paramedics fought for the victim’s life, but ultimately without success. Many questions remain pending regarding this case, first of all why the machines that kept the woman alive were connected to a hackable network. The investigations continue, however, showing how the network must be protected for the physical safety of users, to avoid tragic consequences.
An attack on research
The access of students and teachers was blocked at the University of Tor Vergata with a critical ransomware attack that made documents concerning the research on COVID-19 inaccessible. The attackers managed to break into systems within hours and encrypt files on hard drives. A month later, no ransom had yet been requested.
Such an attack could slow down the search, hampering the process. Even if no ransom was required, the damage would still be tangible.
Attack on UHS
Fortunately, it finished better than the attack in Düsseldorf, another episode hit areas close to health. Facilities using Universal Health Services (UHS) systems have seen access to the system freeze due to an attack. Fortunately, there were no casualties and patient care was guaranteed all the time, as stated by UHS itself.
Other critical ransomware attacks
Critical ransomware attacks happen all the time and can have non-immediate implications. For example, Fragomen, a New York law firm, suffered an attack and a consequent data breach involving the personal data of some Google employees.
Another attack hit Enel, which was asked for a ransom of € 14M in bitcoin. The attack refers to the download of private data, contacts, databases, financial and customer documents for a total of 4.5 TB. Enel did not provide any press release regarding the attack.
Run for cover
Unfortunately, ransomware attacks are among the most subtle and annoying, because they also leverage a psychological factor of the victim who sees a way out (payment) and tries to cover what happened in order not to lose reputation.Unfortunately, following a successful attack, the data is still breached and security has proved ineffective.
So how do you make sure these attacks are neutralized? Adequate security measures must be implemented to prevent attacks as much as possible and provide a quick response in critical situations.
Security services
Services such as those offered in partnership with Acronis and SOD’s SOCaaS are essential tools for defending your data and corporate network. The first proposed service secures data through backups and monitors file changes. As soon as an encryption attempt is detected, the data is locked and secured to avoid the worst. In the unfortunate event that the attack is successful, backups reduce the severity of the consequences and prevent actual data loss.
SOC as a Service is an all-round solution that monitors all the IT infrastructure referred to. The defense is not specific to a type of attack, but instead focuses on detecting anomalies, even in user behavior, which can indicate ongoing attacks of all kinds.
Prevention
Finally, to verify that your system is protected, it is possible to request preventive services such as Vulnerability Assessment and Penetration Test. These test the infrastructures with controlled attacks in order to stimulate the security response and identify the areas that need to be reinforced. We recommend implementing this type of service regularly throughout the year as a preventative measure.
If you have any questions about the services or want to talk to us about your situation to request an intervention, do not hesitate to contact us, we will be happy to answer your questions.
Useful links:
Acronis Disaster Recovery Cloud
The most dangerous Ransomware in 2020
Acronis Active Protection: defense against ransomware
Contact us
Contact us
Share
RSS
More Articles…
- Hadoop Open Data Model: “open” data collection
- Pass the Ticket: how to mitigate it with a SOCaaS
- Use cases of a SOCaaS for companies part 2
- Use cases of a SOCaaS for companies part 1
- NIST Cybersecurity Framework
- “Left of boom” and “right of boom”: having a winning strategy
- Smishing: a fraud similar to phishing
- Network Traffic Analyzer: an extra gear for the Next Gen SIEM
Categories …
- Backup as a Service (2)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (18)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (14)
- Cyber Threat Intelligence (CTI) (3)
- Ethical Phishing (8)
- SOCaaS (24)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
Dark Reading
- What Is the Difference Between Security and Resilience? September 24, 2021Resilience shifts the focus toward eliminating the probable impact of the full attack chain.
- Consumers Share Security Fears as Risky Behaviors Persist September 24, 2021While most US adults know they aren't sufficiently protecting their data online, many find security time-consuming or don't know the steps they should take.
- TangleBot Campaign Underscores SMS Threat September 24, 2021The attack targets Android devices and starts with a malicious SMS message that aims to bring malware onto compromised devices.
- Contrast Application Security Platform Scales to Support OWASP Risks September 24, 2021Contrast's platform detects and prevents against OWASP Top Ten risks from development to production with out-of-the-box policy rules and automated compliance reporting.
- Our Eye Is on the SPARROW September 24, 2021How unauthorized users can exploit wireless infrastructures for covert communication.
- Endpoint Still a Prime Target for Attack September 24, 2021A vast majority of security professionals surveyed think any exploit will start with the endpoint.
- Google Spots New Technique to Sneak Malware Past Detection Tools September 23, 2021The operator behind OpenSUpdater is using a new way to sneak adware and other malware past security tools.
- Primer: Microsoft Active Directory Security for AD Admins September 23, 2021Nearly all AD environments are vulnerable to identity attack paths -- a powerful, widespread, and difficult-to-detect attack technique. But we didn't say impossible. Here's how admins can stop them.
- FamousSparrow APT Group Flocks to Hotels, Governments, Businesses September 23, 2021The cyber espionage group has a custom backdoor and has added the ProxyLogon Microsoft Exchange flaw to its toolkit.
- SAIC Appoints Kevin Brown as Chief Information Security Officer September 23, 2021Industry leader with decades of information security experience manages SAIC’s security strategy and oversees critical cybersecurity operations.
Full Disclosure
- APPLE-SA-2021-09-23-1 iOS 12.5.5 September 24, 2021Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2021-09-23-1 iOS 12.5.5 iOS 12.5.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212824. CoreGraphics Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing a maliciously […]
- APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina September 24, 2021Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina Security Update 2021-006 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212825. XNU Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of […]
- openvpn-monitor Cross-Site Request Forgery (CSRF) September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-011 # CVE ID: CVE-2021-31604 # Subject: Cross-Site Request Forgery (CSRF) # Severity: Medium # Effect: Denial of Service #...
- openvpn-monitor OpenVPN Management Socket Command Injection September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-010 # CVE ID: CVE-2021-31605 # Subject: OpenVPN Management Socket Command Injection # Severity: High # Effect: Denial of...
- openvpn-monitor Authorization Bypass September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-009 # CVE ID: CVE-2021-31606 # Subject: Authorization Bypass # Severity: Medium # Effect: Denial of Service # Author:...
- Backdoor.Win32.Minilash.10.b / Remote Denial of Service (UDP Datagram) September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3c407448a00b2d53b2418f53b66d5b6b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Minilash.10.b Vulnerability: Remote Denial of Service (UDP Datagram) Description: The Minilash malware listens on TCP 6711 and UDP port 60000. Third-party attackers who can reach infected systems can send a specially […]
- Backdoor.Win32.Hupigon.asqx / Unauthenticated Open Proxy September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/a344b767d58b6c83b92bb868727e021c.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.asqx Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP port 8080. Third-party attackers who can connect to the infected system can relay requests from the original connection to the...
- Trojan.Win32.Agent.xaamkd / Insecure Permissions September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/095651e1704b501123b41ea2e9736820.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.xaamkd Vulnerability: Insecure Permissions Description: The malware creates an dir with insecure permissions under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
- APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows September 21, 2021Posted by product-security-noreply--- via Fulldisclosure on Sep 21APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows iTunes 12.12 for Windows addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212817. ImageIO Available for: Windows 10 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with […]
- APPLE-SA-2021-09-20-9 iTunes U 3.8.3 September 21, 2021Posted by product-security-noreply--- via Fulldisclosure on Sep 21APPLE-SA-2021-09-20-9 iTunes U 3.8.3 iTunes U 3.8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212809. iTunes U Available for: iOS 12.4 and later or iPadOS 12.4 and later Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: […]
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Ogni anno cresce costantemente il numero di attacchi che minacciano la sicurezz… https://t.co/e1g9VBSYq9
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Every year the number of attacks that threaten the security of devices, comput… https://t.co/MnoEKRNMwk
-
SecureOnlineDesktop
Estimated reading time: 7 minutes Il vishing è una particolare tipologia di phishing che sfrutta la tecnologia Vo… https://t.co/q9OO03jSHj
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Come abbiamo già affrontato precedentemente negli scorsi articoli, i ransomware… https://t.co/O8xUUJocYc
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il Database Activity Monitoring (DAM) è una tecnologia applicata alla sicurezza… https://t.co/juh8ZBKMqP
Newsletter
Products and Solutions
Partners
Cloud Models
News
- Hadoop Open Data Model: “open” data collection September 8, 2021
- Pass the Ticket: how to mitigate it with a SOCaaS September 6, 2021
- Use cases of a SOCaaS for companies part 2 August 18, 2021
- Use cases of a SOCaaS for companies part 1 August 16, 2021
- NIST Cybersecurity Framework August 2, 2021
Google Reviews
About
Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.
VAT: 07485920966 “Cloud Computing services - Software cloud - Cloud server - VPS” Terms of ServicePrivacy Policy
ISO Certifications