now browsing by tag


New Orleans Mayor: Ransomware Attack Cost City $7 Million

Source: National Cyber Security – Produced By Gregory Evans

The City of New Orleans ransomware attack has caused at least $7 million in financial damage & this figure is expected to grow, Mayor Latoya Cantrell says.

The City of New Orleans ransomware attack has caused at least $7 million in financial damage to date, Mayor Latoya Cantrell told WVUE. In addition, Cantrell said she expects the ransomware attack’s financial impact to continue to grow — despite the fact that the city has recovered $3 million via a cyber insurance policy that was purchased before the incident.

Meanwhile, the City of New Orleans still faces an IT backlog after the ransomware attack, Chief Administrative Officer Gilbert Montano told WVUE. Montano also indicated that it could take several months before the city rebuilds its network.

A Closer Look at the New Orleans Ransomware Attack

The City of New Orleans ransomware attack took place December 13. Cybercriminals shut down City of New Orleans government systems, and more than 4,000 New Orleans government computers were affected by the cyberattack.

New Orleans officials have taken steps to improve the city’s security posture after the ransomware attack. The City of New Orleans plans to increase its cyber insurance coverage to $10 million this year, and a forensic investigation into the ransomware attack is ongoing.

How Can Organizations Address Ransomware Attacks?

Ransomware attacks affect municipalities, schools and businesses of all sizes. However, there are many things that any organization can do to combat ransomware attacks, such as:

  • Perform regular IT security audits and penetration testing.
  • Deploy endpoint protection solutions across IT environments.
  • Develop and implement a cybersecurity training program to teach employees about ransomware and other cyber threats.

MSSP Alert Recommendations

The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.

To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:

  1. Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
  2. Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
  3. Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
  4. Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
  5. Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 in January.)

Return Home


The post New Orleans Mayor: Ransomware Attack Cost City $7 Million appeared first on National Cyber Security.

View full post on National Cyber Security

#infosec | UK Banks Foiled by Travelex Ransomware Attack

Source: National Cyber Security – Produced By Gregory Evans

The New Year’s Eve cyber-attack on currency exchange bureau Travelex is disrupting services for UK bank customers. 

Travelex took all its systems offline as a precautionary measure after being hit by what it initially described as a “software virus” on December 31. On January 7, the company released a statement fingering the culprit as a type of ransomware known as Sodinokibi and also commonly referred to as REvil.

Although the malware has been contained, Travelex has so far been unable to resume normal operations, though the company has said that a number of internal systems are now back up and running normally. 

The ransomware attack is not only causing misery for Travelex and its customers but has also spurned a brouhaha for British banks that rely on the travel money giant. 

RBS, Sainsbury’s Bank, First Direct, Virgin Money, and Barclays are among more than a dozen banks that have said their online foreign currency services are down as a result of the incident. 

Requests for foreign currency are being handled in-branch by many of the banks affected. 

According to the BBC, threat actors behind the ransomware attack are attempting to extort $6m from Travelex by encrypting the company’s data. 

Travelex said on Tuesday that it was not yet clear what data had been affected by the incident. 

“To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated,” Travelex stated on January 7.

Until normal service is resumed, Travelex is doing business the old-fashioned way. The company’s chief executive, Tony D’Souza, said: “Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim.”

With all the hullaballoo it seems that reporting the incident to the authorities may have slipped Travelex’s mind. Organizations are legally obliged to inform the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of a data breach; however, the ICO said on Tuesday that it had not received a data breach report from Travelex.


#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity

Source link

The post #infosec | UK Banks Foiled by Travelex Ransomware Attack appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Michigan District school faces a ransomware attack; hackers demand $10,000 in BTC.

Source: National Cyber Security – Produced By Gregory Evans

According to a local news report, the Richard Community school in Michigan was hacked over the winter holidays, and the hacker encrypted the school’s sever using ransomware attack. The hackers have demanded $10,000 in bitcoin to restore the server. The School’s IT department revealed that the hack had occurred on December 27.


School refuses to pay ransom to hackers.

The Michigan district school’s IT department immediately shut down the server after discovering the hack and made sure the back serves had not been compromised. The school informed the Michigan police and are trying to track down the hacker. The hack had affected the school district’s telephones, copiers, classroom technology, and even the heating system, but no student’s or staff’s personal information was compromised, according to the school. The server is expected to be back up and running before school resumes next week.


Increase in ransomware attacks around the world.

The ransomware attack on the Michigan district school was not an isolated incident. There have been several ransomware attack reports from around the world. The most common targets for these hackers are schools, hospitals, and local businesses. Last year three schools alone in New York faced the similar attacks. In November 2019, the Mexican state-owned petroleum company Pemex also suffered a ransomware attack where hackers had demanded $5 million in BTC to decrypt the server.

Source link

The post #school | #ransomware | Michigan District school faces a ransomware attack; hackers demand $10,000 in BTC. appeared first on National Cyber Security.

View full post on National Cyber Security

#cyberfraud | #cybercriminals | US ally is under ongoing ‘serious cyber attack’ — so severe it may be a ‘targeted attack by a state actor’ – Raw Story

Source: National Cyber Security – Produced By Gregory Evans

Austria’s foreign ministry is facing a “serious cyber attack”, it said late Saturday, warning another country could be responsible.

“Due to the gravity and nature of the attack, it cannot be excluded that it is a targeted attack by a state actor,” it said in a statement with the interior ministry shortly before 11.00 pm (2200 GMT), adding that the attack was ongoing.

“In the past, other European countries have been the target of similar attacks,” it continued.

Immediate measures had been taken and a “coordination committee” set up, it said, without elaborating.

The attack came as Austria’s Greens on Saturday gave the go-ahead to a coalition with the country’s conservatives at a party congress in Salzburg, removing the last obstacle to the unprecedented alliance.

Source link

The post #cyberfraud | #cybercriminals | US ally is under ongoing ‘serious cyber attack’ — so severe it may be a ‘targeted attack by a state actor’ – Raw Story appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Cyber attack shuts down computers at San Antonio mental health provider

Source: National Cyber Security – Produced By Gregory Evans

A cyber attack has shut down the computer network at the Center for Health Care Services, Bexar County’s largest provider of mental health and substance abuse services.

CEO Jelynne LeBlanc Burley confirmed Tuesday that the company’s system was included in a larger-scale cyber attack last week that’s under investigation by federal law enforcement agencies.

It’s unclear how many organizations were hit by the attack or who was behind it.

The city of New Orleans made headlines recently when it suffered a cyber attack on Dec. 13 serious enough for its mayor to declare a state of emergency.

Hospitals, school districts, government agencies and businesses are increasingly falling victim to ransomware, which the Federal Bureau of Investigation describes as an insidious type of malware that encrypts or locks up valuable digital files. The perpetrators demand a ransom to release the files.

Burley said she doesn’t know whether the attacker demanded a ransom from the center. Because it’s part of a larger attack, she added, the FBI and the Secret Service are investigating.

She said federal officials called the center last week about the attack, and that the center’s techs isolated the threat to a single computer server. Burley decided to shut down the center’s entire computer system as a precaution. Administrators expect it will be back up by Thursday.

Texas Inc.: Get the best of business news sent directly to your inbox

“Now we’re in the process of bringing back our system,” she said. “We started at our larger clinics, and we’re bringing it up slowly and carefully to ensure that our security is still intact.”

CHCS operates several locations in San Antonio, including a walk-in mental health clinic and mobile crisis outreach team, substance abuse recovery facilities and programs at the homeless services campus Haven for Hope.

There were several notices posted around the center’s main office at 6800 Park Ten Boulevard warning employees to take laptop computers to the IT department.

Federal law enforcement officials could not be reached Tuesday.

Laura Garcia covers the health care industry in the San Antonio and Bexar County area. Read her stories and more local coverage on our free site,, and on our subscriber site, | | Twitter: @Reporter_Laura

Source link

The post #school | #ransomware | Cyber attack shuts down computers at San Antonio mental health provider appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | #hackerspace | Marketing Agency Temporarily Halts Operations after Ransomware Attack

Source: National Cyber Security – Produced By Gregory Evans A marketing agency announced just days before Christmas that it would be temporarily suspending operations as it works to recover from a ransomware attack. Sandra Franecke, CEO of the Heritage Company, sent a letter to employees that the company would temporarily be suspending its operations. She […] View full post on

December Patch Tuesday blunts WizardOpium attack chain – Naked Security

Source: National Cyber Security – Produced By Gregory Evans December 2019’s Patch Tuesday updates are out, and for the most part, it’s the usual undemanding Christmas load for admins to browse through. All told, there are 36 CVE-level vulnerabilities, seven of which are marked ‘critical’, 27 important, and one each for low and moderate. Predictably, […] View full post on

#cybersecurity | #hackerspace | Pensacola Hit with Ransomware Attack | Avast

Source: National Cyber Security – Produced By Gregory Evans

The city of Pensacola, Fla. is recovering from a ransomware attack by the Maze group, which shut down the city the day after a shooting at its Naval Air Station. Maze, which has launched other recent U.S. ransomware attacks, told Bleeping Computer the attack was not related to the shooting, which is being investigated by the FBI as possible terrorism. “We did not know about this,” Bleeping Computer reportedMaze as saying. “It is just coincidence.”

The Florida panhandle city reported Thursday that it has recovered email and landline phone connections. Emergency services were not affected by the attack, which sought a $1 million ransom, Maze told Bleeping Computer. 

On Monday Maze operators claimed responsibility for an attack against the wire and cable company Southwire, based in Carrollton, Ga., about 300 miles north of Pensacola. Last month Maze hit security staffing firm Allied Universal with another ransomware attack. “There is a wave of ransomware attacks targeting companies and institutions all over the world,” Avast Security Evangelist Luis Corrons said. “These attacks are so disruptive that many victims opt to pay the ransom, making this type of attack really profitable, and therefore the number of victims is growing every day.”

This week’s stat 

Most people say they will get online for work over the holiday break – one-third say they will several times a day. Learn how to stay safe while working remotely. 

Influencer gets 14 years for armed domain robbery scheme

The U.S. Department of Justice issued a press release announcing that Rossi Lorathio Adams II, a 27-year-old social media influencer in Iowa who goes by the online name “Polo,” has been sentenced to 14 years in federal prison for plotting an armed home invasion to coerce the owner of to transfer the domain name. Adams recruited his homeless cousin Sherman Hopkins, Jr. to perpetrate the home invasion. The victim wrestled the gun from Hopkins hands, shot him, and called the police. Hopkins survived the shooting and was sentenced to 20 years in prison.

DoJ arrests 3 for BitClub Ponzi scheme 

The U.S. Department of Justice has arrested three men for allegedly running a cryptocurrency Ponzi scheme that defrauded investors of $722 million. The men ran a company called BitClub Network, a membership-based organization that allowed users to buy shares of various crypto-mining pools. The DoJ says those pools never existed. Emails between the three BitClub owners revealed that they called their clients “idiots” and “sheep.” All three face charges that could result in prison time as well as fines up to $250,000. Read more on ZDNet. 

This week’s quote 

“Our business  involves families’ babies, and our goal is for the food, experience, and cybersecurity to be healthy in every way.” – Melissa Blake, winner the Avast Sharks Startup Challenge for her company, Sweet Pea Spoons

Over 460,000 Turkish payment cards for sale on dark web

Researchers have spotted a mass batch of stolen credit card and bank card details from Turkey’s top ten banks. Sellers were offloading the card details at costs ranging from $1-$3 per card. The card records are known as “fullz,” which means they contain all pertinent info a user would need to make online payments with them, from name and street address to the CVV number. Read more on Bleeping Computer. 

North Korea uses cybercrime-as-a-service

The notorious state-backed Lazarus Group in North Korea has deployed a new malware package created by the equally notorious TrickBot malware developers, Dark Reading reported. The revelation is part of a growing trend noted by cybersecurity experts, wherein national governments are more frequently using the services of common malware developers, even getting access to already infected systems that they can then compromise further. Researchers observed the Lazarus Group using the newly developed Anchor, a TrickBot-associated malware that specializes in stealth and data theft.

This week’s ‘must-read’ on The Avast Blog

Ever wonder about the three little numbers on your credit card – and who you shoiuld and shouldn’t disclose them to? Learn all about the card verification value (CVV).

750,000 applications for duplicate birth certificates exposed

A U.K. information security company discovered an unprotected Amazon Web Services bucket online filled with over 750,000 applications for duplicate U.S. birth certificates. The data belonged to a company which has not yet been named, but the information at risk included its customers’ contact information, past addresses, family names, and reasons for requesting the duplicate certificates. The oldest of the applications date back to 2017. Read more on TechCrunch.

Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.

Source link

The post #cybersecurity | #hackerspace |<p> Pensacola Hit with Ransomware Attack | Avast <p> appeared first on National Cyber Security.

View full post on National Cyber Security

#cybersecurity | hacker | Maze ransomware possibly behind Southwire attack

Source: National Cyber Security – Produced By Gregory Evans Wire and cable manufacturer Southwire is in the recovery phase from a ransomware attack that struck on December 9 knocking a large portion of the company offline. Published reports state Maze ransomware was the weapon of choice and that the attackers demanded an 850 bitcoin, about […] View full post on

#school | #ransomware | District Cyber Attack: Livingston Superintendent, LHS Principal Provide Updates

Source: National Cyber Security – Produced By Gregory Evans LIVINGSTON, NJ — Two weeks after Livingston Public Schools (LPS) announced that its system was compromised, the district is still without its servers and continues its investigation and district-wide response to the encrypting of the technology systems. Due to the Thanksgiving holiday, there have only been seven […] View full post on