Five days into an outage, the maker of PayMyPark – a parking payment app used by Wellington, Hutt, Tauranga, Christchurch, Dunedin and other city councils – has admitted it was the victim of a ransomware attack.
READ MORE: • Toll admits some customers still suffering delays on day 18 of ransomware attack • Air NZ service provider Travelex held to ransom by hackers demanding $8.5m
“We responded to this incident as soon as we were notified and commissioned a thorough investigation which is being undertaken by the PwC Cyber Response Team,” Arthur D Riley Ltd (ADR) said in a statement.
In follow-up comments, a spokeswoman said no ransom was paid. She did not say how much was demanded to free its data.
Like Toll and Air NZ partner Travelex before it, ADR chose to grind it out and rebuild its systems over several days.
PayMyPark went off-line on Saturday, and users have since been demanding answers from councils, who before this afternoon have been able to offer little information.
“As a result of this ongoing investigation, we believe we have identified how this attack occurred and have taken steps to get PayMyPark back online,” ADR said.
“We want to assure all our customers and users that we have not identified any breach of private or personal information or data as a result of this ransomware attack.
“We can also confirm that PayMyPark does not hold any credit card or other personal financial information.”
The company says its systems are now secure, and that its app will be back online as of 6am tomorrow.
ADR is also heavily involved in parking enforcement systems, and exports of data to collection agencies and courts. The spokeswoman said, “ADR took the parking enforcement systems down as a precaution, but no data or information has been compromised.”
Wellington City Council alerted users via Twitter on Saturday that there were “server problems”. There is still no estimated time for ADR to get the system back online.
A WCC spokesman told the Herald that council staff were meeting with ADR this afternoon. The council hoped to learn more at that meeting, however, it could offer no new information following the get-together.
Source / ADR website
Dunedin City Council has come the closest to providing an explanation, saying in response to a question on Facebook: “Someone attempted to breach our supplier’s website. Due to the security systems in place, no personal information or credit card details were accessed. Cyber security specialists were called in and as a security measure, the site and app were taken offline. They are working to get the site and app back online as a high priority.”
Many drivers were confused about whether they should pay for parking if they had money still in their PayMyPark account, but the system was still down.
Celeste Wansink asked Dunedin Council, “When I have money sitting in an account (PayMyPark) waiting to be used for parking, why should I pay at the meter?” (The council did not immediately reply).
Mike James vented: “Typical DCC [Dunedin City Council], no real back up plan.”
Wellington City Council said people could still pay at meters using cards or cash.
“In the unlikely event you get a ticket, you can appeal your ticket once the system is back online,” the council said on its Facebook page.
Robyn Gilchrist posted in response: “This has been playing up for days… In a cashless society you need a need a more reliable service.”
Have you noticed these stickers on parking meters around the city? They’re promoting PayMyPark, the handy new way to pay for parking from the convenience of your smartphone. Simply pay and walk away! For more information and to download the app, visit: https://t.co/FsqmJ96yXJ pic.twitter.com/aBhsTBMaWk
A number wondered why Wellington had dumped its previous app, Phone2Park, which was shuttered on January 7 this year.
The office of the Privacy Commissioner said it had not been notified about any data breach involving PayMyPark.
What to do if you’re hit by ransomware
New Zealand businesses or individuals hit by a cyber-attack are advised to contact Crown agency CERT (the Computer Emergency Response Team) as their first step.
CERT acts as a triage unit, pointing people to the right law enforcement agency or technical contacts.
CERT director Rob Pope and Police recommend not paying a ransom for data encrypted or stolen by hackers.
There is no guarantee it will be returned. And payment often means helping to fund organised crime groups that are also involved in areas like drugs and human trafficking.
A Massachusetts power station hit by ransomware is refusing to meet attackers’ financial demands.
The Reading Municipal Light Department (RMLD) was targeted on Friday by cyber-criminals hoping to extort money by encrypting data in the station’s computer system. Unfortunately for them, station bosses opted to hire an outside IT consultant to help them deal with the ransomware infection instead of paying for the return of their files.
RMLD said that its IT team had been working tirelessly since Friday to identify and isolate the problem, which was believed to have been contained by yesterday afternoon. Outside help was brought in to make doubly sure that all traces of the malware had been removed.
After attackers drove the electricity provider off their website, RMLD took to Twitter earlier today to spread news of the ransomware attack.
From their account @readinglight, the company posted: “RMLD’s website, http://rmld.com, is currently unavailable due to a widespread issue our vendor is experiencing. There is no ETA for a resolution at this time. This issue is affecting multiple city and town websites in MA. Updates will be shared as they become available.”
Electricity services were not interrupted by the attack, and RMLD said that the grid remains secure.
RMLD said that there were no indications that customers’ financial data had been compromised as a result of the attack. Information regarding customers’ bank accounts and credit cards is stored in a separate system managed by third-party provider Invoice Cloud.
Online payments remained unaffected by the ransomware attack, as they are handled by Invoice Cloud. RMLD said that prompt payment discounts will be honored despite a potential delay in the carrying over of payments from Invoice Cloud to RMLD’s billing system.
Customer data that may have been exposed in the attack includes names, addresses, email addresses, and records of how much electricity an individual has accessed.
RMLD has not confirmed how the ransomware entered their computer system, nor has the electricity provider stated how much money was requested by the attackers.
According to records obtained by NBC10 Boston, 1 in 6 Massachusetts communities have been targeted by ransomware and at least 10 communities have used taxpayers’ money to recover encrypted data.
Along with WhatsApp, other firms being targeted in these scams include PayPal, Facebook, Microsoft and Netflix.
If you are concerned about these types of online attacks then the UK’s National Cyber Security Center has some good advice for consumers.
Here’s their top tips for avoiding phishing scams online.
• Many phishing scams originate overseas and often the spelling, grammar and punctuation are poor. Others will try and create official-looking emails by including logos and graphics. Is the design (and quality) what would you’d expect from a large organisation?
• Is it addressed to you by name, or does it refer to ‘valued customer’, or ‘friend’, or ‘colleague’? This can be a sign that the sender does not actually know you, and that it is part of a phishing scam.
HANAU, Germany — A 43-year-old German man shot and killed nine people at several locations in a Frankfurt suburb overnight in attacks that appear to have been motivated by far-right beliefs, officials said Thursday.
The gunman first attacked a hookah bar and a neighboring cafe in central Hanau at about 10 p.m. Wednesday, killing several people, before heading about 2.5 kilometers (1.5 miles) west and opening fire again, first on a car and then a sports bar, claiming more victims.
Chancellor Angela Merkel said that while the circumstances of the attack still needed to be fully investigated, the shootings exposed the “poison” of racism in German society and pledged to stand up against those who seek to divide the country.
Hookah lounges are places where people gather to smoke flavored tobacco from Middle Eastern water pipes, and some of the victims appeared to be Turkish.
Witness Kadir Kose ran over from a cafe he runs nearby after he heard the first shots, initially assuming there was an altercation between family members.
“But when I heard the second shots I thought it was a terror attack,” Kose said.
He said he was shocked at the extent of the violence, saying that while fights or stabbing aren’t unheard of, “this is a whole other level, something we hear about from America.”
Witnesses and surveillance videos of the suspect’s getaway car led authorities quickly to his home, near the scene of the second attack, where he was found dead near the body of his 72-year-old mother, said Peter Beuth, the interior minister for the state of Hesse.
Neighbor Dieter Hog said he looked out his window and saw 25 or 30 police officers with dogs combing the area.
“They were running around looking for the fugitive who was involved,” Hog told The Associated Press, adding that even though he lived close by he did not know the suspect.
Both the suspect and his mother had gunshot wounds, and the weapon was found on the suspect, Beuth said.
At the townhouse Thursday, forensic experts came and went from the building, and police kept people away.
A website believed to be the suspect’s is being evaluated, Beuth said.
“Initial analysis of the web page of the suspect indicate a xenophobic motivation,” he said. It does not appear, however, that the suspect was known either to police or Germany’s domestic intelligence agency, he added.
He said federal prosecutors have taken over the investigation of the crime and are treating it as an act of domestic terrorism.
“This is an attack on our free and peaceful society,” he said.
Following a conference call with Germany’s state interior ministers, Bavarian Interior Minister Joachim Herrmann said on the basis of the investigation so far, “it was a right-radical xenophobic” attack, German news agency dpa reported.
The attack was quickly and broadly condemned by many organizations, including the Central Council of Muslims, the Confederation of Kurdish Associations in Germany, and the Central Council of Jews.
Merkel pledged that “everything will be done to investigate the circumstances of these terrible murders.”
In unusually plain words, the German leader said: “Racism is a poison. Hatred is a poison.”
“This hatred exists in our society and its is responsible for far too many crimes,” she added, citing the killings committed by a far-right gang known as the NSU, the shooting of a regional politician from her party last year and the attack on a synagogue in Halle in October.
She added that authorities would do everything possible to stand up to those who try to divide the country with racism.
French President Emmanuel Macron tweeted it was a day of “immense sadness” and pledged his “full support for Germany.”
“I’m at the side of Chancellor Merkel in her fight for our values and the protection of our democracies,” he said.
Turkish Foreign Minister Mevlut Cavusoglu said the consulate in Frankfurt and the embassy in Berlin were trying to obtain obtain information about the attack, including the possibility that some of the victims were Turkish.
“According to the initial information, it was an attack with a racist motive, but we would need to wait for the (official) statement,” he told state television TRT.
German news agency dpa reported that police are examining a video the suspect may have posted online several days earlier in which he details a conspiracy theory about child abuse in the United States. The authenticity of the video couldn’t immediately be verified.
In the video, the dark-haired speaker wearing a white button-down shirt under a suit jacket, said he was delivering a “personal message to all Americans” that “your country is under control of invisible secret societies.”
In a slow and deliberate voice, in accented English, he says there are “deep underground military bases” in which “they abuse, torture and kill little children.”
He makes no reference to the far-right fringe QAnon movement in the U.S., but the missive is similar to the movement’s central, but baseless belief that U.S. President Donald Trump is waging a secret campaign against enemies in the “deep state” and a child sex trafficking ring run by satanic pedophiles and cannibals.
On a website registered by someone with the same name as the man in the video, Tobias R., the owner says he was born in Hanau in 1977 and grew up in the city, later training with a bank and completing a business degree in 2007.
The attack comes amid growing concerns about far-right violence in Germany.
Merkel called off a planned visit Thursday to a university in Halle. Her spokesman, Steffen Seibert, said she was “being constantly kept abreast of the state of the investigations in Hanau.”
Halle was the site of a deadly anti-Semitic attack last year. A man expressing anti-Jewish views tried to shoot his way into a synagogue, failed and killed two passers-by before being arrested.
The shooting in Halle came months after the killing of a regional politician from Merkel’s party. The suspect had a long history of neo-Nazi activity and convictions for violent crime.
“Thoughts this morning are with the people of Hanau, in whose midst this terrible crime was committed,” Seibert said on Twitter. “Deep sympathy for the affected families, who are grieving for their dead. We hope with those wounded that they will soon recover.”
In addition to those killed, Beuth said one person was seriously wounded and multiple other people suffered less serious injuries.
rn{% endblock %}"},"start":"https://users.startribune.com/placement/1/environment/3/limit-signup-optimizely/start"},{"id":"limit-signup","count":12,"action":"ignore","mute":true,"action_config":{"template":"{% extends "grid" %}rnrn{% block heading_text %}Youu2019ve read your 10 free articles for this 30 day period. Sign up now for local coverage you wonu2019t find anywhere else, special sections and your favorite columnists. StarTribune puts Minnesota and the world right at your fingertips. {% endblock %}rnrn{% block last %}rn{{ parent() }}rn{# limit Krux pixel from https://www.squishlist.com/strib/customshop/328/ #}rnrnrn{% endblock %}"},"start":"https://users.startribune.com/placement/1/environment/3/limit-signup/start"},{"id":"meter-desktop-331","count":10,"action":"ignore","mute":false,"action_config":false,"start":"https://users.startribune.com/placement/1/environment/3/meter-desktop-331/start"},{"id":"PDA991499opt","count":9,"action":"ignore","mute":true,"action_config":false,"start":"https://users.startribune.com/placement/1/environment/3/PDA991499opt/start"},{"id":"limit","count":8,"action":"inject","mute":false,"action_config":{"template":"
All Star Tribune readers without a Digital Access subscription are given a limited number of complimentary articles every 30 days. Once the article limit is reached we ask readers to purchase a subscription including Digital Access to continue reading. Digital Access is included in all multi-day paper home delivery, Sunday + Digital, and Premium Digital Access subscriptions. After the 1 month Premium Digital Access introductory period you will be charged at a rate of $14.99 per month. You can see all subscription options or login to an existing subscription herern
(TNS) — The cyberattack that took down public-access computers at Volusia County, Fla., libraries last month involved ransomware that has elicited millions of dollars in ransom payments from governments and large businesses.
Volusia County officials say they’ve referred the attack to law enforcement, but would not say which agency is investigating. Emails provided in response to a public-record request indicate the library computers were infected by Ryuk ransomware. The county will not say whether it has made a ransom payment.
“Because it’s under investigation, we have no comment at this time,” said Kevin Captain, a county spokesman in an emailed response to a question about ransom.
Captain confirmed the county’s insurance deductible is $100,000. “The county has no confirmation of cost at this time but will at a later date,” Captain said.
Volusia County provided The News-Journal hundreds of pages of emails about the ransomware incident, some of it redacted because of the ongoing criminal investigation.
At 8:44 a.m. Jan. 9, Brian Whiting, director of information technology at Volusia County, wrote an email to support desk staff stating: “The Volusia County Library is currently being cyber attacked by Ryuk, an attack propagated frequently via email phishing attack.”
Later that day, in another email, Whiting says the IT department has detected “a ten-fold increase in attempted attacks over the past month or so.”
Twenty servers and about 600 computers were encrypted — essentially locked up — by the ransomware. The county was able to restore about 50 computers used by library staff to conduct business, such as checking books in and out, but the public-access terminals would remain down for about two weeks.
One of Volusia officials’ first calls reported the incident to the Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC) in East Greenbush, New York. The Center for Internet Security is a nonprofit organization that works to safeguard private and public organizations against cyber threats.
An emergency response team from MS-ISAC got involved.
Volusia officials soon also contacted their London-based claims adjuster, CFC Underwriting, which became involved in approving expenditures on outside security firms to assist with bringing the system back. Solis Security in Austin, Texas, was also brought into the loop.
And at some point, the county notified the Department of Homeland Security about the incident, according to an email written by Andrew Krasucki of CFC Underwriting.
An email from Joshan Heer of CFC Underwriting to county officials summarized what had been found by midday Jan. 10:
Encryption of the Volusia library computers began at around 1:30 a.m. on Jan. 9, and a ransomware note had been left on a desktop by 7 that morning.
File extensions had been changed to .ryk, indicating the Ryuk ransomware. Volusia County IT staff shut down and disconnected all the computers from the county network.
“It is believed sensitive data is not at risk due to (redacted),” Heer wrote, adding that would have to be confirmed.
“Those who’ve used public-access computers on a network that’s been hit by Ryuk probably don’t have much to worry about,” said Brett Callow, a threat analyst with Emsisoft, a New Zealand-based anti-malware company. “The Ryuk operators have not been known to steal data.”
Cyber defense experts say Ryuk has been used in hundreds of attacks on U.S. governments and businesses since 2018, and in some cases the criminal gang of hackers responsible for the attacks have been paid handsomely.
The cost of these attacks in 2019 was estimated by Emsisoft at $7.5 billion.
At least three Florida municipalities were victimized in June 2019 alone, including:
Riviera Beach, a Palm Beach County city of 35,000, which paid 65 bitcoins – or about $600,000 – in exchange for a decryption key from the attackers.
Lake City in northern Florida paid about $460,000 in bitcoin to recover data and computer operations.
Key Biscayne – a town on a barrier island near Miami – was hit and spent money trying to restore its network.
While it is unclear whether Volusia paid a ransom, Krasucki’s email of Jan. 13 indicated the county might have had a way to restore its data.
“A system state backup stored on an external drive will be utilised to rebuild the active directory structure and the domain controller servers,” Krasucki wrote.
Callow said Ryuk is commonly used in attacks on both the public and private sector and accounts for between 15% and 25% of all ransomware incidents.
SentinelOne, another cybersecurity firm, reported Ryuk ransomware “is largely responsible for the massive increase in ransomware payments.” Where many cyber criminals demand $10,000 to remove the encryption on computer systems, Ryuk operators “demand an average of $288,000 for the release of systems.”
Yet another cyber defense firm, CrowdStrike, identifies the perpetrator of Ryuk as “Wizard Spider,” a Russia-based criminal group.
Callow said exactly who’s deploying Ryuk remains an open question.
“There’s speculation that the group behind Ryuk – and it does appear to be a single group – has Russian ties, but it is just speculation. Attribution is always extremely hard,” he wrote in an emailed response to questions.
“For example, some ransomware contains language exclusions and will not encrypt files if the operating system uses one of a number of specified languages – (post-Soviet) countries, Iran, etc.,” he wrote. “That could indicate origin – groups not wanting to poop in their own backyards – or it could be a false flag designed to misdirect law enforcement.”
Unlike other ransomware, which contain flaws in the encryption allowing security companies to create tools to recover data without needing to pay ransom, Ryuk has no such flaws, Callow said.
“The encryption is perfectly implemented and, consequently, the only way to recover data is to restore it from backups (assuming they were not deleted/encrypted during the attacks) or to pay the ransom,” Callow said.
When the computers of the city of Lodi, Calif., got hit by a ransomware attack last April, the strike disabled phone lines, forced police officers to write reports by hand and prevented workers from sending out utility bills.
City officials refused to pay the ransom of 75 bitcoins — about $400,000 — and instead turned to their cyber insurance company, which sent in a legal team and security experts to investigate and help return the system to normal.
“It took a lot of our energy and ended up consuming a great deal of time,” recalled City Manager Steve Schwabauer. “We ultimately filed a claim of about $250,000, and it’s not fully closed yet.”
State legislators later gave Lodi, a city of about 67,000, a half-million-dollar grant to upgrade cybersecurity.
As cybercriminals increase their attacks against local governments — hundreds of municipalities and county agencies were hit in the last two years — some states are helping cities and counties better protect themselves. States have offered election cybersecurity, responses to ransomware attacks that take computer systems hostage, training and other programs, according to a recent report by the National Governors Assn. and the National Assn. of State Chief Information Officers.
“It’s the right thing to do,” said Meredith Ward, the latter group’s policy and research director. “Cybersecurity is a team sport. States and local government and the private sector all have a role to play.” But while 65% of states report that they provide some cybersecurity services to local governments, the scope varies widely. And other states aren’t doing anything to help, saying they don’t have jurisdiction over local governments or they lack money to spare.
“It’s very hard for most local governments,” said Alan Shark, executive director of the Public Technology Institute, a Washington, D.C.-based nonprofit that provides training and other support to local government information technology executives. “They lack the resources to adequately protect themselves. Yesterday’s fixes don’t work today. The cybercriminals are encouraged.”
But Shark said more states are starting to assist local governments in restoring their systems.
The states committed to collaboration are on the right track, the report by the governors’ and IT chiefs’ groups found.
Among them:
Illinois created a program that helps local election officials improve their cybersecurity readiness and conduct risk assessments. It hired IT specialists to help local election offices beef up their security.
Iowa is using a federal grant to offer counties cybersecurity vulnerability scanning and to pay for hardware and anti-malware tools. It also is piloting cyber projects with schools, cities and hospitals.
North Carolina developed a partnership with the state’s National Guard and emergency management division to help local governments, school systems and community colleges recover data compromised during a cyberattack and provide training to help prevent future incidents.
Pennsylvania partnered with the county commissioners’ statewide association to provide security awareness training and phishing exercises for all 150,000 county and state employees and contractors. Phishing victims unwittingly click on emailed links designed to get personal information, such as passwords.
“It’s about working outside your comfort zone and forging relationships,” said Erik Avakian, Pennsylvania’s chief information security officer. “We think this is really the path forward for all states. It’s something they should be looking at.” Cybersecurity remains a serious issue for state governments, as sophisticated hackers and cybercriminals are constantly scanning computer networks looking for vulnerabilities. Those networks contain information such as Social Security numbers, birth certificates, bank account details and credit card numbers of millions of individuals and businesses.
But it’s especially hard for local governments. Just last month, for example, a small school district near Austin, Texas, with 9,600 students, disclosed that it had lost $2 million in a phishing email scam.
Local governments saw a spike in cyberattacks in 2019, and experts say it doesn’t look like they’re going to abate any time soon.
In the last 24 months, at least 370 cyber incidents affecting local governments and public safety agencies were publicly reported in 47 states, according to Aubrey Larson, a marketing manager at SecuLore Solutions, a Maryland-based cybersecurity company. That’s a 150% hike over the previous two-year period, she said.
In fact, the majority of publicized ransomware attacks in the United States last year targeted local governments, according to the report by the governors’ and state IT officers’ associations.
Ransomware hijacks government computer systems and holds them hostage until their victims pay a ransom or restore the system on their own.
In October, the FBI issued a public service announcement, saying state and local governments “have been particularly visible targets for ransomware attacks.” Those attacks can be devastating.
Democratic New Orleans Mayor LaToya Cantrell declared a state of emergency in December after a ransomware attack hobbled the city. Officials had to shut down more than 4,000 computers and close municipal courthouses. The attack has cost the city at least $7 million.
Nearly two dozen Texas cities were targeted in a ransomware attack in August that led Republican Gov. Greg Abbott to order a “Level 2 Escalated Response,” which is just one level below the emergency management division’s highest alert. The state led the response and helped the cities restore their systems.
And Baltimore was hit by a ransomware attack in May that crippled thousands of computers and left workers unable to access online accounts and payment systems for weeks. City officials transferred $6 million from a parks and recreation fund to pay for cyber protections. In total, restorations and repairs cost $18 million.
Preventing and responding to attacks can be complicated when efforts involve jurisdictions that generally operate independently of one another.
“Some cyber incidents are truly becoming emergencies. [State and local IT officials] shouldn’t be exchanging business cards at that point,” said Maggie Brunner, cybersecurity program director for the national governors’ group. “They should be doing it ahead of time. We’d love to see state CIOs know every single local IT director.”
In Pennsylvania, IT security chief Avakian said his agency held quarterly meetings with county IT officials to build relationships and find out about their cybersecurity needs. “The fact that we’ve cracked this nut across jurisdictional boundaries is significant,” Avakian said.
Because of the collaboration, he said, the state was able to buy licenses for the phishing training exercise in bulk. The larger number of users lowered the cost per unit and saved the state and its 67 counties a considerable amount of money. He wouldn’t say how much.
“Now that we’ve done this, more people want to come onboard — school districts, cities,” Avakian said. “It’s kind of taken off.”
Michael Sage, chief information officer for the County Commissioners Assn. of Pennsylvania, called the cyber training and relationship the counties have developed with the commonwealth “a fantastic effort.”
“It has bolstered awareness and helped the counties understand where the threats are coming from, so they can stay vigilant,” Sage said. “The more we can collaborate and share, the better off we’re going to be.”
Hackers have finally done what bond issuers may have feared most from cyber criminals.
A ransomware attack on Pleasant Valley Hospital in West Virginia was partly responsible for the hospital’s breach of its covenant agreement, according to a notice to the hospital’s bondholders from the trustee, WesBanco Bank. It appears to be the first time a cyber attack triggered a formal covenant violation, according to research firm Municipal Market Analytics.
The virus entered the hospital’s system via emails sent 10 months before the cyber criminals asked the hospital for money, said Craig Gilliland, the hospital’s chief financial officer. The information the criminals held for ransom did not contain patient data or confidential data, so it was “more of an annoyance,” he added.
Because of the attack, the hospital was forced to spend about $1 million on new computer equipment and infrastructure improvements, Gilliland said. That cost, along with declining patient volume, caused the hospital’s debt service coverage for the fiscal year that ended on Sept. 30 to fall to 78%, below the 120% the loan agreement requires, according to the material notice to bondholders.
“When we had the cyber attack, we didn’t have the sophisticated anti-virus software that we needed,” he said. “Cyber attacks are effective on smaller hospitals and smaller government agencies who do not have the resources and do not spend the money to proactively get ahead of the curve.”
The hospital did not miss any payments to bond investors. Gilliland said he is not aware of whether or not payments were made to the perpetrators because the attack was managed by a cyber liability insurance carrier Beazley Group. Mairi MacDonald, who manages media relations for Beazley Group, said via email that the company does not comment on specific client matters.
“The resolution of the situation will likely cost the hospital via monetary settlements and security hardening, making a financial rebound a bit more difficult than otherwise,” MMA said in its report. “Pleasant Valley highlights cyber risks as, at least so far, primarily a worsener for most municipal credits.”
Cyber risk is a growing concern for the municipal market. There were 133 publicly reported attacks against health-care providers since 2016, 47 of which occurred in 2019, according to data collected by threat intelligence company Recorded Future, Inc. Health-care providers are at particular risk for cyber attacks because patient care is disrupted, so there is an expectation the hospital will pay to remedy that quickly, said Allan Liska, an intelligence analyst at the company. Health-care providers also use unique software that is often managed by vendors, leaving updates to the software out of their hands.
“You have hospitals and doctors offices that are often forced to run outdated and old software that makes them at risk for these ransomware attacks,” Liska said.
And it’s not just health-care providers that are at risk. In 2019, state and local governments reported 106 ransomware attacks, nearly double what was reported a year before, according to data collected by Recorded Future. Among them were the Syracuse School District, which said it experienced a cyber attack that could “impact its financial position” according to a July 31 regulatory filing, and the city of Baltimore, which disclosed a cyber attack to investors in its bond offering documents when it borrowed last year.
For Pleasant Valley Hospital, the insurance company Beazley Group “connected the Hospital with other vendors to settle and remediate the issue,” according to the statement to bondholders. To address the decreasing patient volume, the hospital has lowered its labor costs and plans to convert doctor offices into two rural health clinics and to offer a new medical withdrawal inpatient service.
The threat to credit will get worse in the public finance realm before it can be alleviated, said Geoffrey Buswick, an analyst for S&P Global Ratings. Issuers can do all the right things, like protect their network and have proper insurance in place, and still find it difficult to fully offset cyber risks, he added.
“The various actors out there, be it a nation-state or criminal organization or just a rouge hacker, seem to have advanced technologies that are changing quickly,” Buswick said.
–With assistance from Amanda Albright and Danielle Moran.
Want to stay up to date?
Get the latest insurance news sent straight to your inbox.
The City of New Orleans ransomware attack has caused at least $7 million in financial damage to date, Mayor Latoya Cantrell told WVUE. In addition, Cantrell said she expects the ransomware attack’s financial impact to continue to grow — despite the fact that the city has recovered $3 million via a cyber insurance policy that was purchased before the incident.
Meanwhile, the City of New Orleans still faces an IT backlog after the ransomware attack, Chief Administrative Officer Gilbert Montano told WVUE. Montano also indicated that it could take several months before the city rebuilds its network.
A Closer Look at the New Orleans Ransomware Attack
The City of New Orleans ransomware attack took place December 13. Cybercriminals shut down City of New Orleans government systems, and more than 4,000 New Orleans government computers were affected by the cyberattack.
New Orleans officials have taken steps to improve the city’s security posture after the ransomware attack. The City of New Orleans plans to increase its cyber insurance coverage to $10 million this year, and a forensic investigation into the ransomware attack is ongoing.
How Can Organizations Address Ransomware Attacks?
Ransomware attacks affect municipalities, schools and businesses of all sizes. However, there are many things that any organization can do to combat ransomware attacks, such as:
Perform regular IT security audits and penetration testing.
Deploy endpoint protection solutions across IT environments.
Develop and implement a cybersecurity training program to teach employees about ransomware and other cyber threats.
MSSP Alert Recommendations
The FBI and U.S. Department of Homeland Security have repeatedly warned MSPs and their technology platform providers about such attacks.
To get ahead of the ransomware threat, MSSP Alert and ChannelE2E have recommended that readers:
Sign up immediately for U.S. Department of Homeland Security Alerts, which are issued by the Cybersecurity and Infrastructure Security Agency. Some of the alerts specifically mention MSPs, CSPs, telcos and other types of service providers.
Study the NIST Cybersecurity Framework to understand how to mitigate risk within your own business before moving on to mitigate risk across your customer base.
Explore cybersecurity awareness training for your business and your end-customers to drive down cyberattack hit rates.
Connect the dots between your cybersecurity and data protection vendors. Understand how their offerings can be integrated and aligned to (A) prevent attacks, (B) mitigate attacks and (C) recover data if an attack circumvents your cyber defenses.
Continue to attend channel-related conferences, but extend to attend major cybersecurity events — particularly RSA Conference, Black Hat and Amazon AWS re:Inforce. (PS: Also, keep your eyes open for PerchyCon 2020 in January.)
The New Year’s Eve cyber-attack on currency exchange bureau Travelex is disrupting services for UK bank customers.
Travelex took all its systems offline as a precautionary measure after being hit by what it initially described as a “software virus” on December 31. On January 7, the company released a statement fingering the culprit as a type of ransomware known as Sodinokibi and also commonly referred to as REvil.
Although the malware has been contained, Travelex has so far been unable to resume normal operations, though the company has said that a number of internal systems are now back up and running normally.
The ransomware attack is not only causing misery for Travelex and its customers but has also spurned a brouhaha for British banks that rely on the travel money giant.
RBS, Sainsbury’s Bank, First Direct, Virgin Money, and Barclays are among more than a dozen banks that have said their online foreign currency services are down as a result of the incident.
Requests for foreign currency are being handled in-branch by many of the banks affected.
According to the BBC, threat actors behind the ransomware attack are attempting to extort $6m from Travelex by encrypting the company’s data.
Travelex said on Tuesday that it was not yet clear what data had been affected by the incident.
“To date, the company can confirm that whilst there has been some data encryption, there is no evidence that structured personal customer data has been encrypted. Whist Travelex does not yet have a complete picture of all the data that has been encrypted, there is still no evidence to date that any data has been exfiltrated,” Travelex stated on January 7.
Until normal service is resumed, Travelex is doing business the old-fashioned way. The company’s chief executive, Tony D’Souza, said: “Travelex continues to offer services to its customers on a manual basis and is continuing to provide alternative customer solutions in the interim.”
With all the hullaballoo it seems that reporting the incident to the authorities may have slipped Travelex’s mind. Organizations are legally obliged to inform the Information Commissioner’s Office (ICO) within 72 hours of becoming aware of a data breach; however, the ICO said on Tuesday that it had not received a data breach report from Travelex.
According to a local news report, the Richard Community school in Michigan was hacked over the winter holidays, and the hacker encrypted the school’s sever using ransomware attack. The hackers have demanded $10,000 in bitcoin to restore the server. The School’s IT department revealed that the hack had occurred on December 27.
School refuses to pay ransom to hackers.
The Michigan district school’s IT department immediately shut down the server after discovering the hack and made sure the back serves had not been compromised. The school informed the Michigan police and are trying to track down the hacker. The hack had affected the school district’s telephones, copiers, classroom technology, and even the heating system, but no student’s or staff’s personal information was compromised, according to the school. The server is expected to be back up and running before school resumes next week.
Increase in ransomware attacks around the world.
The ransomware attack on the Michigan district school was not an isolated incident. There have been several ransomware attack reports from around the world. The most common targets for these hackers are schools, hospitals, and local businesses. Last year three schools alone in New York faced the similar attacks. In November 2019, the Mexican state-owned petroleum company Pemex also suffered a ransomware attack where hackers had demanded $5 million in BTC to decrypt the server.
rnrn{% endblock %}"},"start":"https://users.startribune.com/placement/1/environment/3/limit-signup/start"},{"id":"meter-desktop-331","count":10,"action":"ignore","mute":false,"action_config":false,"start":"https://users.startribune.com/placement/1/environment/3/meter-desktop-331/start"},{"id":"PDA991499opt","count":9,"action":"ignore","mute":true,"action_config":false,"start":"https://users.startribune.com/placement/1/environment/3/PDA991499opt/start"},{"id":"limit","count":8,"action":"inject","mute":false,"action_config":{"template":"
rn
 }}){kind=logo}
rnrn#}rn }})
rn  }}){kind=logo}
rn 
D5 Creation