now browsing by tag
#school | #ransomware | Cyberattack on Morial Convention Center has little immediate effect on events there, but problems may grow | Business News
Source: National Cyber Security – Produced By Gregory Evans The Ernest N. Morial Convention Center, one of the cornerstones of New Orleans’ multibillion-dollar tourism economy, is the latest victim in a string of cyberattacks against city and state computer systems that have had serious consequences for government officials and the public. New Orleanians were left […] View full post on AmIHackerProof.com
#school | #ransomware | Michigan District school faces a ransomware attack; hackers demand $10,000 in BTC.
According to a local news report, the Richard Community school in Michigan was hacked over the winter holidays, and the hacker encrypted the school’s sever using ransomware attack. The hackers have demanded $10,000 in bitcoin to restore the server. The School’s IT department revealed that the hack had occurred on December 27.
School refuses to pay ransom to hackers.
The Michigan district school’s IT department immediately shut down the server after discovering the hack and made sure the back serves had not been compromised. The school informed the Michigan police and are trying to track down the hacker. The hack had affected the school district’s telephones, copiers, classroom technology, and even the heating system, but no student’s or staff’s personal information was compromised, according to the school. The server is expected to be back up and running before school resumes next week.
Increase in ransomware attacks around the world.
The ransomware attack on the Michigan district school was not an isolated incident. There have been several ransomware attack reports from around the world. The most common targets for these hackers are schools, hospitals, and local businesses. Last year three schools alone in New York faced the similar attacks. In November 2019, the Mexican state-owned petroleum company Pemex also suffered a ransomware attack where hackers had demanded $5 million in BTC to decrypt the server.
View full post on National Cyber Security
A cyber attack has shut down the computer network at the Center for Health Care Services, Bexar County’s largest provider of mental health and substance abuse services.
CEO Jelynne LeBlanc Burley confirmed Tuesday that the company’s system was included in a larger-scale cyber attack last week that’s under investigation by federal law enforcement agencies.
It’s unclear how many organizations were hit by the attack or who was behind it.
The city of New Orleans made headlines recently when it suffered a cyber attack on Dec. 13 serious enough for its mayor to declare a state of emergency.
Hospitals, school districts, government agencies and businesses are increasingly falling victim to ransomware, which the Federal Bureau of Investigation describes as an insidious type of malware that encrypts or locks up valuable digital files. The perpetrators demand a ransom to release the files.
Burley said she doesn’t know whether the attacker demanded a ransom from the center. Because it’s part of a larger attack, she added, the FBI and the Secret Service are investigating.
She said federal officials called the center last week about the attack, and that the center’s techs isolated the threat to a single computer server. Burley decided to shut down the center’s entire computer system as a precaution. Administrators expect it will be back up by Thursday.
Texas Inc.: Get the best of business news sent directly to your inbox
“Now we’re in the process of bringing back our system,” she said. “We started at our larger clinics, and we’re bringing it up slowly and carefully to ensure that our security is still intact.”
CHCS operates several locations in San Antonio, including a walk-in mental health clinic and mobile crisis outreach team, substance abuse recovery facilities and programs at the homeless services campus Haven for Hope.
There were several notices posted around the center’s main office at 6800 Park Ten Boulevard warning employees to take laptop computers to the IT department.
Federal law enforcement officials could not be reached Tuesday.
Laura Garcia covers the health care industry in the San Antonio and Bexar County area. Read her stories and more local coverage on our free site, mySA.com, and on our subscriber site, ExpressNews.com. | email@example.com | Twitter: @Reporter_Laura
View full post on National Cyber Security
We do need an education
With schools across the US increasingly falling prey to ransomware attacks, two US senators are calling for the Department of Homeland Security (DHS) to create a set of guidelines to help schools improve their cybersecurity systems.
Senators Gary Peters, a Democrat representing Michigan, and Rick Scott, a Republican for Florida, have introduced a bill instructing the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) to examine schools’ security risks and challenges.
The tools would be designed to educate officials about the new recommendations and suggest strategies for implementing them.
There’s no detail on what these recommendations and tools might be, and no funding has been allocated.
However, the bill is similar in principle to the State and Local Government Cybersecurity Improvement Act, recently passed by the Senate, which would see the DHS’s National Cybersecurity and Communications Integration Center (NCCIC) providing state and local officials with access to security tools and procedures and carrying out joint cybersecurity exercises.
“Schools across the country are entrusted with safeguarding the personal data of their students and faculty, but lack many of [the] resources and information needed to adequately defend themselves against sophisticated cyber-attacks,” said Peters.
“This common-sense, bipartisan legislation will help to ensure that schools in Michigan and across the country can protect themselves from hackers looking to take advantage of our nation’s cybersecurity vulnerabilities.”
Over the last few years, there has been an increasing number of ransomware attacks on US public sector organisations, including schools.
Data from cloud security firm Armor shows that 72 school districts or individual educational institutions have publicly reported being a victim of ransomware this year, with 1,039 schools impacted.
Connecticut saw seven school districts hit, while Louisiana went so far as to declare a state of emergency after schools across the north of the state were hit by malware in July. The Rockville Centre, New York, school district, paid out nearly $100,000 after being hit by the Ryuk ransomware in August.
Indeed, according to research from Malwarebytes, education was the top target for trojan malware during the 2018-2019 school year, and the most-detected threat category for all businesses in 2018 and early 2019. Adware, trojans, and backdoors were the three most common threats, with ransomware attacks soaring by 365% in the year to Q2 2019.
Schools are particularly easy targets, as they tend to be short on funding and often have outdated systems.
Adam Kujawa, a director of Malwarebytes Labs, told The Daily Swig: “Education organizations face several issues in reference to securing networks that many private businesses don’t deal with.
“For example, the increased opportunity for infection due to endpoints being spread across a campus, being accessed by both student and staff, many of which can affect the security of that endpoint and possibly the entire network with careless use – opening malware – or intentional malice.
“Overall, this kind of environment shouldn’t be treated as any other organization, so I am glad they are doing a study first to identify the unique problems educational networks deal with. We will have to wait and see if the results of this study – the tools developed and made available – will be effective or even deployed across the board.”
RELATED Ryuk ransomware implicated in City of New Orleans shutdown
The post #school | #ransomware | Ransomware attacks prompt push for US schools cybersecurity bill appeared first on National Cyber Security.
View full post on National Cyber Security
2019 was filled with cybersecurity news, with fresh headlines every day of ransomware and data breaches, Internet of Things incidents and scam mobile apps. The bar for sheer weirdness was high. Here are a dozen stories that managed to clear it.
Forget thumb drives, meet the leg drive
A new device about the size of a pack of gum, called PegLeg is meant to be surgically inserted into your leg. Any Wi-Fi enabled device can access it, and the device can store hundreds of gigabytes of data. This would allow the embedded user to bootleg data into another country.
Ransomware victim hacks back
After paying his ransomware attacker 670 euros (about $747), Tobias Frömel sought revenge by hacking into the attacker’s command and control center and generating decryption keys for all the other victims who suffered the same attack. Frömel explained to Bleeping Computer that he was able to pull from the attacker’s server the Hardware IDs for each of the 2,858 victims stored in the server’s database, along with each victim’s unique decrypter key.
Crimes of the heart online
The FBI’s cybercrime report found that the second-costliest category of crime, behind only compromised business email, was confidence and romance fraud, with a 2018 cost of $363 million. The scams happened 18,493 times last year, the FBI reports – an average of more than 50 times a day.
Our music isn’t worth stealing
The band Radiohead has released 18 hours of previously unheard music after thieves threatened to release tracks unless the band paid them $150,000. The majority of the material, according to the band, is “only tangentially interesting. And very, very long.”
New cybercrime: Stealing school lunches
Keith Wesley Cosbey, CFO of California school lunch provider Choicelunch, was arrested in April on two felony counts — identity theft and unlawful computer access. The San Francisco Chronicle reported that law enforcement accused Cosbey of hacking into the network of longtime Choicelunch rival The LunchMaster, accessing sensitive student data including names, grades, meal preferences, and allergy info.
Happy birthday Facebook, your money’s no good
Facebook turned 15, celebrating the milestone with total monthly users of around 2.32 billion. The birthday and user base provided little protection from controversy. The social media giant announced its own digital currency, Libra, and experienced major pushback within hours as policymakers around the world voiced concerns it could heavily disrupt the global financial system.
Sleazy cop shut down and busted on the world stage
Germany fined a police officer $1,500 for looking up a driver’s mobile number using their license plate information and calling them for personal reasons.
Homeland security, eh?
For the last four fiscal years, the Department of Homeland Security continued to use unsupported systems, such as Windows XP and Windows Server 2003. Then-DHS Chief Information Officer Richard Staropoli summed up issues related to his cybersecurity management job by saying, “You can write this down and quote me: The problem is piss-poor management.”
The election couldn’t be hacked – and that was a fail
The U.S. government’s $10 million voting machine was supposed to be available for hackers to find security flaws at DefCon. An unexpected bug stopped the experiment from starting until the conference’s last day. More from CNET here.
Criminals use AI to impersonate CEO’s voice
A UK-based energy firm was scammed out of $243,000 when criminals targeted the company with an effective “vishing” campaign. Vishing is short for “voice phishing,” the tactic of tricking targets over the phone. This incident marked the first time AI-based voice fraud netted such a high payload, according to The Next Web.
FaceApp, the new fad and security threat that wasn’t
Remember FaceApp – the hot new app that turned out to be a big security risk? If that’s how you remember it, that’s understandable. It just isn’t true. Pop stars used it to look like senior citizens. Professional athletes made themselves unrecognizable. The “FaceApp challenge” became a thing in 2019 – until U.S. Sen. Chuck Schumer of New York, posted an alarming warning about the app message. Turns out, FaceApp had been around for two years – and had no new security issues.
Hacking Alexa and Siri with lasers
University of Michigan researchers demonstrated how to hack smart speakers via laser. They also climbed 140 feet to the top of a bell tower at the University of Michigan and successfully controlled a Google Home device on the fourth floor of an office building 230 feet away.
The post #school | #ransomware | Weirdest Cybersecurity Stories Of 2019 | Avast appeared first on National Cyber Security.
View full post on National Cyber Security
On Aug. 21, Lumber Liquidators’ corporate and store-level computer systems began to shut down. Without them, the flooring company’s retail employees couldn’t check product prices or inventories. They had to send in orders to distribution centers by phone or from their personal email accounts and write down customers’ credit card information on paper. Each transaction took up to half an hour. Amid the chaos, sales took a hit. So did morale, since sales factored into employee bonuses.
“You couldn’t really sell or haggle anything,” said Trevor Sinner, then a store manager in Los Angeles. “You couldn’t see inventory, you couldn’t see cost, you couldn’t see anything.”
Once most of the computer systems were back online six days later, the Virginia-based retailer reported what it called a “network security incident” showing “symptoms of malware” to the Securities and Exchange Commission. But Sinner got a different explanation from a divisional vice president, who confided that the real culprit was ransomware — malicious software that freezes computer files and demands payment to decrypt them.
“We knew it was ransomware a long time ago,” Sinner said. “I don’t think the company disclosed it was ransomware to anybody, even now.”
Each year, millions of ransomware attacks paralyze computer systems of businesses, medical offices, government agencies and individuals. But they pose a particular dilemma for publicly traded companies, which are regulated by the SEC. Because attacks cost money, affect operations and expose cybersecurity vulnerabilities, they sometimes meet the definition used by the SEC of a “material” event — one that a “reasonable person” would consider important to an investment decision. Material events must be reported in public filings, and failure to do so could spur SEC action or a shareholder lawsuit.
Yet some companies worry that acknowledging a ransomware attack could land them on the front page, alarm investors and drive down their share price. As a result, although many companies cite ransomware in filings as a risk, they often don’t report attacks or describe them in vague terms, according to experts in securities law and cybersecurity.
Weak or no disclosure to the SEC is one of several omissions that hamper federal monitoring of ransomware assaults on U.S. businesses. Companies seldom choose to alert the FBI, fearing that the attacks would become public, that agents might investigate unrelated problems or that the bureau would discourage them from paying ransoms. And at least two data recovery firms that some victimized businesses hire to pay the hackers have not registered with a bureau of the U.S. Department of the Treasury that tracks financial transactions involving suspected criminals.
These gaps become more glaring as the ransomware danger grows. In an October announcement, the FBI warned that attacks “are becoming more targeted, sophisticated, and costly,” and that losses from them “have increased significantly.” Some recent ransomware attacks have resulted in the theft of victims’ sensitive data and threats to sell or publish it — a breach of security that could undermine one of the most common corporate rationales for lack of disclosure. John Reed Stark, a former SEC enforcement attorney, said companies have leaned on the notion that ransomware attacks aren’t material because there’s little evidence that personally identifiable information — the release of which may trigger reporting requirements in various states — is stolen.
“The general consensus is that data was not exfiltrated, so we don’t have to say anything,” said Stark, now a consultant for businesses dealing with ransomware and other cyber issues. He added later, “Ransomware attacks have now evolved into data breaches, and it is terrifying.”
Even when companies do allude to an attack in SEC filings, they typically resort to euphemisms rather than the very word that best describes what paralyzed their business and caused millions of dollars in losses. Just as wizards in the Harry Potter books speak of evil Lord Voldemort as “He Who Must Not Be Named,” so companies are loath to refer to dreaded ransomware.
“They specifically avoid saying it,” said Bill Siegel, chief executive of Coveware, a Connecticut-based firm that analyzes ransomware victims’ options and often pays the ransom on their behalf. “They generally don’t use the word ‘ransomware’ for obvious reasons. It’s an ugly term. It scares people.” By using more generic terms, “You can put it out there, and you’ve officially said something, but you’ve also said nothing that can get you in any sort of trouble any which way.”
Siegel said Coveware works with as many as six publicly traded companies a month, which he declined to identify. “Any company that uses a phrase like ‘malware that encrypted’ or ‘malware that caused system disruption or downtime’ is likely referring to ransomware. Because malware is everywhere, it’s constant, and you don’t stop doing business because of malware,” he said. “I think you can feel very, very confident that … anybody that phrases it as a malware or IT security incident that causes a disruption is likely referring to ransomware.”
Less than half of Siegel’s publicly traded clients pay a ransom, while the rest usually restore data from backups, he said. “Some of these [situations] are pretty messy and sometimes take weeks or longer to fully recover from,” he said. “We’ve had public companies that have literally rebuilt every computer from scratch.”
In a November filing, Lumber Liquidators said that its computer freeze was “caused by malware,” and that it “implemented our business continuity plan and undertook actions to recover the affected systems.” It estimated a $6 million to $8 million revenue loss. In an accompanying earnings call, the company’s chief executive said that a “network attack” had “encrypted certain IT systems.” Encrypted files are characteristic of ransomware.
Asked whether the company was attacked by ransomware, and if so why the company hadn’t used the term, Lumber Liquidators spokesman Nathan Bowie didn’t respond.
A ProPublica review of SEC filings found that companies typically attribute computer mishaps to malware. For example, Illinois-based trucking company Roadrunner Transportation Systems blamed a “malware attack” in September for quarantined servers and invoice delays that reduced revenue by more than $7 million. Another Illinois company, Ingredion, a maker of sweeteners and starches, said “suspicious activity” and a “malware incident” took servers offline in October, with an expected delay in transactions with customers and suppliers. Indiana-based Patrick Industries, which makes components for recreational vehicles, spent $1.5 million to repair damage from a “highly-sophisticated third-party malware cyberattack” this year that disrupted operations for two business days. Spokeswomen for the companies declined to respond to questions.
Companies sometimes cite ransomware in filings as a potential risk. Last February, Massachusetts-based beverage company Keurig Dr Pepper warned in an SEC filing that a ransomware attack could breach its cybersecurity. In that same filing, it said that an “organized malware attack” had disrupted its coffee systems division, and that it had “taken actions to address this attack,” but offered no other details. A company spokeswoman declined to comment.
ProPublica could not determine if Roadrunner, Ingredion, Patrick Industries or Keurig Dr Pepper were hit by ransomware.
Steven Chabinsky, a Washington, D.C., attorney who focuses on privacy and cybersecurity matters, said that such disclosures satisfy the materiality rule. There is “no reason to think the SEC would look for magic words like ransomware as long as the incident was described accurately,” he said.
SEC spokesman Christopher Carofine declined to comment on companies’ avoidance in filings of the word “ransomware.” However, in cyber disclosure guidance last year, the SEC appealed for more candor. Companies “should avoid generic cybersecurity-related disclosure and provide specific information that is useful to investors,” it said.
In a speech last year at the Tulane Corporate Law Institute, SEC Commissioner Robert Jackson expressed concern that companies aren’t reporting cyberattacks, though he didn’t single out ransomware. The commission “relies heavily on the judgments of corporate counsel to make sure investors get the information they need” on cyber incidents, he said. “I worry that these judgments have, too often, erred on the side of nondisclosure, leaving investors in the dark and putting companies at risk.”
Without knowing about the existence or extent of ransomware attacks and any subsequent payments, investors cannot make informed decisions about stock ownership or proposals that could boost a company’s cybersecurity, Rhode Island Congressman Jim Langevin said in an interview. Companies need to “err on the side of reporting,” and the SEC must be “more proactive” in enforcing regulations, he said.
“Investors certainly have a right to know if a ransomware attack happened, how it was handled and whether or not the ransom was actually paid,” said Langevin, a Democrat who is co-chair of the Congressional Cybersecurity Caucus and has called on the SEC to require companies to disclose their cybersecurity practices.
“We don’t know what we don’t know,” he continued. “When breaches have occurred, if companies are silent about it, investors don’t know, policyholders don’t know, regulators don’t know. It sends the message that everything is fine here, there’s nothing to worry about, and they just go on with business as usual. That’s wrong.”
Internal debates within corporations over whether to disclose a ransomware attack typically involve discussions about two groups that might challenge a material omission in the filings, Stark said. “You worry about the Division of Enforcement at the SEC, and you worry about the plaintiff’s bar,” he said.
Failing to disclose material events to investors and the SEC can spur backlash from both directions. After Yahoo failed to promptly report a data breach (not ransomware) affecting hundreds of millions of accounts, it settled a shareholder lawsuit in 2018 for $80 million and SEC charges for an additional $35 million. Yahoo, now called Altaba, denied the shareholder allegations and neither admitted nor denied the SEC charges.
Whether a ransomware attack that doesn’t expose troves of personal data must be deemed material and reported to the SEC is a closer call. While the ransom demand generally isn’t high enough to be considered material by itself, companies often incur other costs related to the attack — from hiring outside consultants and replacing damaged equipment to paying higher cyber insurance premiums and coping with lost revenues from interrupted operations. There are qualitative considerations as well, from customer dissatisfaction to loss of corporate data. Corporations should weigh “the importance of any compromised information and of the impact of the incident on the company’s operations,” the SEC has said.
The test for materiality is subjective, and companies “absolutely take advantage of the leeway,” said consultant Stephanie Tsacoumis, who teaches a class called Disclosure Under the Federal Securities Laws at Georgetown University’s law school. “I could argue from an investor’s perspective that a ransomware event is significant because it demonstrates that there are flaws in the company’s cybersecurity protections and that’s a threat to their business, and it could be a huge failure of internal controls,” she said. “And therefore it qualitatively is material enough to be disclosed.”
Corporations sometimes warn in filings that they may be affected by ransomware in the future. Tsacoumis said companies may use this generic “risk factor” disclaimer to justify not reporting a specific attack, taking the position that the market already has been alerted about the potential for it, she said. Reporting only a hypothetical risk in the face of real harm, however, can get companies in trouble. In July, Facebook agreed to pay $100 million to settle SEC charges that it disclosed only a hypothetical risk of misuse of user data when actual misuse, not involving ransomware, had already occurred. Facebook neither admitted nor denied the allegations.
From corporate IT employees and senior management to outside auditors, “everybody’s interest is to downplay” an attack, Tsacoumis said. “It’s self-interest. My personal annual evaluation, my bonus, my salary, my promotion. It’s how management looks to the board, and then it’s how the company looks to the public. And they all have an interest in maintaining the stock price. It goes from the individual level to the more macro level and impact on the market.”
John Olson, an attorney who has represented companies before the SEC, said he would advise disclosure when ransomware affects vital business information, finances or customers. “The financial impact could be significant and is certainly embarrassing and does raise questions about how good their cybersecurity is,” he said.
When Beth George was an attorney in the U.S. Justice Department, she worked with the FBI to persuade public companies to cooperate with law enforcement investigations into cyberattacks. Now in private practice in California, she’s one of several former DOJ and FBI officials who don’t recommend to clients that they report ransomware attacks to the bureau.
“I do think the FBI truly believes that they can be helpful to companies when these ransomware attacks happen, but I don’t know in actuality how true that is,” she said. The bureau “lacks the resources to be the cybersecurity responder for every company, and I don’t think they understand their resource constraints. … And as someone who is a former government official, it makes me sad. It’s completely opposite of what we thought our mission was to do in the government, which is to help companies. But the FBI spends a lot of time saying, come to us and we’ll help you, and no time saying, ‘How can we help you?’”
Reporting a crime to the FBI is voluntary. Since 2016, more than 4,000 ransomware attacks have taken place daily, according to statistics posted by the U.S. Department of Homeland Security. Nevertheless, only 1,493 were reported to the FBI in 2018. The bureau said in October that it does not advocate paying ransoms since doing so encourages continued criminal activity, but it added that it “understands that when businesses are faced with an inability to function, executives will evaluate all options to protect their shareholders, employees, and customers.” Regardless of whether victims decided to pay ransoms, the FBI urged them to report ransomware incidents. “Doing so provides investigators with the critical information they need to track ransomware attackers, hold them accountable under U.S. law, and prevent future attacks.”
Fear that an attack will become public knowledge is one of the biggest deterrents to reporting, said Thomas DiBiagio, a former U.S. attorney in Maryland, who now handles internal investigations for corporations. Other corporate concerns include the FBI’s historical opposition to paying ransoms and its reluctance to share intelligence with victims about who might be behind the attack — information that is often considered classified. Companies can turn instead to private cybersecurity firms, largely staffed by former FBI agents, which have no compunctions about paying ransoms, and typically share findings with clients, George said. Working with a consultant rather than the government may also reduce the chance that the news will leak.
Moreover, many attacks originate in countries that do not cooperate with U.S. law enforcement. Last year, the DOJ delivered its first indictment of alleged cyberattackers for deploying a ransomware scheme. The two Iranian hackers were wanted in connection with SamSam ransomware, which paralyzed computer networks across North America and the U.K. between 2015 and 2018. This month, the DOJ indicted two Russians in connection with deploying financial malware that cost victims tens of millions of dollars. Later versions of the malware were designed to facilitate ransomware installation, the DOJ said. Neither the Iranians nor the Russians have been arrested.
Chabinsky, a former deputy assistant director of the FBI’s cyber division, said some businesses report ransomware attacks to the bureau because their cyber insurance policies require them to or because they believe cooperating with law enforcement protects their reputation. But many don’t, feeling the FBI can’t offer much assistance and could create a distraction as “one more party asking you for information during a time of crisis management,” he said. Chabinsky has never advised a client hit by ransomware to contact the bureau, he said.
DiBiagio cited another downside of dealing with the FBI. “Not that I’m saying corporate America is dishonest, but the last thing you want is a bunch of FBI agents crawling around your company,” he said. “There is no benefit whatsoever of you reporting. There’s no incentive. And there’s clearly identifiable cost. It’s the cost, the disruption, the risk they talk to some employee and now you’re under investigation. There’s no upside.”
In an emailed response to questions, the FBI said it “protects the confidentiality of sensitive information it receives.” It said it “works closely” with victimized corporations to protect their interests and make sure they “have all the information needed to reconstitute systems, patch vulnerabilities, and prevent additional attacks.”
“Over the course of many responses to ransomware incidents, the FBI has refined its response protocols to ensure that it is able to conduct investigative activity in the least intrusive way possible,” the bureau said. “When a victim decides to voluntarily work with the FBI, we strive to do only the work required to thoroughly investigate the incident and to do so quickly and with minimal impact on the operations of the company we are working with.”
Langevin, the Rhode Island congressman, said the government needs stronger reporting requirements on cyberattacks so officials can compile more accurate incident data. That data could improve cyberdefenses by helping policymakers and companies decide where to focus their resources. One possibility, he said, is requiring insurers to report incidents to the FBI as they process cyber policy claims.
“All too often these ransomware attacks are being swept under the rug, but we don’t know how broad the problem is until we have real data to look at,” he said.
Theoretically, the federal government has another way of tracking ransomware attacks. Corporations hit by ransomware sometimes hire private firms to pay the cryptocurrency ransom on their behalf, taking a fee for the service. These companies should qualify as “money transmitters” regulated by the Financial Crimes Enforcement Network, or FinCEN, a bureau of the U.S. Treasury Department, said Matt Klecka, a former trial attorney in the DOJ’s Bank Integrity Unit, which works with FinCEN. As such, they should file “Suspicious Activity Reports” to FinCEN on ransomware payments since a criminal is known to receive the money, Klecka said.
Once they register, “they’re known quantities,” Klecka said. “They’re on FinCEN’s radar. Then FinCEN will be looking” at the suspicious activity reports.
Sentinel Crypto Holdings, a Florida firm that pays ransoms on behalf of victims, has registered with FinCEN, and its founder told ProPublica that it has regularly submitted suspicious activity reports. Florida-based MonsterCloud and New York-based Proven Data are not registered. ProPublica reported in May that both firms purported to use their own technology to disable ransomware but often just paid the ransom. Through a spokesman, MonsterCloud CEO Zohar Pinhasi declined to comment.
FinCEN spokesman Stephen Hudak declined comment on whether these companies should be considered money transmitters. If they are registered, he said, they should report ransomware transactions as suspicious activities. “Businesses should contact FinCEN if they are unsure of their registration requirements,” he said.
Proven Data did just that in 2016, when it asked FinCEN if its work facilitating ransom payments on behalf of clients required it to register with the agency as a money transmitter, according to correspondence provided by the company. Proven Data argued that registration was not required because its core business was “a suite of data recovery services,” and that it only paid ransoms when no other solution was available. Proven Data also assured FinCEN that, “in all cases, the company encourages the victim to report the incident to the FBI.” FinCEN agreed with Proven Data’s assessment.
Middlemen transacting ransoms is “troubling” and “unseemly,” Langevin said. “This is an area where law enforcement should be looking because it does facilitate the ongoing practice. These firms need to be looked at and regulated,” he said.
On Columbus Day weekend, ransomware struck Connecticut-based Pitney Bowes. Its clients — which include most Fortune 500 companies — realized something was wrong when they had trouble using the company’s postage meters and some of its e-commerce shipping services. As the Pitney Bowes technical team and outside consultants scrambled to restore operations, chief communications officer Bill Hughes spent the holiday weekend combing through SEC filings to see how other publicly traded companies disclosed ransomware attacks. He didn’t find much.
“I knew there were way more incidences than what was being reflected in the news and in SEC filings,” said Hughes, adding, “In the two or three examples that I found on Saturday or Sunday morning when I researched, it was always ‘malware.’ It was never ‘ransomware.’”
Following precedent, Pitney Bowes first told investors in an Oct. 15 filing that it had been “affected by a malware attack.” But company executives soon decided to be more forthcoming. In an Oct. 17 webinar, the company’s chief data protection officer referred to the attack as ransomware. Posted updates cited the “Ryuk virus.” Ryuk is a notorious ransomware strain that hackers use to encrypt files and command six- or seven-figure ransoms. Pitney Bowes said in a November filing that the “ransomware attack” could reduce annual revenue by 1⁄2%.
A few companies besides Pitney Bowes have dared to invoke the R word. California-based Fluidigm, a maker of biotechnology tools, said in an SEC filing that it had “experienced a ransomware attack” in March that encrypted some systems “containing critical business data.” Agnes Lee, who handles investor relations for Fluidigm, said the company tried “to be accurate and transparent to the extent that we can be.”
Maryland-based media company Urban One said in an earnings call this year that it was “hit by a ransomware attack” costing more than $1 million in recovery expenses and lost revenue. The company’s general counsel, Kris Simpson, told ProPublica that the company was penetrated by the Ryuk strain and did not pay the ransom.
“It really is going on every day, and I think part of the thought process is that everyone is getting hit so it’s kind of ordinary course,” Simpson said. “But I think that we tend to be conservative in our disclosure, so we tend to over-disclose. We just think it’s the right thing to do.”
The post #school | #ransomware | Like Voldemort, Ransomware Is Too Scary to Be Named — ProPublica appeared first on National Cyber Security.
View full post on National Cyber Security
METAIRIE, La. (AP) — Authorities in Louisiana say a woman has been arrested for pretending to be an attorney and stealing $2 million from a client with special needs. Kristina Galjour was arrested Thursday and charged with bank fraud, computer fraud, theft valued over $25,000, exploitation of the infirm and illegally practicing law without a license. The 57-year-old victim has a developmental disability and inherited a trust fund after his parents died. Jefferson Parish Sheriff’s Capt. Jason Rivarde says Galijour coerced the man into thinking she was an attorney and over a three-year period she emptied his $2 million trust fund. The investigation is ongoing. It’s unclear whether Galijour has an attorney.
View full post on National Cyber Security
#school | #ransomware | Ransomware Attacks on U.S. Have Reached “Crisis” Proportions, Governments “Must Do Better”
An unprecedented number of ransomware attacks deployed against government, healthcare and school targets in the U.S., and new attacks that not only lock up but also steal sensitive data, have prompted cybersecurity firm Emsisoft to declare a “crisis.”
An recent attack in Pensacola that “may have resulted in a municipal government’s data falling into the hands of cybercrimals” has also prompted Emsisoft to issue its 2019 “State of Ransomware in the US” report early and hopefully induce an immediate response by governments:
“We believe this development elevates the ransomware threat to crisis level and that governments must act immediately to improve their security and mitigate risks. If they do not, it is likely that similar incidents will also result in the extremely sensitive information which governments hold being stolen and leaked.”
The report describes an, “unprecedented and unrelenting barrage of ransomware attacks that impacted at least 948 government agencies, educational establishments and healthcare providers at a potential cost in excess of $7.5 billion.”
Affected organizations include:
- 103 federal, state and municipal governments and agencies.
- 759 healthcare providers.
- 86 universities, colleges and school districts, with operations at up to 1,224 individual schools potentially affected.
In a ransomware attack, hackers typically deploy malicious software via infected links embedded in “phishing” emails.
Sometimes these emails are spammed out randomly. In other cases, an employee working at a targeted organization is carefully profiled and sent a customized email designed to trick that individual into clicking an infected link.
In the case of one cryptocurrency exchange, hackers determined that someone working there was an extreme fan of a particular type of dog.
The hackers created fake digital materials claiming that a dog show featuring this breed would shortly be held in the employee’s region. The employee opened the email, clicked on a link it contained, and infected the entire exchange’s computer systems. The exchange was later robbed of cryptocurrencies.
In most cases, an organization’s systems are rendered unusable by ransomware and a ransom of cryptocurrencies is demanded in exchange for restoring systems or data.
In May, twenty-one civic agencies in Baltimore were disabled by a ransomware attack.
When Boston legal aid offices were disabled by Russian “Ryuk” ransomware earlier this year, trials had to be postponed, including a trial involving a child victim.
According to Emsisoft, the attacks it has lately witnessed, “put people’s health, safety and lives at risk”:
- Emergency patients had to be redirected to other hospitals.
- Medical records were inaccessible and, in some cases, permanently lost.
- Surgical procedures were canceled, tests were postponed and admissions halted.
- 911 services were interrupted.
- Dispatch centres had to rely on printed maps and paper logs to keep track of emergency responders in the field.
- Police were locked out of background check systems and unable to access details about criminal histories or active warrants.
- Surveillance systems went offline.
- Badge scanners and building access systems ceased to work.
- Jail doors could not be remotely opened.
- Schools could not access data about students’ medications or allergies.
Emsisoft further claims that the escalated success of ransomeware attacks in 2019 resulted from “a perfect storm…(involving) existing security weaknesses and the development of increasingly sophisticated attack mechanisms specifically designed to exploit those weaknesses.”
Fabian Wosar, CTO of Emsisoft, has issued a sober warning:
“The fact that there were no confirmed ransomware-related deaths in 2019 is simply due to good luck, and that luck may not continue into 2020. Governments and the health and education sectors must do better.”
View full post on National Cyber Security
#school | #ransomware | Town Hit by Ransomware; System Shut Down to Limit Damage – East Greenwich News
Source: National Cyber Security – Produced By Gregory Evans By Elizabeth F. McNamara Town Manager Andrew Nota said Saturday the town had been hit with computer ransomware and had shut down the system townwide to evaluate the damage and rebuild. “There have been numerous system breaches in municipalities in Rhode Island, New England and nationally […] View full post on AmIHackerProof.com