now browsing by tag


#school | #ransomware | Oregon Business – Data Risk

Source: National Cyber Security – Produced By Gregory Evans

Small businesses face a heavy risk when it comes to cyber security. The best defense relies on an active, educated employer.

On March 9, 2018, the Oregon Clinic discovered an unidentified party had accessed an email account. The data breach gave attackers access to names, birth dates, medical information, and in some cases, the social security numbers of patients and staff. 

The clinic was able to recover from the attack, and went on to offer patients impacted by the breach one full year of identity monitoring services. 

But other businesses which have been subjected to cyberattacks face more dire consequences.

According to a recent study by insurance carrier Hiscox, the average cost to a business when it is subjected to a cyberattack is around $200,000. 

Small businesses suffer most from these costly attacks. Due to the massive price tag associated with an infringement, 60% of small businesses go out of business within six months of being victimized, according to the National Center for the Middle Market. 

Attackers target small businesses for a variety of reasons. Some try to gain access to employee and client information, such as email accounts, bank numbers and social security numbers. Hackers also install ransomware, which, as the name implies, will hold a network hostage until the business owner pays a fee to be released. 

Hackers also target servers to create a “zombie” network, which uses a business server as a launching pad to conduct other attacks to avoid detection. 

Other attackers, especially ones from foreign governments, take over a network to mine for bitcoins. 

Close to 50% of all cyber attacks are perpetrated against small businesses, which hackers often perceive as low-hanging fruit. According to a report compiled by Verizon, nearly half of small businesses reported a data breach in the past two years. 

Despite the likelihood of an attack, and the relative risk involved, less than half of small business owners reported spending money on cyber security last year. 

This is in part because maintaining a good cybersecurity defense is costly. Unlike virus protection, a business cannot simply install a defensive program against cyberattacks and remain safe.

“The demand for these cybersecurity professionals is so high that the price they command for their services is also very high,” says Dr. Wayne Machuca, lead instructor for Mt. Hood Community College’s cybersecurity program. “This precludes small and medium-sized businesses from being able to afford and adequately staff around their cybersecurity needs.” 

There are 4,600 cybersecurity job openings in Oregon, according to cybersecurity employment website CyberSeek. Despite Oregon’s reputation as a state with a heavy tech sector, there are twice the number of cybersecurity job openings as there are qualified professionals to fill them. 

Ruth Swain is the interim director of the Small Business Development Center at Mt. Hood Community College, which helps small businesses protect themselves against cyber threats through the Oregon Center for Cybersecurity. 

With Machuca’s help, the center has developed a program which allows students in their last year of school to provide training and cybersecurity expertise to small businesses owners and their employees free of charge. 

“We worked with the interns and instructors here to come up with a cybersecurity prevention checklist for small businesses,” says Swain. “The advising is free, so we are encouraging businesses to sign up.”

The program was awarded a grant from the National Science Foundation, and Machuca says they have used the grant money to replicate the program along with its sister colleges.  “It’s really exciting stuff,” he says. 

Skip Newberry, president and CEO of the Technology Association of Oregon and executive sponsor of Cyber Oregon, an organization dedicated to delivering the latest cybersecurity information and best practices to businesses, says businesses which cannot afford a cybersecurity professional on staff should train employees to recognize cyberattacks. 

“The first and best defense is adequate training for employees,” he says. “In this day and age, anyone who uses technology should be trained in how to spot phishing and spear phishing attempts, and best practices for managing passwords, which is how the vast majority of cyber breaches occur within small businesses.”

Much of the training is preventative, but if an attack has occurred, the most important thing for a business is not to keep silent. 

To subscribe to Oregon Business, click here.

Source link

The post #school | #ransomware | Oregon Business – Data Risk appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Cybersecurity incidents at schools nearly triple in 2019

Source: National Cyber Security – Produced By Gregory Evans

Public K-12 education agencies across the nation reported 348 cybersecurity incidents during 2019—nearly three times as many incidents as were publicly disclosed during 2018.

A report from the K-12 Cybersecurity Resource Center, The State of K-12 Cybersecurity: 2019 Year in Review,  says many of these incidents caused significant problems. They resulted  in the theft of millions of  dollars, stolen identities, and the denial of access to school technology systems for weeks or longer.

Student and educator data breaches were the most commonly experienced type of incident in 2019. More than half of these were because of the actions of insiders to the school community, including edtech vendors and other third-party partners. The next most frequent type of cyber incident experienced by schools during 2019 was ransomware.

Data for the report comes from publicly disclosed incidents cataloged on the K-12 Cyber Incident Map. The map and underlying database capture detailed information about two inter-related issues:

  • publicly disclosed cybersecurity incidents affecting public K-12 schools, districts, charter schools, and other public education agencies (such as regional and state education agencies) in the 50 states and Washington, D.C.
  • the characteristics of public school districts (including charter schools) that have experienced one or more publicly disclosed cybersecurity incidents.

The 348 incidents in 2019 involved 336 education agencies across 44 states; 329 of those involved regular public school districts. Suburban districts were the more common target (44.31%), followed by rural (22.75%).

Schools from the Northeast were victimized most often (33.93%), followed by the Central region (27.08%), West (25%) and Southeast (13.99%).

Since 2016, the K-12 Cyber Incident Map has documented more than 775 publicly disclosed incidents affecting students and educators.

Although acknowledging that the odds of experiencing an incident appear to vary by school district characteristics, the report stresses that the resource center “has documented school districts of every size and type that have experienced data breaches, phishing attacks, and ransomware/malware outbreak.”

“School district leaders would do well to understand that no school district is safe from a potential incident,” the report recommends.

Source link

The post #school | #ransomware | Cybersecurity incidents at schools nearly triple in 2019 appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Commentary: Cybersecurity breaches at Texas schools cost taxpayers millions

Source: National Cyber Security – Produced By Gregory Evans

According to data assembled by the K-12 Cybersecurity Resource Center, no state has experienced a greater number of publicly disclosed school cybersecurity incidents in recent years than Texas. These incidents have resulted in the theft of millions of taxpayer dollars, widespread destruction and outages of school IT systems, and large-scale identity theft.

Consider that Manor Independent School District lost $2.3 million in a targeted email phishing scam in January. In similar attacks last year, nearly $2 million was stolen from Crowley ISD, while Henderson ISD lost more than $600,000.

Malicious actors have employed other digital weapons, such as ransomware, to extort money from at least a half dozen Texas districts since 2017. The most recent incident, in Port Neches-Groves ISD, resulted in a $35,000 bitcoin payment to cybercriminals in exchange for the digital keys to restore access to the district’s IT systems. And school vendors such as Pearson have experienced large-scale breaches of student data at the same time that thousands of Texas educators and administrators have had their identities and personal bank accounts emptied by cyberthieves.

Given that schools’ reliance on technology for teaching, learning and operations will continue to grow, trustees and administrators should embrace their responsibility to safeguard their school communities from emerging digital threats.

The passage of Senate Bill 820 by the Texas Legislature encourages school districts to put in place commonsense security controls, but it falls short of guaranteeing such controls will be implemented effectively or in proportion to the threats facing districts.

If school trustees and administrators are to make real progress in managing cybersecurity risks, they will need to foster better information-sharing and cooperation across districts; make the case in their communities for spending time and resources on building cybersecurity awareness, tooling and expertise; and embrace the legislative requirement to develop meaningful cybersecurity policies and plans.

While there is variability in how school districts use and rely on technology, there are more similarities in terms of security challenges than differences. Since cybercriminals target school districts nationwide with the same scams, it is imperative IT leaders in school districts collaborate. Indeed, one of the biggest challenges in responding to these threats is the veil of secrecy surrounding school cybersecurity.

Any meaningful response to the issue will also require more money and more expertise. While state — and even federal — resources would undoubtedly help, school districts will likely have to look for other funding and sources of support. Students, parents and teachers should all be allies in this cause.

While educational technology offers exciting opportunities for students and teachers, its use introduces new risks. While the passage of SB 820 is laudable, it is only one step in a much longer journey to keep Texas school districts cybersecure. In the end, we won’t see fewer successful phishing attacks, fewer ransomware incidents or fewer data breaches until all superintendents and trustees jointly embrace their cybersecurity governance responsibilities.

Doug Levin is president and founder of the K-12 Cybersecurity Resource Center (, which was launched in 2018 to shed light on the emerging cybersecurity risks facing public schools.

Source link

The post #school | #ransomware | Commentary: Cybersecurity breaches at Texas schools cost taxpayers millions appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Ransomware Attacks And Prevention | WSHU

Source: National Cyber Security – Produced By Gregory Evans

Hackers have used viruses to infect and hold municipal and institutional computer systems hostage. It’s happened to school districts in Connecticut and on Long Island. We’ll discuss how cybersecurity experts will prepare for future ransomware attacks, while others try to pay the hackers’ price, with guests:

  • Robert Dillon, Ed.D., district superintendent, Nassau BOCES
  • Phil Boyle, New York state senator, R-Bay Shore
  • Harvey Kushner, Ph.D., chair, Department of Criminal Justice and Cybersecurity, and director, Homeland Security and Terrorism Institute, Long Island University 
  • Fred Scholl, Ph.D., cybersecurity program director and associate teaching professor of cybersecurity, Quinnipiac University
  • Arthur House, former chief cybersecurity risk officer, State of Connecticut

Source link

The post #school | #ransomware | Ransomware Attacks And Prevention | WSHU appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Ryuk Ransomware behind Attack on Florida Library System

Source: National Cyber Security – Produced By Gregory Evans

(TNS) — The cyberattack that took down public-access computers at Volusia County, Fla., libraries last month involved ransomware that has elicited millions of dollars in ransom payments from governments and large businesses.

Volusia County officials say they’ve referred the attack to law enforcement, but would not say which agency is investigating. Emails provided in response to a public-record request indicate the library computers were infected by Ryuk ransomware. The county will not say whether it has made a ransom payment.

“Because it’s under investigation, we have no comment at this time,” said Kevin Captain, a county spokesman in an emailed response to a question about ransom.

Captain confirmed the county’s insurance deductible is $100,000. “The county has no confirmation of cost at this time but will at a later date,” Captain said.

Volusia County provided The News-Journal hundreds of pages of emails about the ransomware incident, some of it redacted because of the ongoing criminal investigation.

At 8:44 a.m. Jan. 9, Brian Whiting, director of information technology at Volusia County, wrote an email to support desk staff stating: “The Volusia County Library is currently being cyber attacked by Ryuk, an attack propagated frequently via email phishing attack.”

Later that day, in another email, Whiting says the IT department has detected “a ten-fold increase in attempted attacks over the past month or so.”

Twenty servers and about 600 computers were encrypted — essentially locked up — by the ransomware. The county was able to restore about 50 computers used by library staff to conduct business, such as checking books in and out, but the public-access terminals would remain down for about two weeks.

One of Volusia officials’ first calls reported the incident to the Center for Internet Security’s Multi-State Information Sharing and Analysis Center (MS-ISAC) in East Greenbush, New York. The Center for Internet Security is a nonprofit organization that works to safeguard private and public organizations against cyber threats.

An emergency response team from MS-ISAC got involved.

Volusia officials soon also contacted their London-based claims adjuster, CFC Underwriting, which became involved in approving expenditures on outside security firms to assist with bringing the system back. Solis Security in Austin, Texas, was also brought into the loop.

And at some point, the county notified the Department of Homeland Security about the incident, according to an email written by Andrew Krasucki of CFC Underwriting.

An email from Joshan Heer of CFC Underwriting to county officials summarized what had been found by midday Jan. 10:

Encryption of the Volusia library computers began at around 1:30 a.m. on Jan. 9, and a ransomware note had been left on a desktop by 7 that morning.

File extensions had been changed to .ryk, indicating the Ryuk ransomware. Volusia County IT staff shut down and disconnected all the computers from the county network.

“It is believed sensitive data is not at risk due to (redacted),” Heer wrote, adding that would have to be confirmed.

“Those who’ve used public-access computers on a network that’s been hit by Ryuk probably don’t have much to worry about,” said Brett Callow, a threat analyst with Emsisoft, a New Zealand-based anti-malware company. “The Ryuk operators have not been known to steal data.”

Cyber defense experts say Ryuk has been used in hundreds of attacks on U.S. governments and businesses since 2018, and in some cases the criminal gang of hackers responsible for the attacks have been paid handsomely.

The cost of these attacks in 2019 was estimated by Emsisoft at $7.5 billion.

At least three Florida municipalities were victimized in June 2019 alone, including:

  • Riviera Beach, a Palm Beach County city of 35,000, which paid 65 bitcoins – or about $600,000 – in exchange for a decryption key from the attackers.
  • Lake City in northern Florida paid about $460,000 in bitcoin to recover data and computer operations.
  • Key Biscayne – a town on a barrier island near Miami – was hit and spent money trying to restore its network.

While it is unclear whether Volusia paid a ransom, Krasucki’s email of Jan. 13 indicated the county might have had a way to restore its data.

“A system state backup stored on an external drive will be utilised to rebuild the active directory structure and the domain controller servers,” Krasucki wrote.

Callow said Ryuk is commonly used in attacks on both the public and private sector and accounts for between 15% and 25% of all ransomware incidents.

SentinelOne, another cybersecurity firm, reported Ryuk ransomware “is largely responsible for the massive increase in ransomware payments.” Where many cyber criminals demand $10,000 to remove the encryption on computer systems, Ryuk operators “demand an average of $288,000 for the release of systems.”

Yet another cyber defense firm, CrowdStrike, identifies the perpetrator of Ryuk as “Wizard Spider,” a Russia-based criminal group.

Callow said exactly who’s deploying Ryuk remains an open question.

“There’s speculation that the group behind Ryuk – and it does appear to be a single group – has Russian ties, but it is just speculation. Attribution is always extremely hard,” he wrote in an emailed response to questions.

“For example, some ransomware contains language exclusions and will not encrypt files if the operating system uses one of a number of specified languages – (post-Soviet) countries, Iran, etc.,” he wrote. “That could indicate origin – groups not wanting to poop in their own backyards – or it could be a false flag designed to misdirect law enforcement.”

Unlike other ransomware, which contain flaws in the encryption allowing security companies to create tools to recover data without needing to pay ransom, Ryuk has no such flaws, Callow said.

“The encryption is perfectly implemented and, consequently, the only way to recover data is to restore it from backups (assuming they were not deleted/encrypted during the attacks) or to pay the ransom,” Callow said.

©2020 The News-Journal, Daytona Beach, Fla. Distributed by Tribune Content Agency, LLC.

Source link

The post #school | #ransomware | Ryuk Ransomware behind Attack on Florida Library System appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | Dutch University Pays $220K Ransom to Russian Hackers

Source: National Cyber Security – Produced By Gregory Evans University president says damage from the ransomware attack “can scarcely be conceived.” The University of Maastricht located in the Netherlands experienced a ransomware attack on December 24 and wound up paying the hackers 200,000 euros or $220,000 in bitcoin to unblock its computers, reports Reuters. “The […] View full post on

#school | #ransomware | Ransomware Attack on Hospital Shows New Risk for Muni-Bond Issuers

Source: National Cyber Security – Produced By Gregory Evans

Hackers have finally done what bond issuers may have feared most from cyber criminals.

A ransomware attack on Pleasant Valley Hospital in West Virginia was partly responsible for the hospital’s breach of its covenant agreement, according to a notice to the hospital’s bondholders from the trustee, WesBanco Bank. It appears to be the first time a cyber attack triggered a formal covenant violation, according to research firm Municipal Market Analytics.

The virus entered the hospital’s system via emails sent 10 months before the cyber criminals asked the hospital for money, said Craig Gilliland, the hospital’s chief financial officer. The information the criminals held for ransom did not contain patient data or confidential data, so it was “more of an annoyance,” he added.

Because of the attack, the hospital was forced to spend about $1 million on new computer equipment and infrastructure improvements, Gilliland said. That cost, along with declining patient volume, caused the hospital’s debt service coverage for the fiscal year that ended on Sept. 30 to fall to 78%, below the 120% the loan agreement requires, according to the material notice to bondholders.

“When we had the cyber attack, we didn’t have the sophisticated anti-virus software that we needed,” he said. “Cyber attacks are effective on smaller hospitals and smaller government agencies who do not have the resources and do not spend the money to proactively get ahead of the curve.”

The hospital did not miss any payments to bond investors. Gilliland said he is not aware of whether or not payments were made to the perpetrators because the attack was managed by a cyber liability insurance carrier Beazley Group. Mairi MacDonald, who manages media relations for Beazley Group, said via email that the company does not comment on specific client matters.

“The resolution of the situation will likely cost the hospital via monetary settlements and security hardening, making a financial rebound a bit more difficult than otherwise,” MMA said in its report. “Pleasant Valley highlights cyber risks as, at least so far, primarily a worsener for most municipal credits.”

Cyber risk is a growing concern for the municipal market. There were 133 publicly reported attacks against health-care providers since 2016, 47 of which occurred in 2019, according to data collected by threat intelligence company Recorded Future, Inc. Health-care providers are at particular risk for cyber attacks because patient care is disrupted, so there is an expectation the hospital will pay to remedy that quickly, said Allan Liska, an intelligence analyst at the company. Health-care providers also use unique software that is often managed by vendors, leaving updates to the software out of their hands.

“You have hospitals and doctors offices that are often forced to run outdated and old software that makes them at risk for these ransomware attacks,” Liska said.

Rising Ransomware Attacks

And it’s not just health-care providers that are at risk. In 2019, state and local governments reported 106 ransomware attacks, nearly double what was reported a year before, according to data collected by Recorded Future. Among them were the Syracuse School District, which said it experienced a cyber attack that could “impact its financial position” according to a July 31 regulatory filing, and the city of Baltimore, which disclosed a cyber attack to investors in its bond offering documents when it borrowed last year.

For Pleasant Valley Hospital, the insurance company Beazley Group “connected the Hospital with other vendors to settle and remediate the issue,” according to the statement to bondholders. To address the decreasing patient volume, the hospital has lowered its labor costs and plans to convert doctor offices into two rural health clinics and to offer a new medical withdrawal inpatient service.

The threat to credit will get worse in the public finance realm before it can be alleviated, said Geoffrey Buswick, an analyst for S&P Global Ratings. Issuers can do all the right things, like protect their network and have proper insurance in place, and still find it difficult to fully offset cyber risks, he added.

“The various actors out there, be it a nation-state or criminal organization or just a rouge hacker, seem to have advanced technologies that are changing quickly,” Buswick said.

–With assistance from Amanda Albright and Danielle Moran.

Want to stay up to date?

Get the latest insurance news
sent straight to your inbox.

Source link

The post #school | #ransomware | Ransomware Attack on Hospital Shows New Risk for Muni-Bond Issuers appeared first on National Cyber Security.

View full post on National Cyber Security

#school | #ransomware | What towns and cities must do to confront the ransomware epidemic | Opinion

Source: National Cyber Security – Produced By Gregory Evans By Diane Reynolds, Bradford Meisel, and Rick Gideon, Jr. America’s city and local governments are under attack from ransomware, which disables entire computer system networks until the victim pays a ransom in cryptocurrency, and the results have been catastrophic. On Dec. 13, New Orleans suffered a […] View full post on

#school | #ransomware | Cyberattack on Morial Convention Center has little immediate effect on events there, but problems may grow | Business News

Source: National Cyber Security – Produced By Gregory Evans The Ernest N. Morial Convention Center, one of the cornerstones of New Orleans’ multibillion-dollar tourism economy, is the latest victim in a string of cyberattacks against city and state computer systems that have had serious consequences for government officials and the public. New Orleanians were left […] View full post on

#comptia | #ransomware | Rancocas Valley High School students blocked from social media, but can stream music video – News – Burlington County Times

Source: National Cyber Security – Produced By Gregory Evans

Federal law requires schools to protect students from inappropriate content. Schools have different standards on what to block, records show.

MOUNT HOLLY — Facebook, Snapchat and Twitter are off-limits.

Apple TV, Amazon Prime and Hulu video are just fine.

At Rancocas Valley Regional High School, cybersecurity systems are set to block student access to social media but allow teens to stream music and video on classroom devices, according to records released after a legal appeal to the New Jersey Government Records Council.

Beginning Nov. 8, this news organization filed open records requests with all Burlington County school districts.

Four months later, on Jan. 10, district officials released the requested information while apologizing for the delay.

“I reviewed the District’s initial response which did not include all of the documents I advised them to produce,” said George M. Morris, attorney for the school district. “Not sure where there was a breakdown in communication.”

Public schools are required by federal law to protect students from inappropriate content.

The information released by area schools districts shows that they have different standards for filtering content, protecting students and staff as well as the equipment financed by taxpayers.

In October, Cherry Hill School District in Camden County discovered some of its computer systems had been locked down and some district computer screens displayed the word “Ryuk,” a term associated with ransomware attacks.

Rancocas Valley is home to some 2,100 students from Eastampton, Hainesport , Lumberton, Mount Holly and Westampton.

In addition to streaming audio and video, Rancocas Valley students are allowed to access shopping, news and media, sports and travel websites, records show. A long list of blocked content includes dating, gambling, pornographic materials, sex education, tobacco, “sports hunting” and “war games.”

So far, records were provided by Bordentown Regional, Burlington City, Burlington Township, Cinnaminson, Delanco, Eastampton, Florence, Lenape Regional, Lumberton, Maple Shade, Medford, Moorestown, Mount Laurel, North Hanover, Palmyra, Riverside, Riverton, Shamong, Southampton, Springfield and Westampton.

Similar records requests are pending with Beverly City, Chesterfield, Edgewater Park, Evesham, Mansfield, the Northern Burlington County Regional School District and Willingboro schools.

Appeals have been filed with the New Jersey Government Records Council.

Under New Jersey’s Open Public Records Act, government agency must respond within seven days after receiving a request. Government agencies “must ordinarily grant immediate access to budgets, bills, vouchers, contracts,” according to the records council.

Source link

The post #comptia | #ransomware | Rancocas Valley High School students blocked from social media, but can stream music video – News – Burlington County Times appeared first on National Cyber Security.

View full post on National Cyber Security