Welcome to the latest cybersecurity wrap-up.
From a major US pharmaceutical firm suffering from a ransomware attack (and a data breach) to a hospital in Colorado, the week was marked by an uptick in ransomware oriented stories.
The biggest story was the intrusion last week at a large architectural firm, Zaha Hadid Architects. Hackers stole files from the company's network, encrypted files using ransomware, and are now threatening to release sensitive information on the dark web unless the company pays a hefty ransom demand.
The one bright spot – and in a major turn-around – the group behind notorious Shade ransomware have shut down their operations and released over 750,000 decryption keys along with instructions to help victims decrypt their data. In a message left on a Github repository, the group revealed that it had stopped targeting victims since the end of 2019, however they did not reveal the reasons for shutting down. Whatever their reasons, this is a great development!
Read on for the week’s top cybersecurity stories, and stay healthy.
Top Global Cybersecurity News Stories
National Law Review (April 29, 2020) Unprepared Municipalities Falling Victim to More Ransomware and Cyber attacks
"In March 2020, a smaller municipality of approximately 145,000 people fell victim to a sophisticated ransomware attack. When city officials issued statements to the public that personal information was not compromised, the cybercriminals retaliated. The bad actors flooded the internet and dark web with personal information from a portion of the stolen 200 gigabytes of data, and demanded nearly $700,000 in a ransom payment from the city coffers to make them stop. As a result, not only did the criminals shut down critical city functions with a traditional ransomware attack, they displayed a new and emerging tactic – exfiltration of personal data to extort ransom payments from smaller municipalities.[1] Historically, municipalities have been reticent to pay ransoms, choosing instead to rebuild their infrastructure. However, given that this response is becoming untenable, municipalities are now more lucrative targets."
InfoSecurity (April 29, 2020) Pharma Giant ExecuPharm Suffers Data Breach/Ransomware Combo
"A major US pharmaceutical firm has revealed that ransomware attackers recently encrypted its servers and stole corporate and employee data.
ExecuPharm explained in a breach notification to the Office of the Vermont Attorney General that the incident occurred on March 13, when 'unknown individuals' deployed ransomware to its IT systems and sought payment in return for a decryption key.
'As part of this incident, ExecuPharm employees received phishing emails from the unknown individuals,' it said."
Tech Radar (April 28, 2020) Hackers shut down Shade ransomware and release keys
"The hackers behind the notorious Shade ransomware have shut down their operations and released over 750,000 decryption keys along with instructions to help victims decrypt their data.
The group, also known as Troldesh or Encoder.858 had been active since 2014, mostly targeting users in Russia and Ukraine. In a message left on a Github repository, the group revealed that it had stopped targeting victims since the end of 2019, however they did not reveal the reasons for shutting down.
The hackers have published the decryption keys along with their decryption software aiming that antivirus companies can create better tools to help users decrypt their data. Kaspersky has already verified the keys and announced that it is creating a free decryption tool."
ZDNet (April 28, 2020) Hackers threaten to leak data from high-end architecture firm Zaha Hadid
"A group of hackers has breached the network of Zaha Hadid Architects, one of the world's leading architectural firms, responsible for hundreds of high-end building designs all over the world.
The intrusion took place last week, and hackers stole files from the company's network, encrypted files using ransomware, and are now threatening to release sensitive information on the dark web unless the company pays a hefty ransom demand.
ZDNet learned of the incident from a source last week but was also contacted by the hackers today, who reached out to share a link to the website where they plan to release ZHA data."
Health IT Security (April 28, 2020) Ransomware Shuts Down Colorado Hospital IT Network Amid COVID-19
"Colorado-based Parkview Medical Center’s technology infrastructure was hit with a ransomware attack a week ago on April 21, which caused a number of IT network outages, according to local news outlet KOAA. The hospital is currently serving patients during the COVID-19 pandemic, while they work to recover.
Upon discovering the cyberattack, officials said they engaged with a third-party forensic team to mitigate and investigate the incident. The notice does not detail what systems were affected, when the cyberattack started, nor if patient data was impacted.
The hospital is leveraging paper records to track and treat patients, as they work to restore the impacted systems."
Other Industry News
Microsoft Sway abused in PerSwaysion spear-phishing operation
How the Pandemic Has Led to a Shift in Payment Methods
How Ireland's leaders are cracking the cybersecurity code
COVID-19: Electronic Conclusion of Contracts and E-Signatures in Belgium
BEST PRACTICES: How testing for known memory vulnerabilities can strengthen DevSecOps
Phishers Start to Exploit Oil Industry Amid COVID-19 Woes
Interview: Brett Johnson, ‘Original Internet Godfather’
IOTech: Bridging the OT-IT Divide
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.