This week’s victims of ransomware attacks included an energy provider, a chemical company, a convenience store chain, hospitals, a university, a city and more, underscoring the shocking spread of this type of cyber crime across the globe.
Ransomware gang LockBit recent crime spree includes alleged attacks on Argentinian power company Grupo Albanesi, Indian chemical business SRF and more than| 200 CEFCO convenience stores in the southern states of the US. All have been issued with a deadline to pay a ransom or see their data published online. The same group has taken credit for encrypting the data of Royal Mail, the UK’s main provider of postal services, seeking a £65.7 million ransom from the company, a demand that the postal group’s board appears to have rebuffed, setting the stage for a potential large-scale leak of company information.
Meanwhile, Community Health Systems (CHS), one of the largest healthcare providers in the United States with close to 80 hospitals in 16 states, confirmed this week that criminal hackers accessed the personal and protected health information of up to 1 million patients.The Tennessee-based healthcare giant said in a filing with government regulators that the data breach stems from its use of a popular file-transfer software called GoAnywhere MFT, developed by Fortra (previously known as HelpSystems), which is deployed by large businesses to share and send large sets of data securely. Community Health Systems said that Fortra recently notified it of a security incident that resulted in the unauthorized disclosure of patient data. The Russia-linked ransomware gang Clop has reportedly taken responsibility for exploiting the new zero-day in a new hacking campaign and claims to have already breached over a hundred organizations that use Fortra’s file-transfer technology — including CHS.
That’s not all. The Israel Institute of Technology (Technion) in Haifa, Israel was the victim of cyberattack carried out by a group called Darkbit, which demanded the equivalent to $1,747,971 in ransom to decrypt its data.
The city of Oakland, California issued a local state of emergency on Twitter on Feb. 14 in order to cope with a ransomware attack.
And, after the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a decryptor for affected victims to recover from ESXiArgs ransomware attacks which target unpatched VMware ESXi servers connected to the Internet, the hackers bounced back with an updated version that encrypts more data. More than 500 hosts have been newly compromised en masse by the ESXiArgs ransomware strain, most of which are located in France, Germany, the Netherlands, the U.K., and Ukraine, according to a February 16 story in The Hacker News.
There has been an 87% year-over-year increase in ransomware attacks targeting industrial organizations in 2022, with 437 out of 605 attacks striking the manufacturing sector, per a new report from Dragos, in part fueled by continued evolution in ransomware-as-a-service (RaaS) models.
Data gathered by the industrial security firm reveals that 189 ransomware attacks were reported in the final quarter of 2022 alone. Top targeted verticals included manufacturing (143), food and beverage (15), energy (14), pharma (9), oil and gas (4), and mining (1).
The European Union Agency For Cybersecurity (ENISA) says the total number of ransomware attacks is likely much larger. At present the total is impossible to capture since too many organizations still do not make their incidents public or do not report on them to the relevant authorities, according to the agency.
Information about the disclosed incidents is also quite limited since in most cases the affected organizations are unaware of how the ransomware gangs managed to get initial access. In addition, some organizations decide to pay the ransom to avoid negative publicity and ensure business continuity. “However, such an approach does not help fight the cause – on the contrary, it encourages the phenomenon instead, fuelling the ransomware business model in the process,” according to an ENISA report on ransomware.
ENISA is exploring ways to improve this reporting of incidents. Europe’s revised Network and Information Security Directive (NIS 2) is expected to change the way cybersecurity incidents are notified. The new provisions will aim to support a better mapping and understanding of ransomware attacks.
The ENISA ransomware report recommends that corporates take the following actions:
- Keep an updated backup of your business files and personal data;
- Make sure this backup is isolated from the network;
- Apply the 3-2-1 rule of backup: 3 copies, 2 different storage media, 1 copy offsite;
- Run security software designed to detect most ransomware in your endpoint devices;
- Restrict administrative privileges.
If your company falls victim to a ransomware attack:
- Contact the national cybersecurity authorities or law enforcement for guidance;
- Do not pay the ransom and do not negotiate with the threat actors;
- Quarantine the affected system;
- Visit the No More Ransom Project, a Europol initiative
ENISA strongly recommends that targeted organizations share their ransomware incident information with authorities to be able to alert potential victims, identify threat actors, support security research, and develop means to prevent such attacks or better respond to them.
IN OTHER NEWS THIS WEEK:
ADVERTISING
Four European Telcos To Form Ad Tech Venture
Deutsche Telekom, Orange , Telefónica and Vodafone Group are forming a joint venture that aims to create a privacy-by-design digital marketing technology platform in Europe. The joint venture is the outcome of a project launched by Vodafone and run by the four operators to develop a technological solution for digital advertising in Europe. The platform has been designed from the outset to be compliant with European data protection policy such as GDPR and the ePrivacy directive. The partners have already initiated a trial in Germany. Other trials are being considered in France and Spain to further develop the platform and it is intended to make it available to any operator within Europe.
The trial platform requires affirmative opt-in consent by the consumer to activate communications from brands via publishers. The only data that is shared is a pseudo-anonymous digital token that cannot be reverse-engineered. Consumers are free to opt in or deny consent with a single click, as well as revoke any other consents given either on the brand’s or publisher’s website, or via a dedicated, easily accessible privacy portal.The platform is specifically designed to offer consumers a step change in the control, transparency and protection of their data, which is currently collected, distributed and stored at scale by major, non-European players.
The four companies will take equal 25% stakes in a newly-formed joint venture holding company, to be based in Belgium and run by independent management under the oversight of a shareholder-appointed supervisory board.
ARTIFICIAL INTELLIGENCE
Top London Law Firm Adopts Chatbot To Draft Legal Documents
Allen & Overy is introducing an artificial intelligence chatbot to help its lawyers draft contracts, as the legal firm seeks to adopt the much-hyped technology to find efficiencies for its lawyers and clients. The London-based group told the Financial Times it had rolled out a chatbot named Harvey after testing it since November for use in tasks such as drafting merger & acquisition documents or memos to clients. Allen & Overy said it had not yet informed clients of the tool, which is now available to any lawyer at the firm and around 3,500 individuals in total. While other groups have been experimenting with similar technology, it is the first known use within a group of London-based law firms that work on the City’s top deals. The move comes as companies across industries explore using the technology, spurred by the November launch of ChatGPT, an AI chatbot from Microsoft-backed OpenAI that can parse text and write convincing answers to questions.
METAVERSE
Tech Giants Separately Close Metaverse Divisions
Two developments this week indicate that the metaverse may not develop as quickly as once hoped. Microsoft shuttered its industrial metaverse division, laying off all 100 employees and China’s Tencent Holdings is abandoning plans to venture into virtual reality hardware, according to a Reuters story. The world’s largest video game publisher had ambitious plans to build both virtual reality software and hardware at an “extended reality” XR unit it launched in June last year for which it hired nearly 300 people.
DATA ACCESS
Insurers, Others Fight For Access To Car Vehicle Data
A broad coalition of insurers, leasing companies, car repair shops and others are calling on the European Commission to propose rules for fair access to valuable vehicle data soon, fearing further delays could see the initiative shelved after European Parliament elections in 2024. Companies in Europe and beyond are vying for control of the crown jewels of the connected car era, namely car manufacturers’ data covering everything from driving habits, to fuel consumption and tire wear which can be used to target cash-generating services.
FOOD
Turning Blue-Green Algaue Into A Smoked Salmon Superfood
SimpliiGood, an Israeli startup, has become the first to use spirulina as a plant-based meat and fish substitute. It wants to reintroduce spirulina to the public as a superfood, rather than just a supplement. And its first product will be a smoked salmon substitute.
To read more of The Innovator’s News In Context articles click here.
