Cybersecurity news headlines 1-30 April 2020

There are three stories we will report on in this month’s edition of cybersecurity news headlines. Travelex, the company that suffered a major cyber attack back in December 2019, reportedly paid a $2.3 million ransom to restore their systems. Cyber attacks on healthcare continue even during the COVID-19 pandemic, with many hospitals becoming targets. And a Los Angeles county city became a victim of a ransomware attack and has been asked to pay $890,000 in ransom.

Without further ado, here’s what made cybersecurity headlines in April.

Travelex pays $2.3 million ransom to recover from ransomware

On 31 December 2019, foreign currency exchange company Travelex disclosed a cyber attack, which resulted in a downtime that lasted for two weeks. The company was attacked by the notorious Sodinokibi (also known as Sodin or REvil) ransomware gang, which demanded $3 million to restore Travelex’s systems and services. Not only were Travelex systems encrypted, the ransomware operators also threatened to publicly release the stolen sensitive information if the ransom was not paid. Threatening to publicly release highly sensitive information is likely to become a common thing because it puts companies in a very difficult position.

Ransomware operators have told BleepingComputer that they deleted backup files once the company’s entire network was encrypted, and made copies of more than 5GB of personal data. It was not made public whether the company paid the ransom, but Wall Street Journal recently reported that Travelex did indeed pay $2.3 million (285 Bitcoins) ransom to restore their systems. The company has not made any kind of statement about this, likely because the incident is still under investigation.

Whether to pay the ransom or not is a difficult decision to make. Authorities advise against engaging with cyber criminals because paying makes them a target again, as well as encourages further cyber crime. However, for some companies, paying the ransom may be cheaper and less damaging than trying to restore everything from backup.

With every year, ransomware attacks on big companies and organizations are increasing, and with the amount of money cyber criminals can gain from such attacks, that’s unlikely to change any time soon. However, such attacks can often be avoided if companies invest in good cyber security.

Attacks on healthcare continue during the pandemic

The COVID-19 virus has put the majority of countries under temporary lockdown, with many hospitals struggling with the rush of patients in dire need of help. Cyber criminals have hit a new low and are using this pandemic to make money by attacking healthcare organizations, hospitals in particular. During a time when a hospital cannot afford any downtime, a cyber attack would be devastating. Unfortunately, while some ransomware gangs have claimed to have stopped attacking healthcare during the pandemic, a lot of them are performing increasingly more attacks.

International Criminal Police Organization (Interpol) has issued a warning that organizations in the front lines in the fight against the coronavirus are in danger of facing a cyber attack.

“INTERPOL has issued a warning to organizations at the forefront of the global response to the COVID-19 outbreak that have also become targets of ransomware attacks, which are designed to lock them out of their critical systems in an attempt to extort payments,” Interpol has said.

Interpol’s Cybercrime Threat Response team has noticed a significant increase in attempted attacks on healthcare and other key organizations. When a hospital is attacked by ransomware, it is essentially held hostage until the ransom is paid. During this time, hospitals are unable to perform regular services, accessing vital files and systems. During a pandemic, this could have life-threatening consequence.

The US Federal Bureau of Investigation (FBI) has also warned of ongoing phishing attacks targeting US healthcare.

“On 18 March 2020, network perimeter cyber security tools associated with US-based medical providers identified email phishing attempts from domestic and international IP addresses,” a flash alert by the FBI says. The emails had COVID-19 pandemic related subjects and contained malicious files and links.

The FBI has also previously warned government agencies and healthcare organizations of fraud trends related to personal protective equipment (PPE), medical equipment such as ventilators, and other supplies. There have been multiple incidents where state government agencies wire transferred funds to scam sellers before receiving items. According to the FBI, by the time the scam was uncovered, much of the funds had been already transferred and were unrecoverable.

Ransomware hits LA county city and leaks data

The City of Torrance, California has reportedly become a victim of a ransomware attack. DoppelPaymer operators claim to have hit the LA county with ransomware, and are demanding 100 Bitcoins in exchange for file recovery. The perpetrators have told BleepingComputer that they have encrypted 150 servers and 500 workstations, as well as deleted backups. Allegedly, more than 200GB of files were also stolen.

Not only has data been encrypted, but some of it has already been leaked online. A website created by DoppelPaymer to publish stolen data now has a section for the City of Torrance and contains file archives allegedly stolen from the city during the attack. Even if the county decides to pay the ransom, data has already been stolen and could fully be leaked online.

The is not the first time a city become a targeted of ransomware. Many incidents happened in 2019, and they continue to happen in 2020. In June 2019, Lake City and Riviera Beach both suffered ransomware attacks, and decided to pay $460,000 and $600,000 ransoms respectively. The city of Baltimore was also hit by a ransomware attack but decided against paying the $76,000 ransom. While that was the right decision according to all recommendations, it ended up costing the city more then $18 million to recover from the incident.

Some ransomware have changed they way they operate and are now not only encrypting data but also stealing and threatening to leak it publicly. Before, reliable backups and good incident response plans were enough to overcome a ransomware attack. However, if cyber criminals start threatening to release stolen data, that is another set of problems for companies and organizations.

References

1. Lawrence Abrams. Travelex Reportedly Paid $2.3 Million Ransom to Restore Operations. BleepingComputer.
2. Anna Isaac, Caitlin Ostroff and Bradley Hope. Travelex Paid Hackers multimillion-dollar ransom before hitting new obstacles. The Wall Street Journal.
3. Lawrence Abrams. Ransomware Gangs to Stop Attacking Health Orgs During Pandemic. BleepingComputer.
4. Interpol. Cybercriminals targeting critical healthcare institutions with ransomware.
5. FBI. COVID-19 Email Phishing Against US Healthcare Providers.
6. FBI. FBI Warns of Advance Fee and BEC Schemes Related to Procurement of PPE and Other Supplies During COVID-19 Pandemic.
7. Lawrence Abrams. DoppelPaymer Ransomware hits Los Angeles County city, leaks files. BleepingComputer.