Cyber News Rundown: May 21, 2021

  • 21 May 2021
  • 1 reply
  • 197 views
Cyber News Rundown: May 21, 2021
Userlevel 7
Badge +6

Guard.me Insurance Provider Suffers Data Breach

Last week, insurance provider, Guard.me, announced they had discovered illicit activity on their website and had to take several of their systems offline. While the company has confirmed that they have fixed the vulnerability that allowed attackers to access the site, they have also revealed that a substantial amount of customer data was exposed during the breach. The company has begun contacting customers who may have been affected and is working towards improving their overall security.

Darkside Group Cashes out over $90 Million

After less than a year operating as a Ransomware-as-a-Service, the Darkside group seems to have taken their earnings and quietly disappeared, following the controversial Colonial pipeline attack. In a mere 9 months, the group was able to extort roughly $90 million in ransom payments from 47 different victims, with $20 million of that coming in February 2021 alone. The same group will likely return in the future using a different name and possibly some new tactics.

AXA Insurance Faces DDoS Threats

Following a ransomware attack that may have compromised several terabytes of data from AXA insurance branches across the globe, the company is now also facing threats of DDoS attacks if they fail to pay the ransom. Most of the stolen data is highly sensitive patient information. With a timeframe of only 10 days to make the payment, the group is hoping for a rushed decision. This attack may have been precipitated by AXA’s recent decision to cease reimbursement for customers who paid ransoms to retrieve their data.

Irish Health Services Bombarded by Conti Ransomware

Over the past week, both the Irish Department of Health (DoH) and Ireland’s Health Service Executive (HSE) fell victim to ransomware attacks from the Conti group. Interestingly, although the servers were breached and the ransomware payloads were dropped, the encryption portion of the payloads appears to have been caught by antivirus software and removed before it could encrypt the systems. This attack has forced both the DoH and the HSE to take their systems offline temporarily to prevent the infection from spreading and causing further damage.

Europe sees spike in Bizarro trojan attacks

After years of causing havoc in Brazil, the Bizarro banking Trojan has been on a significant upward trajectory. More than 70 banks throughout South America and Europe have already fallen victim. Bizarro spreads through malicious email campaigns and begins its attack by killing all current browser processes and waiting for the user to re-open the session and re-enter any credentials for banking websites or other vital sites.


1 reply

Userlevel 7
Badge +25

Why are all these data systems not backed up constantly to an off system  protected service?  For the cost of one ransomware payment, you could buy or build one hell of a backup system just to hold data. 
 

There is a real need for an efficient data backup system that replicates open databases (the hardest part of the problem I know) and copies them on a tight, regularly schedule. Or replicates a shadow copy elsewhere. A  transaction log, sent to a “print system” (a second computer that responds like a printer and records all transactions, saves paper) gets you the data possibly lost over the last backup interval. 
 

Sure, the backup might copy the malware (less likely if only moving data), but when attacked, you have a good idea what to look for by just examining the diffs in backups.  And keep a clean restore image of the system and apps so you can do a quick restore on the machine, maybe paying a ransom  is unnecessary if 99+% of your data is in tact and the rest in off-system logs.

What am I missing here? We had a smaller system attacked by ransomware, we formatted it clean, restored it from an offline clean image, and then restored the database in a day or two (took time to rebuild.) The transaction logs gave us the small amount of data not backed up. It may even be faster than decrypting the data IF you even get a real key. 

Am I being to naive to think this could work on a larger scale?
 

 

Reply