Ransomware and phishing scams together account for a majority of the cyberattacks that happen every year. This week’s news headlines cover the major phishing scams from the past few days and re-emphasize the importance of anti-phishing measures for individuals and organizations.
Ransomware Hits Lojas Renner
Brazil’s largest clothing department store chain with over 600 stores across three countries – Lojas Renner recently underwent a ransomware attack that affected its online shopping portal. As per reports, the RansomExx gang is responsible for this attack on Renner, which brought down its IT infrastructure. Some chaos and misinformation were being spread when Renner first disclosed the breach on the Brazilian stock market on 26th August 2021. However, the enterprise confirmed that none of its offline stores were impacted by the breach and that outlets were still open for shoppers.
Though this remains confirmed, some researchers believe that RansomExx compromised the Renner servers by first attacking its IT and digital services provider, Tivit. When asked, Tivit denied having undergone any attacks. Renner, too, was found downplaying the severity of the incident, and it remains uncertain whether the threat actors stole files from its servers. Yet another unconfirmed update about the Renner attack is that the organization paid a ransom of $20 million to the threat actors to procure the decryptor. One can only hope that Lojas Renner adopts phishing protection measures and notifies its online shoppers about the breach in due time.
Email Phishing Scam Targets Revere Health
An employee of the healthcare enterprise Revere Health fell for an email phishing attack recently. Consequently, the medical records of over 12,000 patients were compromised. Although the account was under the control of adversaries for just 45 minutes on 21st June, it is suspected that employee details and patient records were stolen to launch targeted phishing attacks later.
After two months of investigation, Revere Health declared that the adversaries probably had no intentions of leaking the stolen data. Therefore, the attack was categorized as a low-risk one. The compromised information included the DOBs of patients and other details such as insurance provider names. However, no financial information was lost to the breach.
To ensure phishing attack prevention, Revere Health has enhanced its cybersecurity measures to include test-phishing emails. Employees who respond to the test-phishing email need to take the awareness training from the IT department.
Town of Peterborough Loses $2.3 Million to BEC Scam
The Town of Peterborough, New Hampshire, recently underwent a BEC scam in which the city was robbed of $2.3 million. The adversaries used spoofed email accounts to trick town employees into redirecting a $1.2 million monthly transfer to the ConVal School District to their accounts. Similar fraud transactions amounting to $ 2.3 million (equivalent to about 15% of the town’s yearly budget) were redirected to wrong accounts.
The two other fake transactions robbed the payments due for the contractors – Beck and Bellucci. Investigations revealed that the malicious actors converted the stolen funds into cryptocurrency immediately, thus making a recovery of the amount a near-impossible task. The unfortunate update is that the losses may not all be covered by cybersecurity and phishing prevention insurance. Therefore, involved town employees (with no fault of their own except their inability to verify the legitimacy of the emails) were put on leave.
Ransomware Hits The Swiss Town Rolle
A ransomware attack recently targeted the Swiss town Rolle which led to the compromise of the personal details of all the 6,200 residents of the town. The adversaries got into the administrative servers and stole sensitive files. The municipal government presented a different picture of the attack and said none of the significant servers were affected by the breach and had a backup for the exposed files.
However, the reality was quite the opposite. The Vice Society ransomware gang was responsible for the Rolle attack where they stole gigabytes of data and posted it on the dark web. The town authorities kept downplaying the attack and giving false assurance to people being oblivious of these details. The attack was first discovered on 30th May, and investigations revealed that the stolen documents were of sensitive nature.
The town set up a task force of experts to handle the unfortunate breach to ensure protection against phishing. The exposed details are likely to include the names, DOBs, addresses, residency permits (non-Swiss residents), and social security numbers.
Ransomware Hits Eskenazi Health
Indianapolis-based health system Eskenazi Health recently underwent a ransomware attack. The hospital confirmed the incident and said that the adversaries stole patient data before encrypting their systems on 4th August. This eventually led to an electronic health record (EHR) downtime, and their IT team had to take quick actions to contain the attack’s spread. The breach impacted all Eskenazi Health care sites.
However, the attack hasn’t affected any patient care facilities or vaccination efforts, thanks to the hospital’s anti-phishing solutions adopted after previous attacks. However, the local Marion County Public Health Department was affected as it was temporarily unable to issue death and birth certificates.
Investigations into the breach revealed that the adversaries put up some of the data stolen from the hospital on the dark web. This data is now being analyzed to see if it contains any personal employee or patient data. The healthcare provider will notify affected individuals based on the results of this analysis. The hospital has made it very clear that they do not intend to comply with any ransom demands. As Eskenazi Health continues its investigations with the FBI, all other essential services are being taken care of. Patients are to stay cautious and look out for suspicious messages.
Data Breach At Atlanta Allergy & Asthma (AAA)
A renowned name in allergy treatment, Atlanta Allergy & Asthma (AAA), recently underwent a data breach that exposed the health information of 9,800 patients. The compromised information includes the full names, social security numbers, DOBs, treatment information, costs, financial details, provider names, treatment location, health insurance numbers, etc.
Soon after discovering the attack, AAA adopted measures for protection from phishing. It hired an external cyber security organization to investigate the breach, which could not find any evidence of the stolen data being for identity fraud or any other scam.
The AAA attack took place in early January and was detected in March. However, in July, the affected patients were notified of the breach and asked for credit monitoring services. The data stolen from AAA (1.3 GB of data containing 597 PHI files) was posted on the dark web by the Nefilim ransomware gang. The hospital is now being accused of ignoring the protocol of giving early warnings to the victims. Further updates on the case are awaited.
Cyberattack Hits Boston Public Library (BPL)
A cyberattack recently targeted the Boston Public Library (BPL), which led to a system-wide technical outage. With over 4 million annual visitors, BPL has quite a reader base across 25 branches. The attack took place on 25th August and has brought down some of its online services requiring logins. Soon after the attack, all public printing services, online resources, and public computers became un-operational.
To contain the spread of the attack, BPL brought the remaining systems offline as well. They were said to have taken proactive anti-phishing protection measures and launched an investigation. Law enforcement was informed as well, and so far, there is no evidence of any employee or patron data being stolen from the systems.
The IT team of BPL is striving to restore services as soon as possible. It has apologized for the unfortunate system outage and thanks patrons for their patience and trust.