RANSOMWARE | 5 MIN READ
Ransomware attacks pose one of the biggest security threats to both individuals and businesses alike, showing no signs of slowing down as hackers grow increasingly savvy and confident in their abilities. Read more to see our consistently-updated timeline of some of the biggest ransomware attacks of 2020.
The world's biggest currency exchange company, Travelex, was the victim of a ransomware attack starting on New Year's Eve 2019. Their data was held hostage for $6 million, causing the company to go offline for weeks while they sorted out the situation.
The strain of ransomware responsible for the attack is reported to be Sodinokibi, also known as REvil.
RELATED: How Ransomware has Evolved
Richmond Community Schools, Michigan
Officials for Richmond Community Schools, located in Richmond, Michigan, returned back from winter break to find that cyber-criminals had seized control of their servers.
The hackers demanded a $10,000 Bitcoin ransom to return control of the affected servers, which impacted the functionality of telephones, copiers, office technology, and more. So far, Richmond officials have refused to pay the ransom, instead opting to close three schools for a week while they sort out the problem.
Contra Costa County, California
Hackers deployed ransomware to shut down the online network of 26 Contra Costa County library branches the morning of January 3rd. For a little while after the attack, library services such as book check-outs and returns weren't available. Even after restoring these services, the libraries' Wi-Fi and printing services remained down for a while.
Spokespeople for the library system said that since the library doesn't store sensitive financial information such as credit card numbers, they do not believe any personal information was compromised as a result of the attack.
Enloe Medical Center
Enloe Medical Center in Chico, California was hit by a ransomware attack in January of this year, affecting the phone systems of the hospital and clinic as well as the hospital's private network.
Representatives for Enloe do not think that any patient data has been compromised.
Although Tillamook County, located in northwestern Oregon, was hit by a ransomware attack in late January, they were still recovering their systems through early February.
Once the ransomware was deployed, the county’s server, internal computer systems and website were down. To contain the spread of malware, county computer network connections were disabled. Eventually, county officials voted unanimously to pay the cyber-criminals who deployed the ransomware money to recover their systems.
Tampa Bay Times
The Tampa Bay Times, a local news organization, was attacked by a strain of the popular Ryuk ransomware in late January. Thankfully, their systems were restored and they didn't have to pay the hackers any ransom to recover their systems.
The Ryuk ransomware has been making headlines since 2018, typically aiming for larger organizations that hackers can demand a sizable ransom from. This tactic, known “big game hunting” has earned Ryuk's creators and users more than an estimated $3 billion so far.
Electronic Warfare Associates
You may not be familiar with this company, but you may recognize some of their clients. Electronic Warfare Associates, a government contractor, has clients like the Department of Defense, the Department of Justice, and the Department of Homeland Security.
Right at the tail end of January, Electronic Warfare Associates' network was infected with a strain of ransomware that they have yet to disclose further details about.
Besides the big-name clients potentially affected, this particular ransomware attack is notable because although this company develops products like drone jammers and threat systems that are advanced enough to be used by the US government, they still could not keep hackers from attacking their network.
Right at the tail end of January leading into February, TVEyes, a search engine that lets companies track their TV and radio coverage, was hit by a strain of ransomware.
The attack, which was mainly on US networks but a few foreign networks as well, forced the company's platform offline for a few days while company executives dealt with remedying the damage.
TVEyes was likely a prime target because of the thousands of clients' data which their servers host, which is a gold mine for hackers. When companies like TVEyes are attacked, anybody who does business with them are potentially at risk.
And, according to their website, TVEyes has some notable clients such as the New York Times and US Immigration and Customs Enforcement (ICE).
On February 11, NRC Health, which collects and sells vast amounts of healthcare consumer data, was hit by ransomware. The company has over 9,000 customers including prominent healthcare organizations like Cedars Sinai.
The company was likely targeted for the vast swaths of consumer data it holds as well as its big-name clientele. Since patient data was potentially breached, the company could potentially be found at risk of breaching HIPAA, which comes with a host of possible consequences.
Visser Precision, a parts manufacturer for notable clients like Lockheed Martin, SpaceX, and Tesla, was attacked by a relatively new strain of ransomware called DoppelPaymer.
DoppelPaymer, similar to another strain of ransomware called Sodinokibi, coerces victims into paying the ransom by threatening to publish their stolen data online.
Because DoppelPaymer targets large corporations and infects vast numbers of devices within an organization, its users can demand large ransoms.
Kenneth Cole Productions
The creators behind Sodinokibi ransomware threatened to publish stolen files from Kenneth Cole Productions, a large American fashion company, unless they paid a large ransom.
The company, which manufactures luxury fashion brand Kenneth Cole, had cause to worry, seeing as its servers contain millions of customers' data. This attack speaks to the "big game hunting" techniques that are increasingly becoming common among cyber criminals.
Cyber criminals know that large corporations like Kenneth Cole Productions have the money to pay larger ransoms and hold large amounts of valuable consumer data, which is why they are attractive targets.
City of Torrance
Torrance, a city located in LA County, California, was not only hit with a ransomware attack at the beginning of March, but also had their data published online a month later after failing to pay the ransom.
DoppelPaymer, a strain of ransomware that threatens to publish a victim's data online if they don't pay the ransom, was used in this attack. City email accounts and servers were impacted during the attack, which led to a temporary pause in certain city business services.
March is when the COVID-19 pandemic really began to pick up steam in the US. ExecuPharm, a pharmaceutical giant in the US healthcare industry, was hit by CLOP ransomware in mid-March.
In a series of emails with BleepingComputer, CLOP’s creators said that although ExecuPharm is in the healthcare industry, they would not be spared during the pandemic because they were not actively contributing to fighting the coronavirus like hospitals and non-profits.
Data stolen from ExecuPharm, which includes social security numbers, financial information, and more, was published online about a month after the original attack.
10X Genomics Inc.
10X Genomics, a biotechnical company involved in a coalition of companies fighting to find antibody therapies for COVID-19, was not spared from a ransomware attack.
While the creators of the CLOP ransomware issued statements saying that they wouldn't attack companies actively fighting the pandemic, the creators of Ryuk, the ransomware used to attack 10X Genomics, did no such thing.
Though the company was able to resume normal operations relatively quickly, they admitted that some company data had been stolen.
City of Jupiter
The city of Jupiter, Florida was hit with ransomware in late April that left certain government services such as email, utility billing and online payment, and records requests offline for about three weeks.
The strain of ransomware used in the attack is believed to be REvil, a strain that gained notoriety in early 2020 and that has continued carrying out widespread attacks ever since. This attack on the city comes two years after another attack in December 2018 which involved the Nozelesn ransomware.
Cyber security provider Cognizant, an industry giant with Fortune 500 clients, was struck by Maze ransomware in mid-April.
Though the impact to the company's servers seems to not have been that severe, with only some clients being affected, Cognizant expressed concerns that the attack may have impacted their bottom line by as much as $50-70 million in Q2.
This attack serves as a wake up call for all companies to strengthen their cyber security.
Magellan Health, a Fortune500 healthcare company, was also the victim of a ransomware attack in mid-April. The attack stemmed from a phishing attempt that an employee fell for.
Though they stated that they think no stolen information was misused, Magellan admitted that the attacker accessed a corporate service with private information such as names, addresses, tax details and Social Security numbers, and may have used malware designed to steal passwords.
Grubman Shire Meiselas & Sacks
A New York-based law firm used by numerous celebrities was hit with REvil ransomware in mid-May. Celebrity clients such as Lady Gaga and Mariah Carey were among those whose personal information may have been compromised in the attack.
Hackers posted evidence of the hack on the dark web, which included information such as contracts, NDA's, and addresses. Shortly after, the attackers posted hundreds of documents containing files on Lady Gaga to entice the firm into paying the $21 million ransom.
Toll Group, a logistics company with a global presence, was attacked for the second time in 2020 in early May. Following a Malito ransomware attack in February that left some service suspended or limited for six weeks, the Toll Group experienced another wave in early May, this time from a ransomware called Nefilim.
Following the second attack, Toll Group published a statement emphasizing that it would not pay the ransom and would attempt to mitigate the effects of the attack themselves.
As one of the US' largest providers of ATM's and payment technology to banks and retailers, it's no surprise that Diebold Nixdorf was targeted in a ransomware attack in mid-May.
Though the company states that the hackers never touched customer information and the ransom was not paid, the company's size is a testament to how, no matter the size, businesses can be targeted for ransomware.
Even Collabera, an IT staffing and business services giant whose worldwide presence has allowed them to expand their client roster to include a variety of Fortune500 companies, fell prey to a ransomware attack in June of this year.
Maze ransomware was used to attack Collabera's network and steal enough data that they issued a company-wide memo telling employees they would pay for credit and identity monitoring services for up to two years.
This attack shows that even those who you least expect can fall victim to a ransomware attack.
Printing giant Xerox experienced a ransomware attack right at the end of June. The cyber attackers responsible threatened to publish stolen company files, some of which included financial information, on their website unless a ransom was paid.
As proof of their attack, the hackers posted screenshots of some stolen files, which included financial documents and user information, on their website. It is alleged that Maze ransomware, which has gained widespread notoriety this year, was used to carry out the attack.
How Can I Stay Protected from Ransomware?
According to a recent survey from IBM, only 38% of state and local government employees are trained on ransomware prevention. While you cannot with 100% certainty prevent a ransomware attack, there are steps you can take to lessen the odds that a hackers breaks into your system to install it.
In the moments immediately following the attack, before you decide whether to pay the ransom or not, what should you do? According to a report released by the FBI, there are a few actions you should take.
Stay Current with Security Patches and Software Updates
Many people forget or push off updating their anti-virus software or upgrading their firewall.
While we know this process can be a nuisance, every day that you wait to update your cyber security infrastructure after new versions emerge leaves you more vulnerable to ransomware attacks.
If you are able to, enable auto-updates on all security software and schedule any updates for late at night when you're not using your computer.
Strengthen and Protect Your Passwords
Weak passwords are one of the easiest ways that a hacker can break into your network and install ransomware. Consider both strengthening your passwords and protecting where they're stored to better leverage your cyber security infrastructure.
A main focus of any password policy should be to limit how much you write down your passwords. Writing a password down anywhere leaves it susceptible to being found by hackers. If you have too many passwords to remember, consider a secure password-storing program such as MyGlue.
Create passwords that don't use easy-to-find information such as birthdays or your children's names. When creating a password, make sure it's long and complex. Additionally, install two-factor authentication on your devices if possible, seeing as it's a widely used secure method of protecting accounts.
Secure Your Copiers and Printers
Printers and copiers are an overlooked security risk. Whether you are a business who owns corporate machines or an individual with a home copier, there are risks associated with both types.
For instance, personal copiers can have a "print from anywhere" feature that lets you print documents to the copier even when you're away from the office. However, this "print from anywhere" feature has little security because it has to create a hole in your firewall to allow you to communicate with the machine from anywhere in the world. Turn this feature off if you have it.
If possible, consider upgrading to a newer copier or printer. Some newer models created within the last 5-6 years have data security kits that you can enable. These kits can have data encryption functions, which scramble the data stored on your copiers and printers, rendering the information useless to a hacker.
Additionally, on some newer models of brands like Canon and Sharp, data security kits might also have features that, when a document is scanned, copied, or printed, erase those documents from the hard drive sometimes as many as 28 times.
Consider Managed IT Services
If you are a business, especially if you do not have any in-house staff to manage your cyber security, the thought of instituting the changes described above can sound daunting.
Managed IT services can help put all of the above cyber security suggestions and more into action. Managed IT services layers your cyber security infrastructure and then employs a team of IT experts to address any threats or issues that pop up.
To take the burden of updating software off of you, a managed services provider can update all cyber security software for you and install necessary security patches.
Managed IT services can help you create a password policy and role-based security that works for your business too. In the event that a ransomware attack happens or your network goes down, they can reduce downtime by quickly recovering data due to their use of frequent and secure backups.
Ransomware attacks can happen anywhere and any time − are you prepared?
Posted by Erica Kastner
Erica Kastner is a lead Content Specialist at Standard Office Systems as well as a University of Georgia graduate. She aims to use her passion for problem-solving to help businesses understand how to better leverage their cyber security infrastructure.