Ransomware Critici Cover Giacomo Lanzi

Critical ransomware: examples of successful attacks

There have been critical cases of ransomware of note lately. Tor Vergata University suffered an attack that knocked out about a hundred computers. Access to the systems by teachers and students has been blocked. The attack affected a number of documents related to COVID-19 research that were encrypted and then made inaccessible. In addition, two other noteworthy cases shook hospitals in September. The first took place in Germany, in Düsseldorf, where a woman lost her life following an attack that also blocked the machinery that kept her alive. The second happened in the USA and involved UHS (Universal Health Services). In that case, patient care was kept secure, but the IT applications were out of order.

For the uninitiated, ransomware-type attacks happen this way: attackers take possession of the data on a computer and remove or encrypt it. They ultimately render them unusable and require the victim to pay a ransom to free up the data again.

The costs of an attack

According to the Cost of a Data Breach report, a critical ransomware attack can cost an average of $ 4.44M. It is an impressive figure that should make us reflect on the value of data managed by companies and on their protection.

Let’s see in detail some attacks and what consequences they had.

A fatal ransomware

ambulance critical ransomware

For the first time, a woman dies after a cyber attack on a hospital. On September 9, 2020, a critical ransomware attack, launched at a hospital in Düsseldorf, caused the vital systems to which the patient was connected to no longer function properly. The victim had to be transferred to another hospital as quickly as possible. For more than 30 kilometers, the paramedics fought for the victim’s life, but ultimately without success. Many questions remain pending regarding this case, first of all why the machines that kept the woman alive were connected to a hackable network. The investigations continue, however, showing how the network must be protected for the physical safety of users, to avoid tragic consequences.

An attack on research

critical ransomware tor vergata

The access of students and teachers was blocked at the University of Tor Vergata with a critical ransomware attack that made documents concerning the research on COVID-19 inaccessible. The attackers managed to break into systems within hours and encrypt files on hard drives. A month later, no ransom had yet been requested.

Such an attack could slow down the search, hampering the process. Even if no ransom was required, the damage would still be tangible.

Attack on UHS

Fortunately, it finished better than the attack in Düsseldorf, another episode hit areas close to health. Facilities using Universal Health Services (UHS) systems have seen access to the system freeze due to an attack. Fortunately, there were no casualties and patient care was guaranteed all the time, as stated by UHS itself.

Other critical ransomware attacks

Critical ransomware attacks happen all the time and can have non-immediate implications. For example, Fragomen, a New York law firm, suffered an attack and a consequent data breach involving the personal data of some Google employees.

Another attack hit Enel, which was asked for a ransom of € 14M in bitcoin. The attack refers to the download of private data, contacts, databases, financial and customer documents for a total of 4.5 TB. Enel did not provide any press release regarding the attack.

Run for cover

Unfortunately, ransomware attacks are among the most subtle and annoying, because they also leverage a psychological factor of the victim who sees a way out (payment) and tries to cover what happened in order not to lose reputation.Unfortunately, following a successful attack, the data is still breached and security has proved ineffective.

So how do you make sure these attacks are neutralized? Adequate security measures must be implemented to prevent attacks as much as possible and provide a quick response in critical situations.

Security services

Services such as those offered in partnership with Acronis and SOD’s SOCaaS are essential tools for defending your data and corporate network. The first proposed service secures data through backups and monitors file changes. As soon as an encryption attempt is detected, the data is locked and secured to avoid the worst. In the unfortunate event that the attack is successful, backups reduce the severity of the consequences and prevent actual data loss.

SOC as a Service is an all-round solution that monitors all the IT infrastructure referred to. The defense is not specific to a type of attack, but instead focuses on detecting anomalies, even in user behavior, which can indicate ongoing attacks of all kinds.

Prevention

Finally, to verify that your system is protected, it is possible to request preventive services such as Vulnerability Assessment and Penetration Test. These test the infrastructures with controlled attacks in order to stimulate the security response and identify the areas that need to be reinforced. We recommend implementing this type of service regularly throughout the year as a preventative measure.

If you have any questions about the services or want to talk to us about your situation to request an intervention, do not hesitate to contact us, we will be happy to answer your questions.

Useful links:

 

Acronis Disaster Recovery Cloud

The most dangerous Ransomware in 2020

Acronis Active Protection: defense against ransomware 

Contact us


Contact us

Share


RSS

More Articles…

Categories …

Tags

RSS darkreading

RSS Full Disclosure

  • Stored XSS with Filter Bypass - blogenginev3.3.8 December 19, 2024
    Posted by Andrey Stoykov on Dec 18# Exploit Title: Stored XSS with Filter Bypass - blogenginev3.3.8 # Date: 12/2024 # Exploit Author: Andrey Stoykov # Version: 3.3.8 # Tested on: Ubuntu 22.04 # Blog: https://msecureltd.blogspot.com/2024/12/friday-fun-pentest-series-16-stored-xss.html Stored XSS Filter Bypass #1: Steps to Reproduce: 1. Login as admin and go to "Content" > "Posts" 2. On […]
  • [SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269) December 19, 2024
    Posted by Matthias Deeg via Fulldisclosure on Dec 18Advisory ID: SYSS-2024-085 Product: CA Client Automation (CA DSM) Manufacturer: Broadcom Affected Version(s): 14.5.0.15 Tested Version(s): 14.5.0.15 Vulnerability Type: Improper Privilege Management (CWE-269) Risk Level: High Solution Status: Fixed Manufacturer Notification: 2024-10-18 Solution Date: 2024-12-17 Public Disclosure:...
  • [KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities December 17, 2024
    Posted by Egidio Romano on Dec 16--------------------------------------------------------------------------- GFI Kerio Control
  • RansomLordNG - anti-ransomware exploit tool December 17, 2024
    Posted by malvuln on Dec 16This next generation version dumps process memory of the targeted Malware prior to termination The process memory dump file MalDump.dmp varies in size and can be 50 MB plus RansomLord now intercepts and terminates ransomware from 54 different threat groups Adding GPCode, DarkRace, Snocry, Hydra and Sage to the ever […]
  • APPLE-SA-12-11-2024-9 Safari 18.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-9 Safari 18.2 Safari 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121846. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Safari Available for: macOS Ventura and macOS Sonoma Impact: On a […]
  • APPLE-SA-12-11-2024-8 visionOS 2.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-8 visionOS 2.2 visionOS 2.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121845. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Crash Reporter Available for: Apple Vision Pro Impact: An app may […]
  • APPLE-SA-12-11-2024-7 tvOS 18.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-7 tvOS 18.2 tvOS 18.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121844. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple TV HD and Apple TV 4K (all […]
  • APPLE-SA-12-11-2024-6 watchOS 11.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-6 watchOS 11.2 watchOS 11.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121843. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. AppleMobileFileIntegrity Available for: Apple Watch Series 6 and later Impact: A […]
  • APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2 macOS Ventura 13.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121842. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Ventura Impact: An […]
  • APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2 December 12, 2024
    Posted by Apple Product Security via Fulldisclosure on Dec 12APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2 macOS Sonoma 14.7.2 addresses the following issues. Information about the security content is also available at https://support.apple.com/121840. Apple maintains a Security Releases page at https://support.apple.com/100100 which lists recent software updates with security advisories. Apple Software Restore Available for: macOS Sonoma Impact: An […]

Customers

Newsletter

{subscription_form_1}