Back in February of this year we covered the hacking of Batavia, Illinois’ municipal workers personal information. In that case municipal worker W-2s were pilfered through a well-crafted spear phishing attack.

Well, this week govtech.com published a story chronicling the woes of Riverside, OH, a small town near Dayton that has been the target of multiple cyber-attacks, some reported as “ransomware” which have resulted in the loss public records.

Computer Virus cripples Riverside Police & Fire Server

Earlier in April of this year a server for the Riverside Police and Fire departments was hit with a virus that denied access to approximately 1 years’ worth of records. The entry vector for that attack appears to have been an email fax.

Secret Service Involved

According the report on govtech.com, U.S. Secret Service agents are investigating the latest attack on Riverside’s computer server. Since the attack investigation is still active the Secret Service is abstaining from discussing the details of the attack and their response.

Data Loss Personal Information Not Released

In the latest attack approximately 8 hours of police and fire reports were lost. Fortunately, most of this data was either backed up on other servers or existed in hard copy form. While police and fire reports often contain personal information there is no indication that personal information was disseminated during the attack.

Atlanta, Rockport, Davidson…

Riverside and Batavia are just two of the many municipalities attacked of late. One of the largest and most costly attacks has been the March, 22 2018 ransomware attack on Atlanta.

That attack locked down 6 separate systems, each held “ransom” for 0.8 bitcoins or approximately $50,000 if a master key was purchased. Atlanta, DHS and the FBI concluded that the ransom should not be paid and according to a report on wsbtv.com the resulting repairs and recovery will cost the city an estimated $2.7 million dollars.

Konsultek Knows Security

Municipalities large and small are being targeted with increasing frequency indicating that cyber-criminals see an opportunity that is ripe for the picking. If your municipal systems haven’t had a security checkup by an independent 3rd party in the last 12 months you might consider contacting Konsultek to learn about our vulnerability assessments. When it comes to security, an ounce of prevention is certainly worth far more than a pound of cure.

 

read more

Michigan PA 95 and PA 96 were signed into law on April 2, 2018, closing a loophole that allowed cybercriminals to possess ransomware legally according to statescoop.com. Prior to these laws taking effect cybercriminals could only be charged after a cyberattack took place even if an individual was suspected of planning an attack and indeed had possession of ransomware.

Minority Report?

The law has a bit of a Minority Report quality to it. In the 2002 film Minority Report starring Tom Cruise people could be charged for committing murder before they actually did anything because a group of gifted “pre-cogs” could look into the future and predict crimes before they happened.

While one could argue that there is no reason anyone should own ransomware unless they intend to use it, hundreds, if not thousands of security researchers might argue differently.

Just the Facts

The two laws criminalize “possession of ransomware” with the intent to use or employ that ransomware or the purpose of introduction into the computer, computer data, computer system, or computer network of another person, without authorization of the other person.”

There were more than 1,300 reported cases of ransomware attacks in Michigan in 2017, according to FBI statistics. In 2016 a ransomware attack on Lansing Power and Light in 2016 cost nearly $2 million. According to Michigan State Representative Brandt Iden it was that incident that drove ransomware law reform forward in the state legislature.

Getting Tough is the Trend

Michigan is the latest state to take large measures to address and contain cybercrime. Georgia recently developed an ”unauthorized access” computer crime bill which essentially makes it a crime to gain unauthorized access to a network under any circumstances. This has many gray-hat hackers extremely concerned since they derive their livelihood and help protect us all by gaining unauthorized access on a daily basis.

Konsultek Means Security

While cyber-crime laws can help prosecute and potentially deter cyber-crime, organizations need to make sure that they are doing their best to protect and secure their networks and data. That’s where we come in. As network security experts we develop custom, holistic security solutions for organizations of all shapes and sizes. If you and your organization are ready to take your security to the next level give us a call or hit us up on our contact form.

 

read more

WannaCry burst onto the world stage in May, caused incredible levels of disruption around the globe and then just as quickly died when British hacker Marcus Hutchins fortuitously found a hidden “kill switch” in the code and successfully activated it.

The destruction left in WannaCry’s path was enormous. Assets in more than 150 nations were affected as the ransomware locked up digital databases and files, demanding that ransoms be paid for their release. Notable victims included Britain’s National Health Service, Germany’s national railway and multinationals Nissan and Renault.

Unified Nations Officially Blame North Korea

In a Wall Street Journal op-ed US Department of Homeland Security Advisor Tom Bossert declared North Korea was “directly responsible” for the attack and would be held fully accountable for it.

According to CNN the United Kingdom, Microsoft, the Australian, Canadian, New Zealand and Japanese Governments all came to a similar conclusion regarding the culpability of Pyongyang.

It Could Have Been Worse, Much Worse

Had the kill switch not been found (or not ever existed!) who knows the extent of what WannaCry might have done before a different solution was discovered. One thing is clear, having a completely robust security solution in place that includes secure data backup is a must moving forward. If your current security solution is out of date or incomplete please give the Engineers at Konsultek a call. Your security is our business.

 

read more

In two prior posts we have discussed the impact Petya has been having on the profits of multinationals that had fallen victim. Last week, according to Bloomberg, FedEx announced it would be reducing its profit forecast by $300 million because of the impact Petya had on its Europe based TNT Express business unit.

Most Operations Restored by Quarter’s End

Operations returned mostly to normal by the end of the 3rd quarter but the logistics giant confirmed that when Petya’s crippling effect was at its peak they were forced to process some transactions by hand. The $300 million dollar hit to profits reflects a combination of lost sales, recovery costs and “stepped up” technology investments.

Relatively Isolated Impact

Fortunately for the logistics behemoth, FedEx’s broader global business was not impacted by the Petya attack which has had its ingress traced back to tax software used in the Ukraine. Still the impact of the Petya virus has been substantial and has accelerated the technology integration of TNT with FedEx’s Express air-shipping unit in an effort to get away from the legacy IT systems that were inherited.

Far Worse than Wanna Cry

We’ve reported previously that Petya has been far more disruptive and costly than WannaCry to large companies and FedEx provides a particularly useful case study since the company has been hit by both. In May, WannaCry came calling on FedEx and reportedly “didn’t cause a material disruption to its systems or raise operating costs”, according to Bloomberg.

Prevention is Better than Cure

Petya, WannaCry and other cyber-attacks can be enormously costly and yet, once the forensics have been done they often show that the attack could have been prevented had a well-managed, holistic security plan been in place. At Konsultek, we’ve been designing and implementing such plans for organizations ranging in size from small medical offices to large, mulit-national airlines.

The time to begin discussions about improving your network security is today, before you and your organization have a revenue and profit disrupting event. Please give us a call, our security team is always ready to listen to your unique situation.

 

read more

In an earlier post we discussed the impact Petya was having on the profits of multinationals that had fallen victim. Today, according to Bloomberg news we learned:

A.P. Moller-Maersk A/S said a cyberattack that hit the owner of the world’s biggest container shipping company at the end of June will wipe as much as $300 million off profits in the third quarter.”

Maersk, like the other victims found much of its IT systems crippled by Petya. This prevented the world’s largest shipping company from taking orders for several days.

“These system shutdowns resulted in significant business interruption during the shutdown period,” Maersk reported. The financial impact in the second quarter was “limited,” but “the impact in the third quarter is larger, due to temporary lost revenue in July,” it said.

According to Maersk, the Petya attack’s impact was confined to operational difficulties and there was no loss of data.

3 Other’s Lose Millions as Well

Reckitt Benckiser, has put some more exact figures to their Petya related losses. The U.K.-based consumer products conglomerate reported last week that the Petya disruption would trim a whopping 90 million pounds from its projected 2017 sales. Petya disrupted 2,000 company servers and temporarily disabled 15,000 company laptops.

Beiersdorf AG , best known for its Nivea skin-cream brand has reported a Petya related cost of 35 million euros ($41.5 million) in first-half sales. Further costs will likely be attributed to the attack once the impact of held inventory and disrupted production is full quantified.

Cie. de Saint-Gobain, the French building materials manufacturer  has reported the cyber-attack would lower sales about 250 million euros in 2017 year.

Some European Companies Get Proactive

Companies are now piling up the sandbags” as reported in a related article on Bloomberg.com in which several companies described proactive measures they are taking in advance of the next cyber-threat to land at their doorstep.

Two examples are, Germany’s national Deutsche Bahn railroad which created a “cyber rapid deployment force” of highly trained IT specialists with computer-threat experience to be available around the clock against future attacks, a spokesman said. And U.K. advertising agency WPP Plc . They plan to increase their investment in IT security after Petya spread across the agency.

Prevention is Better than Cure

Petya, WannaCry and other cyber-attacks can be enormously costly and yet, once the forensics have been done they often show that the attack could have been prevented had a well-managed, holistic security plan been in place. At Konsultek, we’ve been designing and implementing such plans for organizations ranging in size from small medical offices to large, mulit-national airlines.

The time to begin discussions about improving your network security is today, before you and your organization have a revenue and profit disrupting event. Please give us a call, our security team is always ready to listen to your unique situation.

 

read more

While targeted attacks on the medical profession have been splashed across the headlines with  regularity over the past few years, less hoopla has been raised about another profession that may be just as lucrative for hackers and cyber criminals – the legal profession.

With the exception of the “Panama Papers” leak at international law firm Mossack Fonseca the news has been relatively devoid of law related hacks. However, we expect to see that change because law firms make very attractive targets for hackers.

Why? A couple main reasons come to mind.

1. By their very nature, law firms deal with highly sensitive and confidential information. Also, security at law firms (and I’m generalizing here) tends to be lax when compared to medical firms of a similar size. Medical firms have had to deal with HIPPA since 1996 and that has prompted them to have a more security oriented mindset.

2. Law firms, especially small to midsize firms, often don’t have the resources internally to create and manage a top-notch security program.

DLA Piper Succumbs to Petya

In late July we saw a second large law firm hit with an attack. The $2.5B law firm DLA Piper didn’t have documents leaked, but rather had them held for ransom or wiped entirely when they were infected with the Petya virus which we have previously discussed here. While the final disposition is unknown at this point the financial impact is expected to be at least in the millions.

How Should Small and Medium Sized Firms Protect Themselves?

Unfortunately, purchasing off-the-shelf-solutions that are little more than dressed up consumer level security solutions is just not going to cut it. A law firm needs a higher level of security and that includes upgrading procedures, processes, software and hardware. The ABA has published a comprehensive cybersecurity handbook that provides excellent guidance.

Managed Services the Simpler, More Cost Effective Approach to Security

Another approach for small to mid-size law offices is to outsource their security to a security expert such as Konsultek. In addition to always having access to the latest cutting-edge security approaches a “managed security” service can save money by avoiding costly capital expenditures and the need for a

 

read more

The website, nomoreransom.org, began as an offshoot of the collaboration between McAfee, Europol, the Dutch National Police and Kaspersky one year ago. Since that time the site has grown to represent the collaborative efforts of over 109 security and law enforcement partners including Konsultek partners Checkpoint according to the website ZDNet.com.

Popularity Exceeds Forecast

When pioneering partner and chief scientist at McAfee, Raj Samani, set out to find hosting for the fledging site he figured that it would become popular because of its subject matter but his estimates of just how popular were way too low.

“Part of my responsibility was to find a hosting provider and I remember at the time I was asked how many HTTPs requests do you think you’ll get a day and I thought 12,000 a day would be reasonable,” says Samani.”

To put things in perspective, during the peak of the WannaCry incident the site received more than 8 million hits!

Open Collaborative Sharing and Free Hosting from AWS

What has made nomoreransom.org so successful and such a thorn in the sides of aspiring ransomers is the fact that there are so many partners, each with different perspectives and insights and they are all sharing information freely for the greater good of all. Another huge benefit is that while law enforcement agencies are frequently hampered by the nature of their bureaucracies and the rule of law when they want to act directly, by cooperating with the other partners in the group such as security companies they can effect change more quickly.

AWS is supporting the project by hosting the website (and the enormous amount of traffic and bandwidth) for free. Nice job Amazon!

On the flipside, security firms can’t seize an identified botnet by themselves but by collaborating with law enforcement agencies that can, they now have a more direct path to taking down bad actors.

A Model Similar to Konsultek’s

Konsultek collaborates with the best security companies in the world like Checkpoint, CarbonBlack, Aruba, Forescout and others to develop security solutions that no single company alone could provide by themselves. If it is time for your organization to step up to world class security solutions then by all means give us a call!

 

read more

Last Thursday within hours of one another two huge consumer multinationals announced that their second quarter earnings would be negatively impacted because of Petya based cyber-attacks.

According to the Financial Times, Mondelez International, purveyors of confections including Cadbury chocolates and Oreo cookies announced their financial pruning just a few hours after UK-based consumer goods conglomerate Reckitt Benckiser had announced theirs.

Petya Having a Greater Impact than Wanna Cry

If you were to look at a map of the distribution of Wanna Cry vs Petya you might think that Wanna Cry would be having the larger negative impact on global enterprises. However, this is turning out not to be the case, with Petya causing far more turmoil within large corporations because files are vanquished, not held for ransom.

From the Financial Times

“Cyber security experts dealing with the attack, which started in Ukraine, have advised stricken clients there is no hope of recovering infected systems. Unless organisations have backups of encrypted data, it is lost for good, they have warned. Western security officials say the severity of Petya’s impact points to its true purpose: not monetary gain, but pure destruction. Researchers at many of the world’s largest cyber security firms — including FireEye, Talos, ESET, Symantec and Bitdefender — have come to the same conclusion. “We believe with high confidence that the intent of the actor behind [Petya] was destructive in nature and not economically motivated,” Talos, the cyber security arm of Cisco told clients this week.”

Security Needs a Holistic Approach

What’s next? No one knows for certain, but with the NSA’s bag of tricks having been released into the wild a little under a year ago you can bet that the number and potency of attacks is only going to get worse. A holistic approach to security that includes encrypted data backup is going to become de ri·gueur.

At Konsultek we assess each client’s needs and develop security solutions that meet those needs in the most economical way possible. If this sounds like a sensible approach to security to you, give us a call to discuss your particular situation.

 

read more

Having your sensitive information held for ransom is never good. But what if your sensitive data were the before and after pictures of tens of thousands of plastic surgery patients that had entrusted their bodies, faces and privacy to your clinic?

How much ransom would you pay to keep your patients most intimate secrets private? That is exactly the dilemma facing the Lithuainian based Grozio Chirurgija clinic and its director Jonas Staikunas according to the BBC. And apparently the ransom demanded was more than the director was willing to pay…

 

“An Outrageous Fee”

The breach, perpetrated by the Tsar Team, this April was quickly followed up with a ransom demand the group called “a small penalty fee” – 344,000 Euros – for having a vulnerable network.

On Tuesday this week the images were made public after the clinic refused to pay the ransom. On or about the same time, the hackers started contacting individuals with compromised images directly demanding smaller, single serving ransoms of up to $2,000 Euro.  Tsar Team has also lowered the demands for the whole database to 133,500 Euro stating “a lot of people have paid us to delete their data.”

Medical Facilities Will Continue to be Targeted

With their highly sensitive and personal data, as well as life-support systems ripe for extortion, medical facilities will continue to be targeted by opportunistic cyber-thieves looking to cash in. The recent ransoms of the MedStar Health Network and the Hollywood Presbyterian Medical Center in Los Angeles are just two of the more well publicized breaches. On the heels of WannaCry, you can bet there will be more.

Konsultek Can Help

Our custom security solutions for the medical industry help eliminate the vulnerabilities cyber-criminals use to gain access to sensitive data. So, if you don’t “wanna cry” over lost records or ransoms, please give us a call. Our experienced team is ready to help get your network secure and make sure you never have to cry or shed a tear again!

 

read more

We’ve reported on the rise in ransomware attacks previously. Ransomware is readily available for purchase on the Darknet and requires relatively little sophistication to use. This makes it very popular among cyber thieves looking to make a  quick buck holding individuals and organizations hostage.

Image Courtesy of Kaspersky Lab

However, it appears that competition may be heating up in the ransomware space and some speculate that this infighting may be a boon to would be victims because it consumes resources that may otherwise be used for mayhem.

Petya Code Stolen?

Petya, a particularly virulent strain of ransomware that was a pioneer in the malware-as a-service offering, has apparently had its code (or at least key portions of it) by a group that has used the stolen code to create and launch an even more nasty version they dub PetrWrap.

In use since February, PetrWrap uses its own cryptographic keys to lock down a user’s data rather than relying on the “stock” keys that come with a paid subscription to Petya.

Competition Eating Itself?

“We are now seeing that threat actors are starting to devour each other. From our perspective, this is a sign of growing competition between ransomware gangs,” says Anton Ivanov, senior security researcher at Kaspersky Lab. He further postulates “Theoretically, this is good, because the more time criminal actors spend on fighting and fooling each other, the less organised they will be, and the less effective their malicious campaigns will be.”

Konsultek Can Help

Whether this increased competition is good or bad for individuals and organizations will only reveal itself in the months and years ahead. In the meantime we urge you take as many precautions as possible including:

1. Routinely backing up all critical data on drives that are secure.

2. Implementing a robust threat prevention, detection and mitigation strategy

3. Proactively performing penetration tests and other types of network security challenges to identify areas of weakness prior to them allowing ingress by outside threats.

If you would like to discuss best practices in any of these areas, please give us a call. We are here to help!

 

read more