The Rising Tide of Ransomware Threats and $400 Million Class Action Lawsuit & more.
Go Back

The Rising Tide of Ransomware Threats and $400 Million Class Action Lawsuit & more.

Nearly 500M class action lawsuit against WHO?

A proposed $480-million class action lawsuit has been filed against five Ontario hospitals, including Bluewater Health, Windsor Regional Hospital, and others, along with their IT service provider, following a ransomware attack on October 23, 2023. The lawsuit, brought by a patient named Robert Smith, claims that the cyberattack exposed patient records, impacted care, and affected approximately 267,000 people. It alleges that the hospitals and IT service provider failed in their "duty of care" to protect personal information, leading to mental health impacts on the plaintiffs. The lawsuit contends that inadequate safeguards allowed cybercriminals to access the computer systems. The hospitals, acknowledging the lawsuit, have not commented further. None of the allegations have been proven in court, and certification by a judge is required for the class action to proceed. The hospitals have stated that they refused to pay the ransom demanded by the cybercriminal group Daixin. (CBC.ca)

It takes something more robust than an IT service provider to protect an enterprise.  

My thoughts: The ransomware attack on Ontario hospitals underscores the need for a holistic strategy to ensure optimal cybersecurity posture. Although it is unclear how the attack took place, here are some fundamentals ways to protect your enterprise. Endpoint security is paramount, and hospitals should invest in robust solutions that offer real-time threat detection and response. Regularly backing up critical data and implementing secure offline storage can thwart ransomware attacks. Network segmentation, coupled with continuous monitoring, could have limited the lateral movement of cybercriminals. Hospitals, along with every enterprise must prioritize cybersecurity hygiene, regularly training staff to recognize and report phishing attempts.

At Assurance IT, we do it all. Send me a message to understand how it works or book a meeting with me.  My Calander

A new wave of RANSOMWARE?

There is a recent surge in ransomware attacks on critical infrastructure, affecting hospitals, schools, and financial institutions. Despite U.S. government efforts, the problem is expected to persist, causing disruptions and delays. Ransomware attacks in 2023 have already surpassed last year's total, with notable incidents reported in healthcare and education. The federal response includes cyber incident reporting laws and funding measures, but results will take time. Slow adoption of cybersecurity tools by organizations and the real-life impact on people's lives highlight the urgency. Progress is underway, but challenges persist, including the difficulty in accurately assessing the ransomware crisis's magnitude, hindering effective law enforcement and federal agency responses. (axios.com)

What’s in store for 2024?

My thoughts: The slow adoption of cybersecurity tools by organizations is a concerning bottleneck, emphasizing the importance of supporting businesses in implementing robust defense measures. The federal response, including cyber incident reporting laws, is a step in the right direction, but it's crucial for both public and private sectors to collaborate actively. Industry-specific cybersecurity frameworks and continuous threat intelligence sharing can enhance the resilience of critical infrastructure against evolving ransomware threats.

Discover how Assurance IT helps enterprises here

The recipe to Cactus Ransomware Group’s Vulnerabilities

Cactus ransomware is exploiting critical vulnerabilities in the Qlik Sense data analytics solution to gain initial access to corporate networks. The ransomware targets unpatched Qlik Sense instances, leveraging two Windows version vulnerabilities (CVE-2023-41266 and CVE-2023-41265) to execute code, initiate new processes, and establish persistence. The attackers use PowerShell and BITS to download tools, including ManageEngine UEMS executables, AnyDesk, and a renamed Plink binary. The campaign involves various techniques to remain hidden and gather information, such as uninstalling antivirus software and changing administrator passwords. To mitigate the risk, Qlik recommends upgrading to specific versions of Sense Enterprise for Windows. Cactus ransomware, active since March 2023, employs a double-extortion tactic and has previously exploited Fortinet VPN flaws for initial network access. (bleepingcomputer.com)

The attackers used PowerShell and BITS, including ManageEngine UEMS executables, but there’s more we don’t know... Be aware. Don’t be a victim.

My thoughts: The Cactus ransomware attack on Qlik Sense highlights the critical importance of prompt software updates and patch management. Continuous monitoring of vulnerabilities and ensuring a swift response to security advisories can significantly reduce the risk of exploitation. Additionally, deploying advanced threat detection solutions, like intrusion prevention systems, can add an extra layer of defense against ransomware campaigns that target unpatched systems. We can chat about it. Feel free to book a meeting in my calendar.

Did this big company PAY THE RANSOM?...

Shimano, a leading cycling component manufacturer, recently fell victim to a ransomware attack by the LockBit cybercrime group. The attackers threatened to release 4.5 terabytes of sensitive data unless a ransom was paid by November 5, 2023. Shimano did not comply, leading to the publication of confidential information, including employee details, financial documents, and client databases. Although it remains unclear if negotiations took place, the incident emphasizes the ongoing threat, with hackers warning of potential future attacks on the company. Shimano, currently investigating the matter, has not disclosed details about the ransom. (biclying.com)

An attack does not only affect a company. It affects everyone. If you protect your company, you’re protecting everyone.

My thoughts: This attack underscores the relentless nature of cyber threats targeting industry leaders. To mitigate such risks, companies must prioritize proactive cybersecurity measures. Regularly updating and patching software, including promptly applying security patches, could have closed potential vulnerabilities. Shimano's decision not to pay the ransom is commendable, but the incident highlights the need for robust backup and recovery strategies. Backup and I stress a recent and working backup, is your last line of defense when hoping to reduce the impact of a ransomware attack. Implementing a comprehensive incident response plan, coupled with employee training to recognize phishing attempts, is crucial to prevent future attacks.

Discover our training solution here

Featured Posts
Cyber Talk

Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.