Make sure to add us or contact us for the latest news
 |
 |
 |
 |
 |
 |
 |
Ransomware Gangs are Targeting Businesses – Be Prepared
Kia Motor Companies apparently got the memo (below) too late and was hit by a $20 Million Ransomware attack by the DoppelPaymer gang. The FBI warned in December 2020 that the gang was targeting companies and to work with authorities before working with the gang to retrieve data. More information about this attack is below – but it highlights how ransomware gangs are actively targeting companies.
Dec 2020: The US Federal Bureau of Investigations says it is aware of incidents where the DoppelPaymer ransomware gang has resorted to cold-calling companies in order to intimidate and coerce victims into paying ransom demands.
The incidents have been happening since February 2020, the FBI said in a PIN (private industry notification) alert, a type of security advisory the Bureau sends to the US private sector on a regular basis to inform them of the latest cyber-security developments.
The FBI PIN alert, sent on December 10, confirms a ZDNet report from December 5 that detailed similar cold-calling tactics used by four other ransomware groups: Sekhmet (now defunct), Maze (now defunct), Conti, and Ryuk.
But while our reporting tracked down phone threats made by ransomware groups to September this year, the FBI says this tactic was actually first seen with the DoppelPaymer gang months before.
“Doppelpaymer is one of the first ransomware variants where actors have called the victims to entice payments,” the FBI said.
“As of February 2020, in multiple instances, DoppelPaymer actors had followed ransomware infections with calls to the victims to extort payments through intimidation or threatening to release exfiltrated data,” it added.
The agency then goes on to detail one particular incident where threats escalated from the attacked company to its employees and even relatives. From the PIN alert:
“In one case an actor, using a spoofed US-based telephone number while claiming to be located in North Korea, threatened to leak or sell data from an identified business if the business did not pay the ransom. During subsequent telephone calls to the same business, the actor threatened to send an individual to the home of an employee and provided the employee’s home address. The actor also called several of the employee’s relatives.”
Threats of violence, as in this case, are usually empty. On the other hand, threats to release or sell the data are not.
The DoppelPaymer gang is one of more than 20 ransomware gangs that operate leak sites where they publish data from companies who refuse to pay the ransom — as a form of revenge.
In many cases, companies ignore these threats and choose to restore from backups, but there are also known cases[1, 2] where companies chose to pay to prevent sensitive information from being released online.
In its DoppelPaymer PIN alert, the FBI recommends that victims secure their networks to prevent intrusions in the first place, and in the case of an attack, recommended that victims notify authorities and try to avoid paying the ransom as this emboldens attackers to carry out new intrusions, enticed by the easy profits they’re making.
Dark Web ID’s Top Threats This Week
United States – Automatic Fund Transfer Services
Exploit: Ransomware
Automatic Funds Transfer Services (AFTS): Payment Processor
Risk to Business: 1.879 = Severe
Cuba ransomware is the culprit of an attack at AFTS, a payment processor that serves state government clients including the states of California and Washington. This cyberattack has caused major disruption to AFTS operations, making their website unavailable and impacting payment processing. The gang claims to have stolen financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents.
Individual Risk: 1.847 = Severe
It is unclear how many individuals may have been impacted. The California Department of Motor Vehicles and several cities in Washington state have released data breach notifications. The potential data exposed varies depending on the city or agency, but may include names, addresses, phone numbers, license plate numbers, VIN numbers, credit card information, scanned paper checks, and billing details.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware at your third party business services partner’s business is also your problem. It pays to make sure that your company’s credentials haven’t been exposed.
IntegraMSP to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>
United States – Kia Motors America
Exploit: Ransomware
Kia Motors America: Ransomware
Risk to Business: 1.381 = Severe
Kia Motors America has experienced a suspected ransomware attack that has had a severe impact on its entire US operation. crippling some functions and impacting others for dealers and consumers. Sevices impacted include mobile UVO Link apps, phone services, payment systems, owner’s portal, and internal sites used by dealerships.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: 50 million
How it Could Affect Your Business Ransomware can come calling at any time at any business with a devastating impact on operations, customer service, productivity and profit.
IntegraMSP to the Rescue: With BullPhish ID, staffers learn to spot and stop the latest phishing-based cyberattacks because we provide fresh content every month for training. LEARN MORE>>
United States – Jones Day
https://siliconangle.com/2021/02/16/law-firm-jones-day-hit-clop-ransomware-attack-files-stolen/
Exploit: Ransomware
Jones Day: Law Firm
Risk to Business: 2.315 = Severe
Clop ransomware says that they’ve hit Jones Day law firm, although Jones Day is saying that their network was not compromised. The Clop gang claim that they’ve got 100 gigabytes of files from servers belonging to Jones Day. They have started to publish redacted files as proof of their successful hit. Jones Day is claiming that those files were obtained from a third party source.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: 50 million
How it Could Affect Your Business: Ransomware can strike any business, and ransomware gangs love to steal sensitive data in order to score higher paydays. Special data needs special protection.
IntegraMSP to the Rescue: Ready to learn more about the ins and outs of ransomware? Learn how to protect your data and your business from cybercrime. CONTACT US>>
United States – Sequoia Capital
https://www.axios.com/sequoia-capital-says-it-was-hacked-590dcdd6-fe49-46c6-8422-60a944272302.html
Exploit: Phishing
Sequoia Capital: Venture Capital Firm
Risk to Business: 1.933 = Severe
Sequoia Capital, a major venture capital firm, announced this week that it has experienced a phishing-related cyberattack. The firm invests in companies like Airbnb, DoorDash, Robinhood and cybersecurity firms like FireEye and Carbon Black. Sequoia’s investors include university endowments, tech executives and charitable foundations.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: More than 65 percent of cybercrime is phishing based. Training employees to spot and stop phishing is essential to avoid becoming one of those 65 percent of hacked companies.
IntegraMSP to the Rescue: Read the IDAgent Security Awareness Champion’s Guide, for a complete walkthrough of today’s nastiest cyberattacks and the tricks that cybercriminals conduct them. GET THE BOOK>>
United States – Underwriters Laboratories
Exploit: Ransomware
Underwriters Laboratories: Safety Regulator
Risk to Business: 2.022 = Severe
Underwriters Laboratories, the oldest and largest device safety certifier in the world, should have checked the safety of their email systems a little more closely. They’ve experienced a ransomware attack that has encrypted its servers and caused them to shut down systems while they recover.
Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.
Customers Impacted: Unknown
How it Could Affect Your Business: Ransomware is a huge hit to every company’s performance and budget – and it’s preventable through security awareness training.
IntegraMSP to the Rescue: BullPhish ID gets your staff ready to fight back against phishing, and that’s something that every business has to make a priority to protect their bottom line. SEE IT IN ACTION>>
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.