The Week in Breach: Ransomware scores at Manchester United; Managed.com hit by REvil ransomware

Make sure to add us or contact us for the latest news

The Week in Breach: Featured – Managed web hosting provider Managed.com was hit with REvil ransomware that forced it to take down their servers and web hosting systems.

Managed web hosting provider Managed.com was hit by a REvil ransomware attack over the weekend that took their servers and web hosting systems offline.

Early this week, the provider disclosed the incident and announced the launch of an investigation.

According to ZDNet, Managed.com initially said that the incident only impacted a limited number of customer sites, but a few hours later it was forced to take down its entire web hosting infrastructure.

Impacted systems included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers.

The company reported the incident to law enforcement and started working to restore its infrastructure.

The company only disclosed the ransomware attack on Tuesday and explained that it was forced to shut down its infrastructure to protect the integrity of its customer’s data.

“November 17, 2020 – On Nov.16, the Managed.com environment was attacked by a coordinated ransomware campaign. To ensure the integrity of our customers’ data, the limited number of impacted sites were immediately taken offline. Upon further investigation and out of an abundance of caution, we took down our entire system to ensure further customer sites were not compromised. Our Technology and Information Security teams are working diligently to eliminate the threat and restore our customers to full capacity.” reads an update published by the company. “Our first priority is the safety and security of your data. We are working directly with law enforcement agencies to identify the entities involved in this attack. As more information is available, we will communicate directly with you,”

BleepingComputer, citing multiple sources, states that Managed.com was hit by the popular REvil ransomware gang that is demanding a $500,000 ransom in Monero to receive a decryptor.

The REvil ransomware gang is known to use a double extortion model threatining to leak online files stolen from the victim, but it is not clear if they stole unencrypted files before encrypting devices of the provider.
REvil gang is one of the major ransomware operations, it has been active since April 2019, its operators claim to earn over $100 million a year through its RaaS service.

In a recent interview with the public-facing representative of REvil, the ransomware operation claims to earn over $100 million a year in extortion payments.

The list of the victims of the group is long and includes Travelex, Kenneth Cole, SeaChange, Brown-Forman, BancoEstado, Grubman Shire Meiselas & Sacks (GSMLaw), Valley Health Systems, Telecom Argentina, and Lion.

The Week in Breach News – United States


United States – Managed.com

https://securityaffairs.co/wordpress/111154/cyber-crime/managed-com-revil-ransomware.html

Exploit: Ransomware

Managed.com: Web Hosting Provider

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.402 = Extreme

REvil has had a nasty impact at this web hosting provider, causing a complete shutdown of company systems. The company says that a “limited number” of customer sites have been affected. Impacted functions included WordPress and DotNetNuke managed hosting platforms, online databases, email servers, DNS servers, RDP access points, and FTP servers.

Individual Risk: Managed.com has not released any information about potential client impact, although the company did note that they’d taken measures to secure client data.

Customers Impacted: Unknown

How it Could Affect Your Business: Third party risk is a growing problem for every business, especially as cybercriminals target more centralized service and infrastructure companies.

IntegraMSP to the Rescue: Your customers need solutions that protect their data from risks like this. Our solutions can help in two ways: securing their data and securing your MRR with Goal Assist to close more deals! LEARN MORE>>


United States – Mercy Iowa City

https://www.kcrg.com/2020/11/18/mercy-iowa-city-reports-data-breach-over-60000-iowans-affected/

Exploit: Unauthorized Access

Mercy Iowa City: Medical Center

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.631 = Moderate

An unauthorized user gained access to an employee email account at this Iowa hospital, leading to the potential exposure of sensitive data for thousands of patients. There’s no confirmation that data was stolen, but the hospital is warning patients of the possibility The incident was discovered after the compromised account began sending out spam and phishing messages.

cybersecurity news represented by a gauge indicating moderate risk

Individual Risk: 2.502 = Moderate

The hospital has not yet confirmed that any data was actually accessed or stolen, but they sent out a letter warning patients of the potential breach. Information that may have been compromised includes patient names, Social Security numbers, driver’s license numbers, dates of birth, medical treatment information and health insurance information.

Customers Impacted: 60,000

How it Could Affect Your Business Password compromise leads to major trouble. Even small incidents like this can quickly turn into huge problems if access to sensitive data isn’t carefully controlled.

IntegraMSP to the Rescue: Passly gives you more control over access points to systems and data with Single Sign-on and individual user LaunchPads that enable IT staff to quickly add and remove access. BOOK A DEMO>>


United States – TronicsXchange

https://www.infosecurity-magazine.com/news/80000-id-cards-fingerprint-exposed/

Exploit: Misconfiguration

TronicsXchange = Used Electronics Dealer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.992 = Severe

A big error at TronicsXchange has led to a big problem, as sensitive customer data was exposed on a misconfigured database. Over 2.6 million files, including ID cards and biometric images, were left open and leaking in a misconfigured AWS S3 bucket. The data appears to be older and is primarily comprised of California residents.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.222 = Extreme

The data that was exposed was seriously sensitive and has the potential for massive troublemaking. Millions of files were leaked including extremely sensitive information like approximately 80,000 images of personal identification cards such as driver’s licenses, and 10,000 fingerprint scans. The leaked driver’s license photos expose even more information about that individual, including license number, full name, birthdate, home address, gender, hair and eye color, height and weight, and a photo of the individual, among other things.

Customers Impacted: 80,000

How it Could Affect Your Business: Leaving a database unsecured or misconfigured is a symptom of a lax cybersecurity culture. Leaving a database unsecured that has this kind of incredibly sensitive data inside is a disaster that will send customers running for the exits.

IntegraMSP to the Rescue: Passly adds essential security tools like multifactor authentication and simple remote management to ensure that only the right people have access to your sensitive client data. LEARN MORE>>


United States – American Bank Systems

https://securityreport.com/american-bank-systems-hit-by-ransomware-attack-full-53-gb-data-dump-leaked/

Exploit: Ransomware

American Bank Systems: Software Services Provider

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 1.864 = Severe

Avaddon ransomware made an unwelcome deposit at American Bank Systems, unleashing a ransomware attack that led to the capture and partial publishing of 53 GB of all sorts of highly confidential data. The banking software services company had data snatched from banks around the world including banking names and mortgage companies, such First Federal Community Bank, Rio Bank, Citizens Bank of Swainsboro, First Bank & Trust, and many more. The leaked data in the dump includes files such as loan documents, business contracts, private emails, invoices, credentials for network shares, and other confidential information.

cybersecurity news represented by agauge showing severe risk

 

Individual Risk: 1.516 = Severe

Many of the stolen banking records also contain information about the clients of affected banks including, personally identifying information, loan amounts, and Tax ID or Social Security numbers. Some data on employees of banks was also exposed. Clients of impacted backs should be alert to identity theft and fraud possibilities.

Customers Impacted: Unknown

How it Could Affect Your Business: Third-party service providers may not have the same commitment to data security as you do. It pays to do your homework to avoid these problems whenever possible.

IntegraMSP to the Rescue: Information like this can hang around for years after it hits the Dark Web. Make sure your staff’s credentials haven’t been exposed with Dark Web ID 24/7/365 monitoring. SEE HOW IT WORKS>>


United States – Americold

https://www.bleepingcomputer.com/news/security/cold-storage-giant-americold-hit-by-cyberattack-services-impacted/

Exploit: Ransomware

Americold: Cold Storage and Logistics

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.236 = Severe

Ransomware definitely chilled business at Americold, causing major disruptions to operations. The cyberattack impacted their operations across the board, causing partial or complete shutdowns in phone systems, email, inventory management, and order fulfillment. This attack may be related to a recent spate of attacks against healthcare targets. Cold storage and temperature-controlled transportation will be a huge component in the distribution of any COVID-19 vaccine.

Individual Risk: No personal or consumer information was reported as impacted in this incident.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware isn’t just stealing data anymore. Its also being used as a tool to disrupt infrastructure and logistics to devastating effect.

IntegraMSP to the Rescue: Protect your systems and data from ransomware with BullPhish ID. Consistent phishing resistance and security awareness training can reduce cybersecurity incidents by up to 70%. LEARN MORE>>


United States – Port of Kennewick

https://www.nbcrightnow.com/news/port-of-kennewick-now-victim-of-cyber-attack/article_2da5b29c-2936-11eb-a2e4-0f3e16c73589.html

Exploit: Ransomware

Port of Kennewick: Municipal Agency

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.322 = Severe

Ransomware severely impacted operations at this inland port in Washington. Cybercriminals encrypted the port’s systems and demanded $200,000 in ransom to restore access to the port’s servers and files. The port authority, FBI, and an outside contractor have been working to restore full operations.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware is a huge threat to infrastructure targets as well as businesses, and nation-state actors are most likely to use ransomware in their attacks.

IntegraMSP to the Rescue: Don’t let phishing shut your operations down. Train staffers to spot and stop phishing before an attack becomes a disaster. LEARN MORE>>


United States – Kenneth Copeland Ministries

https://www.dailymail.co.uk/news/article-8966623/Russian-hacker-group-REvil-claims-massive-attack-televangelist-Kenneth-Copeland.html

Exploit: Ransomware

Kenneth Copeland Ministries: Televangelism

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.306 = Severe

The REvil ransomware gang strikes again, this time at televangelist Kenneth Copeland’s operations. The gang is threatening to release 1.2 terrabytes of sensitive data if he fails to pay their unspecified ransom demands. Evidence of the hack has been displayed on REvil’s information website.

Individual Risk: No personal or consumer information was reported as impacted in this incident so far, but it is still being remediated.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware gangs like REvil can see juicy paydays in targeting prominent people in any industry – or releasing potentially embarrassing stolen data if those people decide not o pay the ransom.

IntegraMSP to the Rescue: Phishing resistance training is one of the most important ways that any organization can protect their systems and data from ransomware. Not only does it improve your staff’s phishing resistance, but it also boosts their overall cybersecurity awareness too. LEARN MORE>>



The Week in Breach News – United Kingdom & European Union


United Kingdom – Manchester United

https://securityaffairs.co/wordpress/111231/hacking/manchester-united-cyber-attack.html

Exploit: Ransomware

Manchester United: Football (Soccer) Club

cybersecurity news represented by agauge showing severe risk

 

Risk to Business: 2.122 = Severe

A ransomware attack briefly shut down business operations at Manchester United. The team reports “Club media channels, including our website and app, are unaffected and we are not currently aware of any breach of personal data associated with our fans and customers.” The cyberattack is not expected to impact play and matches will remain ongoing as scheduled.

Customers Impacted: Unknown

How it Could Affect Your Business: Ransomware and phishing go hand in hand and as social engineering tactics improve it’s always going to be the fastest, easiest way for cybercriminals to strike.

IntegraMSP to the Rescue: Don’t just hope that you’re not next – fight back against ransomware threats . See why you’re at risk and how to protect your business fast. LEARN MORE>>

The Week in Breach Risk Levels


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.