The Week in Breach: Major Ransomware Gangs Get Crushed but Risk Keeps Climbing

Make sure to add us or contact us for the latest news


Major Ransomware Gangs Get Crushed but Risk Keeps Climbing


On the heels of a surge in cybercrime, especially ransomware, officials around the world have taken steps to shut down cybercrime gangs and destroy their networks. While several major cybercrime purveyors have been recently impacted in those operations, ransomware is still chugging along as an extremely dangerous and growing cybercrime sector.

It’s no wonder that ransomware is the preferred weapon of cyber criminals worldwide. More than 50% of businesses have been impacted in some way by ransomware in the last 12 months. Ransomware is at the root of 50% of data breaches in the healthcare sector alone. It’s also a tremendous player in other industries, with the rest of the top 5 being manufacturing, Government, retail and construction.


Hitting Them Hard and Fast Works

Government officials around the world have been acting to crack down on ransomware gangs and the technology that services them, for years, but they’ve really stepped up their efforts in the last 6 months. A massive US-based operation in November 2020 dealt a strong blow to TrickBot in the run-up to the US elections after fears of nation-state interference impacted public concern, and other operations occur daily to make things harder for cybercriminals

One recent success in the fight against ransomware was the takedown of the Emotet botnet and crippling of the NetWalker ransomware gang. Officials in the US, Canada, UL, and EU worked together to perform a well-timed series of arrests and seizures, including criminal arrests and seizing hardware. A Canadian national has been detained in connection with the NetWalker attacks and more than $450K in cryptocurrency was seized. Bulgarian authorities also seized resources including hardware that NetWalker attackers used to facilitate their crimes.

The RCMP, FBI and EU authorities took the legs out from under the legendary Emotet botnet as part of a concurrent operation. Canadian officials seized or disabled 13 of the 50 command and control servers behind Emotet, and officials in The Netherlands disabled or seized the technology powering their European operations center. Dutch authorities are planning to release an update through captured Emotet servers on March 25 designed to erase any malware delivered through the botnet.

But Risk is Still Outrageous

International authorities executing major crackdowns against ransomware gangs is good news, but it doesn’t come close to addressing the full scope of the problem. Ransomware is by far the biggest bully on the playground, and it grew by an estimated 311% in 2020. That’s because it’s still a goldmine – ransomware payments in just the health sector alone increased to more than $230k.

Protecting you from ransomware is top of the list priority for IntegraMSP. No business is too large or too small to get walloped by ransomware, but we can add a few security precautions that can help you be less likely to fall prey to an attack. Successful ransomware attacks against all kinds of targets have drastically increased the odds of a spear phishing or ransomware attack arriving because of a third party data breach as well.

IntegraMSP ncourages the immediate adoption of a secure identity and access management solution. Not only is it a fast, affordable mitigation against cybercrime that includes conveniences like single sign on and easy remote management, Passly also features the current champion of mitigation: multifactor authentication, a single tool that can stop up to 99% of password-based cybercrime.

Starting and maintaining an efficient security awareness training program is the preferred long term solution for your business. Studies show that employees retain the training that companies give if it’s refreshed at least quarterly. That’s good for businesses because security awareness training including phishing resistance with a solution like BullPhish ID can prevent up to 70% of damaging cyberattacks from landing.

Contact the us and let’s talk about how we can work together to help you build a stronger business and secure your network with our security solutions.


Dark Web ID’s Top Threats This Week



United States – USCellular

https://www.techtimes.com/articles/256503/20210129/uscellular-data-breach-hackers-gained-access-users-personal-pin-code.htm

Exploit: Credential Compromise

US Cellular: Mobile Phone Company

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.379 = Extreme

USCellular, the fourth largest mobile network in the US, has suffered a data breach after a successful malware attack. Hackers used malicious code disguised as a routine software update to gain access to systems including its Customer Relationship Management (CRM) and client records. This is not USCellular’s first time at this rodeo – the company has had consistent information security problems.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.321 = Extreme

USCellular advised customers that their account records including name, address, PIN code, and cellular telephone numbers(s) as well as information about the customer’s wireless services including service plan, usage and billing statements, personal information, PIN code, service plan, and billing statements might have been compromised. However, data such as social security numbers and credit card information remained inaccessible to the hackers. Clients should be wary of spear phishing, business email compromise and identity theft using this information.

Customers Impacted: 4.9 million

How it Could Affect Your Business: Data like this is sought-after by cybercriminals to power phishing operations. Unfortunately for these folks, it often hangs around for years on the Dark Web, acting as fuel for future cybercrime.

IntegraMSP to the Rescue: Watch for threats from the Dark Web without lifting a finger using Dark Web ID, 24/7/365 credential monitoring that alerts you to trouble fast. LEARN MORE>>


United States – DSC Logistics

https://www.freightwaves.com/news/ransomware-attack-targets-major-us-logistics-firm-dsc

Exploit: Ransomware

DSC Logistics: Shipping and Freight Logistics

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.775 = Severe

DSC logistics received an unwelcome delivery of Egregor ransomware. The attack was announced on the gang’s ransomware site. The company noted that it was successfully able to continue operations without incident. DSC has called in outside experts to investigate, and declined to comment on whether any data was stolen.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business Ransomware has been a plague on every industry, but freight and logistics companies have been hit especially hard in recent months.

IntegraMSP to the Rescue: Everyone needs to understand the seriousness of today’s threats. Our Security Awareness Champion’s Guide makes understanding cyber threats easy and fun. LEARN MORE>>


United States – Nissan North America

https://www.industryweek.com/technology-and-iiot/article/21151660/data-leak-hits-nissan-north-america

Exploit:  Misconfiguration

Nissan North America: Automotive Manufacturer

cybersecurity news represented by a gauge indicating moderate risk

Risk to Business: 2.779 = Moderate

Nissan North America recently suffered a data breach that resulted in source code for its mobile apps and internal tools turning up online. The data leak is reportedly the result of a misconfigured Git server. The source code is reported by a security researcher to pertain to Nissan NA Mobile apps, some parts of the Nissan ASIST diagnostics tool, the Dealer Business Systems and Dealer Portal, Nissan internal core mobile library, Nissan/Infiniti NCAR/ICAR services, client acquisition and retention tools, sale and market research tools and data, various marketing tools, the vehicle logistics portal and vehicle connected services.

Individual Impact: No sensitive personal or financial information was announced as part of this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: Keeping data safe from hackers starts with keeping data secure by using strong identity and access management tools across the board and basic security protocols like multifactor authentication.

IntegraMSP to the Rescue: Passly provides the toolkit that businesses need to keep cybercriminals locked out of data and systems including multifactor authentication and secure shared password vaults. LEARN MORE>>


1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.