The Week in Breach – Double Extortion Ransomware is Apparently a THING, and it’s bad

Make sure to add us or contact us for the latest news



Double Extortion Ransomware is the Gift That Keeps On Giving – to Cybercriminals


Double extortion ransomware is having another moment in the sun as cybercriminals double down on their attacks to double their profits. In this devastating style of attack, cybercriminals aim to get paid twice – once for the usual decryption code to unlock systems and data and a separate fee to not have the encrypted data copied by the gang.

This tactic was in vogue before when it first emerged in late 2019 and spread across the cybercrime landscape. It’s reemerged as a favorite of major gangs including REvil, DoppelPaymer and Clop. Even cybercriminals are working a little harder in this economy, leading to this style of attack trending upward again as cybercriminals look for new ways to expand their revenue streams. Practitioners of double extortion ransomware were responsible for more than 50% of all ransomware attacks in 2020.

Ransomware Continues to Rule the Roost


Ransomware risks show no signs of slowing down, and they’re costing companies a fortune. The average ransomware payment rose 33% in 2020 over 2019, to $111,605. The worldwide cumulative cost of ransomware doubled last year as well, from an estimated $11.5 billion in 2019 to $20 billion in 2020. Insurers felt the pinch too – cyber insurance claims for ransomware attacks increased 41% in the first half of 2020 alone.

All of this translates into huge financial danger for companies in every sector. Healthcare led the pack –  An estimated 560 US healthcare targets alone were impacted by ransomware in 2020. More than 45% of cyberattacks against healthcare targets in 2020 were ransomware, but no industry was spared. Manufacturers experienced one-quarter of all ransomware attacks, professional services companies clocked in at 17% and government entities were hit with 13%.


Protection from Ransomware is Priceless


Phishing is the primary delivery source for ransomware, making phishing resistance and defense the cornerstone of a strategy to protect businesses from disasters. There is plenty of room for growth in the area as well – 62% of businesses do not do enough cybersecurity awareness and phishing resistance training.

We’re here to help you find the perfect combination of solutions to protect you and your business from ransomware.  Book a meeting with one of our solutions experts now and let’s explore the possibilities. BOOK IT>>


Dark Web ID’s Top Threats This Week


 

United States – Descartes Aljex Software

https://www.hackread.com/shipping-management-software-firm-data-online/

Exploit: Unsecured Database

Descartes Aljex Software: Shipping Software Developer

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.726 = Severe

An unsecured database is always trouble as Descartes Aljex Software discovered this week. 103 GB worth of data belonging to the New Jersey-based company was discovered by researchers after it was left exposed on a misconfigured AWS S3 Bucket. The exposed data contained corporate, client and employee information.

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.667 = Severe

An unsecured database is always trouble as Aljex clients’ account data that was exposed included full names, phone numbers, email addresses, Aljex usernames, and plaintext passwords. Carrier information, their full names and email addresses as well as their house addresses and phone numbers were compromised. Client shipment details, shipment information, recipient’s consignee name, shipment origin and destination, addresses, and phone numbers were included in the data that was exposed. Sales representative details were also exposed including full names, corporate emails, Aljex usernames, and sales representative IDs

Customers Impacted: 4,000

How it Could Affect Your Business: Third-party and supply chain risk is growing more dangerous for businesses as the ripple effect of breaches like this fuels cybercrime. Take precautions now to avoid headaches later.

IntegraMSP to the Rescue:  Contact us for tips to minimize the impact of this risk and defensive strategies. CONTACT US>>


United States – Guns.com

https://www.hackread.com/hacker-dumps-guns-com-database-customers-admin-data/

Exploit: Hacking

Guns.com: Online Gun Marketplace

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.227 = Extreme

An enormous database from Guns.com made an appearance in a hacker forum this week and it’s a major trove of information. The abundant data contains both administrator and user information including user IDs, full names, an estimated 400,000 email addresses, password hashes, physical addresses, ZIPcodes, city, state, Magneto IDs, phone numbers, account creation date and other personal details. One of the folders in the leaked database includes customers’ bank account details including full name, bank name, account type and Dwolla IDs. To top it off, an Excel file in the database was exposed containing sensitive login details of Guns.com including its administrator’s WordPress, MYSQL, and Cloud (Azure) credentials, with all admin credentials including admin emails, passwords, login links, and server addresses in plain text format.

cybersecurity news gauge indicating extreme risk

Individual Risk: 1.112 = Extreme

Users of Guns.com are significantly impacted, as extensive banking and personal information has been exposed. They should be wary of identity theft, spear phishing, and business email compromise/fraud risks as well as change any passwords shared with this account

Customers Impacted: 400,000

How it Could Affect Your Business Sensitive Personally Identifiable Information (PII) requires strong protection, especially when financial information for clients is at stake.

IntegraMSP to the Rescue: Make sure that your systems and data have strong protection from hackers with multifactor authentication.  ASK US HOW>>


United States – Maricopa Community College

https://www.azcentral.com/story/news/local/arizona-education/2021/03/19/maricopa-community-college-students-without-tech-systems/4759189001/

Exploit: Ransomware

Maricopa Community College: Institution of Higher Learning

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.312 = Severe

Classes have been disrupted as a suspected ransomware attack has caused extensive IT outages at Maricopa Community College. Education tools including MyInfo, Canvas, RioLearn, Maricopa email, Maricopa Google Tools and the Student Information System/Student Center are unavailable. The 10 college system has extended the semester by at least a week and expects service to be restored this week.

Individual Impact: No sensitive personal or financial information was announced as impacted in this incident, but the investigation is ongoing.

Customers Impacted: Unknown

How it Could Affect Your Business: One small email handling mistake can have devastating consequences. Stop ransomware from clobbering your business by preventing employees from interacting with phishing emails.

IntegraMSP to the Rescue: Ransomware risks are up by more than 100%. learn how to fight back. FIGHT BACK>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.