Last Week in Ransomware: 08.19.2024

Last week in ransomware news we saw over 2.7 billion NPD records exposed, McLaren hospitals attacked by INC, and post-ransomware lawsuit filed against City of Columbus...

Over 2.7 Billion NPD Records Exposed

A recent massive data breach has exposed approximately 2.7 billion records of personal information from the United States on a hacking forum. The leaked data includes sensitive details such as names, social security numbers, addresses, and possible aliases.  

This information is believed to have been compiled by National Public Data, a company that sells personal data for background checks and other purposes. The breach was orchestrated by a threat actor known as USDoD, who previously attempted to sell similar data from the US, UK, and Canada for $3.5 million.  

However, on August 6th, a different hacker, "Fenice," leaked the most recent and complete version of this data for free. The leaked files, totaling 277GB, contain unencrypted records, though the accuracy and completeness of this data are uncertain.

The exposure of this information has led to class action lawsuits against National Public Data for failing to protect the sensitive data it collected. US residents are advised to monitor their credit reports and be cautious of phishing attempts, as previous leaks also included phone numbers and email addresses.

This breach underscores the dangers of inadequate data protection and the potential impact on individuals nationwide. It reflects a broader trend where sensitive, aggregated data becomes a prime target for threat actors.  

While much of the data may have been publicly available, its organized and aggregated form makes it far more valuable and easier for criminals to exploit.  

The breach raises concerns about the ethical responsibility of companies that collect and store massive amounts of personal information, often without explicit consent and with inadequate security measures in place.  

Unfortunately, the breach highlights the growing gap between the monetization of personal information and the legal protections that should govern its collection and use.

READ MORE HERE

McLaren Hospitals Attacked by INC

McLaren Health Care, a non-profit healthcare system operating 13 hospitals across Michigan, recently experienced significant disruptions to its IT and phone systems due to a ransomware attack linked to the INC Ransom group.  

This attack affected access to patient information databases, prompting McLaren to advise patients to bring detailed medication lists and recent lab results to their appointments. Additionally, some non-emergent or elective procedures may need to be rescheduled as a precaution.

While McLaren is still investigating the incident, reports indicate that employees at McLaren Bay Region Hospital in Bay City received a ransom note from INC Ransom, threatening to publish stolen data if the ransom is not paid.  

The healthcare system has apologized for the inconvenience and is working to restore services and ensure continued patient care.

The INC Ransom group, first observed in the summer of 2023, has quickly ramped up its operations, targeting a wide range of industries including healthcare, manufacturing, retail, and more.  

The group uses common tactics such as exploiting Remote Desktop Protocol (RDP) credentials, phishing, and vulnerabilities in Citrix NetScaler to gain access to systems. They employ double extortion tactics, threatening to expose stolen data if their demands are not met.  

Notable victims of INC Ransom include NHS Scotland, the Peruvian Army, and Yamaha Philippines. The group's ransomware is written in C++ and uses AES-128 encryption, with versions for both Windows and Linux.  

READ MORE HERE

Ransomware Lawsuit for City of Columbus

Cooper Elliott, a law firm, has filed a class-action lawsuit against the City of Columbus following a ransomware attack that compromised the personal information of city employees.  

The lawsuit, filed on August 9, represents two Columbus police officers and seeks to include all current and former employees.  

The international ransomware group Rhysida has claimed responsibility for the attack, asserting that they stole 6.5 TB of data, including passwords, logins, and access to city cameras. They have threatened to release this information unless a ransom of nearly $2 million is paid.

The lawsuit accuses the city of failing to protect employee data and delaying notification of the breach. One of the officers involved is an undercover officer concerned about his safety if his identity is exposed. The Fraternal Order of Police has advised its members to seek outside legal counsel.  

Despite the city offering credit monitoring and identity theft services, Spencer Meador, a representative from the law firm, emphasized that these measures cannot reverse the damage.

This incident highlights the growing trend of ransomware attacks focusing on data exfiltration, where sensitive information is stolen and used as leverage to compel ransom payments. This shift has turned ransomware attacks into critical legal and regulatory issues, with organizations facing significant liability and legal challenges.  

The aftermath of such attacks now often includes class-action lawsuits, regulatory actions, and potential criminal prosecutions, especially when sensitive data is compromised, underscoring the increasing accountability at the leadership level.

READ MORE HERE

‍

Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform to defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.