Ransomware Attacks through September 2019

As of the end of September 2019 there have been 621 entities that have seen Ransomware attacks.  Entities that have been affected by these attacks include: hospitals, health care centers, school districts and cities.(1)

According to a recent Coveware analysis,  ransomware causes on average nearly 10 days of downtime, and organizations can lose about 8 percent of data. (2)

In order to help our customers recover from such an attack we MyRemoteSupportTech.com now sales and supports Macrium Reflect Backup software.   Using “Macrium Image Guardian” technology Macrium Reflect can prevent Ransomware from encrypting critical backup files.  With Log monitoring warnings of potentially malicious attacks can be flagged and brought to a technicians attention in a timely manner.

If your interested in protecting your business data contact MyRemoteSupportTech.com today in order to arrange a on-site evaluation. 

Additional Sources/Resources:

(1) https://www.cbsnews.com/news/ransomware-attack-621-hospitals-cities-and-schools-hit-so-far-in-2019/

(2) https://healthitsecurity.com/news/fbi-alerts-to-rise-in-ransomware-attacks-urges-victims-not-to-pay

June 20th Cyber-security News

Don’t let a breach bankrupt your company.

Data Breach Forces AMCA’s Parent Firm to File Chapter 11 Bankruptcy

The medical bill collection firm Retrieval-Masters Creditors Bureau Inc. has filed for Chapter 11 bankruptcy protection citing the fallout from a massive data breach that exposed the information of millions of patients.

Retrieval-Masters Creditors Bureau Inc., which collects debts from medical labs under the name American Medical Collection Agency (AMCA) filed in the Southern District of New York with the aim of liquidating the company, court documents stated.

Company founder and CEO Russell H. Fuchs told the court the Chapter 11 filing is the direct result of a data breach it became aware of in March 2019 that exposed the PHI of millions of patients, many belonging to Quest Diagnostics and LabCorp – AMCA’s largest customers. A subsequent investigation showed the breach may have been opened in August 2018.

Weekly Security News – June 6, 2019

Please follow the Title Links to read the full stories

From Bleeping Computer

Billing Details of 11.9M Quest Diagnostics Clients Exposed

Quest Diagnostics Incorporated, a Fortune 500 diagnostic services provider, says that approximately 12 million of its clients may have been impacted by a data breach reported by one of its billing providers.

The company reported to the U.S. Securities and Exchange Commission (SEC) that it received a notification from its billing collection provider American Medical Collection Agency (AMCA) that their web payment page was breached.

From Hacker News

103 Checkers and Rally’s Restaurants in 20 States have payment data swiped from Point-of-Sale (POS) payment card readers

If you have swiped your payment card at the popular Checkers and Rally’s drive-through restaurant chains in past 2-3 years, you should immediately request your bank to block your card and notify it if you notice any suspicious transaction.

Checkers, one of the largest drive-through restaurant chains in the United States, disclosed a massive long-running data breach yesterday that affected an unknown number of customers at 103 of its Checkers and Rally’s locations—nearly 15% of its restaurants.

The impacted restaurants [name, addresses and exposure dates] reside in 20 states, including Florida, California, Michigan, New York, Nevada, New Jersey, Florida, Georgia, Ohio, Illinois, Indiana, Delaware, Kentucky, Louisiana, Alabama, North Carolina, Pennsylvania, Tennessee, West Virginia and Virginia.

From Ars Technica

Hackers Actively use WordPress Plugin Flaw to send vistors to Bad Websites

Hackers have been actively exploiting a recently patched vulnerability in some websites that causes the sites to redirect to malicious sites or display misleading popups, security researchers warned on Wednesday.

The vulnerability was fixed two weeks ago in WP Live Chat Support, a plugin for the WordPress content management system that has 50,000 active installations. The persistent cross-site scripting vulnerability allows attackers to inject malicious JavaScript into sites that use the plugin, which provides an interface for visitors to have live chats with site representatives.

From Talos Intelligence

Hackers cobble together Frankenstein Malware

The campaign used components of:

  • An article to detect when your sample is being run in a VM
  • A GitHub project that leverages MSbuild to execute a PowerShell command
  • A component of GitHub project called “Fruityc2” to build a stager
  • A GitHub project called “PowerShell Empire” for their agents

We believe that the threat actors behind the Frankenstein campaign are moderately sophisticated and highly resourceful. The actors’ preference for open-source solutions appears to be part of a broader trend in which adversaries are increasingly using publicly available solutions, possibly to improve operational security. 

Baltimore Ransomware – What you can learn

Recently the city of Baltimore, MD was hit with a large ransomware attack that has affected 10,000 city operated computer systems. Since the attack:

  • City employees have been locked out of their email
  • Citizens have been unable to make any municipal payments (utility bills, property taxes, tickets and court fees)
  • Real estate transactions have been brought to a halt (coming up on just over two weeks since the attack, the city announced a manual work-around)

Here are a few articles that provide a lot more information on this VERY serious situation.

During my years with SANS, one thing was constantly repeated as a mantra: “Prevention is ideal, detection is a must, detection without response is useless”.

Here is a list of things you must do in order to provide the highest probablity of surviving any type of cyber-attack. In the list we provide what you need to do and the services that MyRemoteSupportTech offers to help protect your I.T. infrastructure.

  • Backup Your Systems, Locally & In The Cloud (Offsite) – Backup and Recovery services
  • Segment Network Access
  • Early Threat Detection Systems – Network and Endpoint Security
  • Install Anti Malware / Ransomware Software – Managed Anti-Virus
  • Run Frequent Scheduled Security Scans – Remote Monitoring
  • Create Restore & Recovery Points
  • Train Your Employees and Educate Yourself – Security Awareness Training
  • Enforce Strong Password Security
  • Think before clicking – Phishing Testing (part of Security Awareness Training)
  • Setup Viewable File Extensions
  • Block Unknown Email Addresses and Attachments at the Mail Server – Spam Filtering
  • Add Virus Control at Mail Server – Email Security
  • Apply OS Patches – Patch Management OS
  • Apply Third-party Patches – Patch Management Third-Party
  • Block Vulnerable Plug-ins – Application Whitelisting
  • Limit Internet Connectivity
  • Have a Disaster Recovery Plan – Business Continuity and Disaster Planning

Contact MyRemoteSupportTech.com to find out how our Managed Security Services can help protect your business.

Industry News for 05/20/2019

Here are a few articles related to cyber-security for the week of 05/20/2019. These are just reminders that attacks come from all directions. It is impossible to determine from which direction the next attack will come. Therefore, defense-in-depth is mandatory in order to best be prepared to prevent your company from becoming a victim.

As I have heard multiple times from several mentors:

Prevention is ideal, detection is a must, detection without response is useless