18 Jul Security Breach – 18 July 2019
Ransomware Targeting Attacks on Network Attached Storage (NAS) Devices
According to recent findings by cybersecurity researchers, a new form of ransomware dubbed eChoraix, is targeting attacks network attached storage (NAS) devices.
The malware specifically targets QNAP NAS devices, which are used around the world. These devices are already connected to the internet, and hackers use brute-force attacks to expose weak login credentials to gain access to the device.
These devices frequently store critical system backups and other sensitive information, but they often don’t come with the sophisticated security features that accompany built-in computer storage.
Much like the delivery method, the malware’s source code is simple, consisting of less than 400 lines. Unfortunately, this simplistic attack can still cause serious damage to users’ data, as they will be forced to either pay a ransom to recover the backups or to rely on other storage units to provide these services.
QNAP has issued a patch for these vulnerabilities, but, more broadly, every organisation needs to be aware of the rapidly shifting landscape for today’s ransomware attacks that are becoming stealthier and more damaging.
By transitioning to a Datto Backup Device will protect your backups against Ransomware and also provide valuable business continuity as well.
United States – Los Angeles County Department of Health
Exploit: Phishing attack
Risk to Small Business: Severe: On March 28th, an employee at a third-party contractor opened a phishing email that gave hackers access to the company’s data, which included personally identifiable information from the Los Angeles Department of Health. Although the data was encrypted, the email account also contained the encryption keys, which functionally nullified this security feature. As the second-largest health system in the United States, the agency oversees many clinics and hospitals that could be impacted by this attack. Now, the Los Angeles County Department of Health is tasked with reinforcing its cybersecurity standards while they support their constituents who were harmed in the attack.
Risk to Exploited Individuals: Severe: The data breach exposed sensitive patient information, including names, addresses, date of birth, medical record numbers, and Medi-Cal identification numbers. In addition, two patients had their Social Security numbers compromised. Although patients were not the target of the attack and authorities haven’t found evidence that their information is being misused, personally identifiable information can quickly make its way to the Dark Web where it can be used to perpetrate financial and identity crimes. Therefore, those impacted by the breach should enrol in the provided credit and identity monitoring services to ensure their data’s continued integrity.
Customers Impacted: 14,591
Canada – The Nation, Ontario – Eastern Ontario municipality
Risk to Small Business: Severe: On June 30th, the Canadian municipality was hit with a ransomware attack that crippled the government’s use of network capabilities, computers, and email accounts. Hackers demanded $10,000 in Bitcoin to decrypt the files, which the government declined to pay. Instead, it took officials more than two weeks to restore network services, although email systems are still inaccessible. The incident is a reminder that there are no good solutions once a ransomware reaches a company’s network.
Risk to Exploited Individuals: No personal information was compromised in the breach.
Customers Impacted: Unknown.
Being proactive in developing a cybersecurity plan can be the difference in successfully defending a breach or losing millions to a harmful attack.
Protect your data, privacy and reputation, talk to a TCT sales team member today.
Follow us on LinkedIn: