- Email: [email protected]
Texas and dentists hit with ransomware
NEWS ...Continued from front page Office, and is fully funded by the banking and finance industry. Since it was created in 2002, the DCPCU claims to have prevented or disrupted fraud activities worth £600m. This includes £6.8m in the first half of 2019, during which time 39 people – said to be members of 13 organised crime gangs – were convicted and £330,000 worth of assets were seized (double the amount in the same period in 2018). “We are seeing gangs involved in drug trafficking and firearms offences turning to fraud, targeting victims across the UK,” said Detective Chief Inspector Gary Robinson, the recently appointed head of the DCPCU. “These criminals are exploiting new technologies to commit fraud, posting adverts on social media to try and recruit money mules. It’s particularly shameful that young people are being targeted in this way by these fraudsters. Meanwhile, vulnerable and elderly customers are also being tricked into handing over their money through callous scams.” Among the successes claimed for the first half of 2019 is the breaking up of a gang based in South London that used stolen payment card information and money mules to commit $200,000 worth of fraud. Ten defendants, including four money mules, received convictions. Also in London, the DCPCU tracked down a gang that had tricked an elderly women into handing over her bank cards through a ‘courier scam’ – she was persuaded to place her cards in an envelope under her outside doormat awaiting ‘collection’ by a fake courier. The two scammers received a total of 31 months in prison. Other frauds investigated and successfully prosecuted included two criminals who bought £120,000 worth of highvalue goods, including fireplaces, from small businesses using stolen card details and a fraudster who used fake IDs to go on a £152,000 spree across the UK. He was tracked down and caught by the DCPCU using CCTV footage. “We are showing criminals that fraud is not a soft target, by tracking them down and bringing them to justice,” said Robinson. “The DCPCU is improving our capability to investigate cyber-related fraud by working more closely with other
September 2019
organisations and government agencies in this area. We will also be stepping up our engagement with social media firms to identify and take down profiles used by fraudsters, and working closely with mobile phone companies to combat scam techniques such as SIM swapping.”
Texas and dentists hit with ransomware
A
mong the victims in a serious outbreak of ransomware attacks are more than 20 local governments in Texas and hundreds of dentist surgeries in the US – in both cases because an organisation supplying services was compromised.
The Texas Department of Information Resources (DIR) announced on August 16 that it was responding to an attack that affected agencies in 23 local governments across the state. According to some reports, the ransomware, believed to be Nemucod, did not present victims with ransom notes, adding to the confusion. What the 23 agencies affected had in common was the use of a single managed service provider (MSP). The infection may have happened via software the MSP uses for technical support. Full details of which municipalities have been impacted haven’t been revealed. However, the city of Borger issued a statement saying that its financial operations and services had been hit and that it couldn’t take utility and other payments. Its Vital Statistics services (birth and death certificates) were also taken offline. The city of Keene also had payment services disabled and its mayor, Gary Heinrich, said it had been contacted by the attacker with a demand for payment of $2.5m to unlock encrypted files. “A co-ordinated ransomware attack on a long list of state government agencies represents an escalation in these types of incidents. The resulting co-ordinated statelevel response from Texas is, likewise, an escalation in response,” commented Tim Erlin, VP, product management and strategy at Tripwire. “If this is really a co-ordinated attack, it’s hard to imagine how it’s a good thing for the ransomware attackers and for this specific criminal. Raising the bar on the response to a co-ordinated state
level will decrease the likelihood that ransom will actually get paid, and increase the likelihood that both Texas and other states are better prepared for these events in the future.” According to security firm Armor, there have been 68 publicly reported ransomware attacks since January against municipalities in the US (including the 23 in Texas). The firm has tracked 134 US organisations that have been infected with ransomware since the beginning of the year, with municipalities making up the largest portion. This is followed by healthcare organisations and school systems. Meanwhile, PerCSoft, a US cloud provider that provides remote data back-up services, was hit by a ransomware attack. Services that rely on it include Digital Dental Record (DDR), which offers the HIPAA-compliant DDS Safe service for hundreds of dental practices in the US. As many as 400 dental practices may have been affected, many of them being unable to access patient data, including charts, schedules, x-rays and payment details. However, within days, as many of a quarter of them had had their files restored. Statements released by PerCSoft and DDR suggest that a ransom may have been paid. The companies have worked with an unnamed third-party software company and have been able to issue a decryptor to clients affected by the ransomware. No explanation has been given for where this decryptor came from. DDR is known to have insurance against ransomware attacks and there is some suggestion that attackers may be deliberately targeting organisations with such insurance, knowing they will be more likely to pay up. According to Kaspersky, the 16,017 ransomware variants it detected in the first half of 2019 was more than double the number in 2018. These included eight wholly new families. And the strain most commonly seen, responsible for around a quarter of attacks, was the infamous WannaCry – first seen (and patched) two years ago. Gandcrab was used in 14% of attacks, even though it was supposedly being withdrawn by its creators. These figures are from the Kaspersky ‘IT Threat Evolution Q2 2019’ report, available here: http://bit.ly/2lDuAnr.
Computer Fraud & Security
3
September 2019
organisations and government agencies in this area. We will also be stepping up our engagement with social media firms to identify and take down profiles used by fraudsters, and working closely with mobile phone companies to combat scam techniques such as SIM swapping.”
Texas and dentists hit with ransomware
A
mong the victims in a serious outbreak of ransomware attacks are more than 20 local governments in Texas and hundreds of dentist surgeries in the US – in both cases because an organisation supplying services was compromised.
The Texas Department of Information Resources (DIR) announced on August 16 that it was responding to an attack that affected agencies in 23 local governments across the state. According to some reports, the ransomware, believed to be Nemucod, did not present victims with ransom notes, adding to the confusion. What the 23 agencies affected had in common was the use of a single managed service provider (MSP). The infection may have happened via software the MSP uses for technical support. Full details of which municipalities have been impacted haven’t been revealed. However, the city of Borger issued a statement saying that its financial operations and services had been hit and that it couldn’t take utility and other payments. Its Vital Statistics services (birth and death certificates) were also taken offline. The city of Keene also had payment services disabled and its mayor, Gary Heinrich, said it had been contacted by the attacker with a demand for payment of $2.5m to unlock encrypted files. “A co-ordinated ransomware attack on a long list of state government agencies represents an escalation in these types of incidents. The resulting co-ordinated statelevel response from Texas is, likewise, an escalation in response,” commented Tim Erlin, VP, product management and strategy at Tripwire. “If this is really a co-ordinated attack, it’s hard to imagine how it’s a good thing for the ransomware attackers and for this specific criminal. Raising the bar on the response to a co-ordinated state
level will decrease the likelihood that ransom will actually get paid, and increase the likelihood that both Texas and other states are better prepared for these events in the future.” According to security firm Armor, there have been 68 publicly reported ransomware attacks since January against municipalities in the US (including the 23 in Texas). The firm has tracked 134 US organisations that have been infected with ransomware since the beginning of the year, with municipalities making up the largest portion. This is followed by healthcare organisations and school systems. Meanwhile, PerCSoft, a US cloud provider that provides remote data back-up services, was hit by a ransomware attack. Services that rely on it include Digital Dental Record (DDR), which offers the HIPAA-compliant DDS Safe service for hundreds of dental practices in the US. As many as 400 dental practices may have been affected, many of them being unable to access patient data, including charts, schedules, x-rays and payment details. However, within days, as many of a quarter of them had had their files restored. Statements released by PerCSoft and DDR suggest that a ransom may have been paid. The companies have worked with an unnamed third-party software company and have been able to issue a decryptor to clients affected by the ransomware. No explanation has been given for where this decryptor came from. DDR is known to have insurance against ransomware attacks and there is some suggestion that attackers may be deliberately targeting organisations with such insurance, knowing they will be more likely to pay up. According to Kaspersky, the 16,017 ransomware variants it detected in the first half of 2019 was more than double the number in 2018. These included eight wholly new families. And the strain most commonly seen, responsible for around a quarter of attacks, was the infamous WannaCry – first seen (and patched) two years ago. Gandcrab was used in 14% of attacks, even though it was supposedly being withdrawn by its creators. These figures are from the Kaspersky ‘IT Threat Evolution Q2 2019’ report, available here: http://bit.ly/2lDuAnr.
Computer Fraud & Security
3