Hello and welcome to GlobalSign’s latest cybersecurity news wrap-up.
It’s been another interesting week in cybersecurity. What struck me was not so much new attacks themselves, but the spike in European activity, especially France. In the past seven days we have learned about an attack à la SolarWinds that may once again involve Russia; then, not one, but two French hospitals were stricken with ransomware attacks - and a third pre-emptively cut connections with an IT provider; and French health insurance company Mutuelle Nationale des Hospitaliers (MNH) is the victim of a ransomware attack that’s disrupted the company's healthcare operations.
As a result of all the unprecedent cybersecurity incidents in the country, French President Emmanuel Macron unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France.
Talk about a "les miserables” week!
However, there was a positive development in France. A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine. Law enforcement made the arrests after French authorities traced ransom payments to individuals located in Ukraine.
In other cybersecurity news this week:
- Kia Motors America was hit with ransomware courtesy of the DoppelPaymer gang, demanding $20 million for a decryptor. According to AutoBlog, some customers reported they have been unable to take delivery of newly purchased cars because Kia dealers were unable to complete transactions due to the associated outage. Owners also reported the outage is impacting Kia's UVO connected services, locking them out of their apps and other features.
- Following the recent and slightly horrifying hack at a Florida water treatment plant, the Cybersecurity and Infrastructure Security Agency (CISA) is warning operators of other plants to be on the lookout because, yeah, it could happen to them, too. CISA warns that water treatment facilities using unsecured or poorly configured remote access tools and outdated operating systems could be major targets.
- International law firm Jones Day was also the victim of a ransomware attack, with stolen files released over the web. This attack is believed to have involved the Clop ransomware gang, the same group behind an attack on German tech giant Software AG in October.
Finally, with ransomware becoming ubiquitous, people are starting to get really fed up like President Macron did this week, and so many, many others. It feels like it’s reaching a breaking point, reminiscent of this great movie moment from “Network” starring William Holden.
A lot of entities are paying a ransom, but with that, we’re beginning to hear an increasing number of people saying the ransomware problem is now being exacerbated with purchases of cyber insurance. Some are calling this an “incentive” that will actually encourage victims to pay to solve their problem quickly. You can read ComputerWeekly’s exploration of this topic below. Very much in line with that, earlier this month, the New York State Dept. of Financial Services (NYDFS) issued Circular Letter No. 2, “Cyber Insurance Risk Framework”, to all property-casualty insurers authorized to transact insurance in New York. In it, there is a somewhat controversial recommendation against insurers covering ransom payments. It also recommends that an insurer’s senior management and directors be formally involved in managing cyber risk. A discussion of this topic can be found on JDSUPRA.
That’s all for this week. Wishing everyone a safe and relaxing weekend!
Top Global Security News
Bleeping Computer (February 17, 2021) Kia Motors America suffers ransomware attack, $20 million ransom
"Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data.
Kia Motors America (KMA) is headquartered in Irvine, California, and is a Kia Motors Corporation subsidiary. KMA has nearly 800 dealers in the USA with cars and SUVs manufactured out of West Point, Georgia.
A Kia owner tweeted that when they attempted to pick up their new car, a dealership told them that the servers were down due to a ransomware attack."
Gizmodo (February 16, 2021) France Just Suffered a SolarWinds-Style Cyberattack
"As the U.S. continues to chart the damage from the sweeping “SolarWinds” hack, France has announced that it too has suffered a large supply chain cyberattack. The news comes via a recently released technical report published by the Agence Nationale de la sécurité des systèmes d’information—or simply ANSSI—the French government’s chief cybersecurity agency. Like the U.S., French authorities have implied that Russia is probably involved.
According to ANSSI, a sophisticated hacker group has successfully penetrated the Centreon Systems products, a French IT firm specializing in network and system monitoring that is used by many French government agencies, as well as some of the nation’s biggest companies (Air France, among others). Centreon’s client page shows that it partners with the French Department of Justice, Ecole Polytechnique, and regional public agencies, as well as some of the nation’s largest agri-food production firms."
France24 (February 16, 2021) Cyber attacks hit two French hospitals in one week
"Ransomware attacks struck two French hospital groups in less than a week, prompting the transfer of some patients to other facilities but not affecting care for Covid-19 patients or virus vaccinations.
The two French hospitals were stricken with ransomware attacks, and a third pre-emptively cut connections with an IT provider, in less than a week, prompting the transfer of some patients to other facilities.
The Villefranche-sur-Saône hospital complex in France’s eastern Rhone département (administrative area) announced Monday that a cyber attack had been detected at 4:30am local time.
The attack by the crypto-virus RYUK, a kind of ransomware, "strongly impacts" the Villefranche, Tarare and Trévoux sites of the North-West Hospital, the hospital said in a statement."
Bleeping Computer (February 14, 2021) Egregor ransomware affiliates arrested by Ukrainian, French police
"A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine.
As reported first by France Inter, on Tuesday, law enforcement made the arrests after French authorities could trace ransom payments to individuals located in Ukraine.
Over this past year, Egregor has attacked numerous French organizations, including Ubisoft, Ouest France, and, more recently Gefko."
Bank Info Security (February 12, 2021) Water Treatment Hack Prompts Warning from CISA
"Following the hacking of a Florida water treatment plant, the Cybersecurity and Infrastructure Security Agency is warning the operators of other plants to be on the lookout for hackers who exploit remote access software and outdated operating systems - and to take risk mitigation steps. But the advice applies to other organizations as well, some security experts say.
CISA warns that water treatment facilities that use unsecured or poorly configured remote access tools and outdated operating systems risk hacker attacks targeting their industrial control systems and SCADA systems, which form the core of the operational technology infrastructure used to run and secure these plants."
Other Industry News
Leading Canadian rental car company hit by DarkSide ransomware
Files stolen as law firm Jones Day hit by Clop ransomware attack
Ukrainian citizen arrested over huge international phishing campaign spanning 11 countries
15,600 patients' health info exposed in ransomware attack on California health center
Dutch police post 'friendly' warnings on hacking forums
US Court system demands massive changes to court documents after SolarWinds hack
270 addresses are responsible for 55% of all cryptocurrency money laundering
Is it time to ban ransomware insurance payments?
Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.