GlobalSign Blog

Cybersecurity News Round-Up: Week of May 10, 2021

Cybersecurity News Round-Up: Week of May 10, 2021

Welcome back to our weekly recap of cybersecurity news.

Just as the world was finally starting to shift away from the SolarWinds attack, comes a new concern, the Colonial Pipeline ransomware attack. Colonial Pipeline transports more than 100 million gallons of gasoline and other fuel daily from Houston to the New York City Harbor. Many Americans were concerned about a looming gasoline shortage.

ZDNet reported on Thursday that the company has paid a $5 million ransom to attackers after the attack impacted operations for nearly a week. While the fuel is beginning to flow again, it is slow going.

On Thursday, U.S. Transportation Secretary Pete Buttigieg said during an interview on CNBC the attack has been a “wakeup call” for U.S. cybersecurity vulnerability and that “the all-of-government response to the hack has paid off. . .

Speaking of ransom, the Metropolitan Washington, D.C. police, which was attacked last month, likely did not pay a fee because the data was leaked this week. Vice reported on Tuesday that the Babuk ransomware gang began publishing files claimed to be the property of the police department once ransom negotiations had broken down.

Whether targets of such attacks should pay cybercriminals is hotly debated. The U.S. Treasury said in October that facilitating ransomware payments to sanctioned hackers, a service now offered by some security consultants, may be illegal. At a press conference on Monday, the White House declined to say whether ransomware victims should pay ransom to their attackers, but a national security official hinted it may offer some advice in the future.

In related news, after the mounting number of ransomware attacks, President Biden signed an executive order this week focusing on "improving the nation's cybersecurity." The order lays out efforts to expand information sharing between agencies, set policies to protect federal networks and improve the response to breaches by creating a standardized "playbook" that will be reviewed by the director of CISA. It also sets standards for software sold to the federal government.

Meantime, Scripps Health is still dealing with a ransomware attack for nearly two weeks. Fortunately, the California Department of Health (CDPH) says the impacted hospitals are operational and caring for patients using appropriate emergency protocols in inpatient areas of the hospital.

And in France, insurance powerhouse AXA has reportedly revealed that, at the request of French government officials, it will end cyber insurance policies in that country which refund ransomware victims after paying cybercriminals.

It will be interesting to see how governments continue to respond to ransomware payouts. We’ll certainly be monitoring the activities.

That’s a wrap for the week. Have a great weekend.


Top Global Security News

ZDNet (May 13, 2021) Colonial Pipeline paid close to $5 million in ransomware blackmail payment

Colonial Pipeline reportedly paid the ransomware group responsible for a cyberattack last week close to $5 million to decrypt locked systems. On Thursday, Bloomberg reported that two people close to the matter said a blackmail demand was agreed to within hours of the cyberattack that has impacted the fuel giant's systems for close to a week.

On May 7, Colonial Pipeline experienced a ransomware attack which forced the company to temporarily close down its operations and freeze IT systems to isolate the infection.

While pipelines are now back in business, it will be days before normal service resumes -- and the issues surrounding supply have already caused panic buying across some cities in the United States.

The publication says that the payment was made to DarkSide malware operators in cryptocurrency in order to secure a decryption key and restore systems rendered inoperational by the ransomware.


Engadget (May 13, 20221) Biden signs cybersecurity executive order in the wake of pipeline shutdown

Specifically citing a slew of recent incidents including SolarWinds, Microsoft Exchange server hacks and the ongoing Colonial Pipeline situation, President Biden signed an executive order today that focuses on "improving the nation's cybersecurity." The steps it lays out are supposed to improve information sharing between agencies, set policies to protect federal networks and improve the response to breaches by creating a standardized "playbook" that will be reviewed by the director of CISA.

According to a summary released at the same time, it also sets standards for software that's sold to the federal government, and tasks NIST with developing a labeling program "to educate the public on the security capabilities of Internet-of-Things (IoT) devices and software development practices" similar to existing Energy Star labels on appliances.


InfoWorldSecurity (May 12, 2021) D.C. Police Doxxed After Ransom Dispute

Cyber-criminals appear to have leaked online data belonging to the Metropolitan Police Department of the District of Columbia after the law enforcement agency allegedly failed to comply with a ransom demand.

In April, ransomware gang Babuk claimed to have stolen more than 250GB of data from the MPD. Data posted by the gang to back up their claim appeared to contain MPD reports, mug shots, internal memos, and personal information belonging to some suspects who had been placed under arrest. MPD said on April 26 that it was "aware of unauthorized access on our server" and was working to determine what data may have been compromised.

Vice reported that on Tuesday, Babuk started publishing what it claims are MPD files online after ransom negotiations broke down. The group claims that an amount of money allegedly offered by MPD to secure the files the gang claims to have stolen was too low.


ZDNet (May 10, 2021) AXA pledges to stop reimbursing ransom payments for French ransomware victims

Insurance company AXA has revealed that, at the request of French government officials, it will end cyber insurance policies in France that pay ransomware victims back for ransoms paid out to cybercriminals.

While unconfirmed, the Associated Press reported that the move was an industry first. AXA is one of the five biggest insurers in Europe and made the decision as ransomware attacks become a daily occurrence for organizations across the world. ZDNet reported last month that AXA is the cyber insurance market share leader based on standalone policies.

The changes were made only in France after cybersecurity leaders within the French government and French Senators aired concerns about the massive payouts going to cybercriminals during a roundtable in Paris in April.


HealthITSecurity (May 10, 2021) Scripps Health EHR, Patient Portal Still Down After Ransomware Attack

Scripps Health is continuing to operate under EHR downtime procedures and its website and patient portal remain offline, nine days after a ransomware attack struck its servers. The California Department of Health (CDPH) has since confirmed the outages were caused by ransomware.

“The ransomware attacks were reported to the department. As required by state and federal law, hospitals are required to provide proper patient care at all times, including in any emergency situation,” a CDPH spokesperson said in a statement.

“CDPH is actively monitoring the hospitals impacted. These hospitals are operational and caring for patients using appropriate emergency protocols in inpatient areas of the hospital,” they added. “The department has authority to involuntarily suspend facility licenses in extreme circumstances that pose immediate risk to patient safety.”


Other Industry News

NatWest Bank scheduled payments bug may have cost you money - Bleepingcomputer

Two thirds of CISOs across the world expect damaging cyberattacks in the next 12 month - ZDNet

DarkSide explained: the ransomware group responsible for Colonial Pipeline cyberattack - ZDNet

Shift right developers knowingly release insecure applications says report – Portswigger

Thousands of patient records exposed after ransomware attack on CaptureRx - Healthcare IT News

City of Chicago Hit by Data Breach at Law Firm Jones Day - SecurityWeek

Physics laboratory exposed documents credentials – Databreach Today

New Android malware targeting banks in Italy, Spain, Germany, Belgium and the Netherlands – ZDNet

UK smart city cyber plan: 'A brilliant start', say experts - Verdict

Like what you’re reading? Head to the Subscriber form in the sidebar to get insightful GlobalSign content delivered directly to your inbox.

Share this Post

Related Blogs