It can be tiring – to keep hearing about how cyberattacks keep happening. Beyond the national level - when we see examples happen near us, on the local or state level, it hits close to home.
It seems that every day, we see major hits on the malware and ransomware front. Take for example, the City of Cleveland, Ohio – they were targeted three weeks ago by a ransomware attack and they’re still feeling the effects. The City of Cleveland said they won’t pay the ransom to retrieve their stolen data despite their offices being closed for days and being crippled for weeks. According to Crain’s Cleveland – it’s not just Cleveland: “Cleveland isn't alone. In May, both Wichita, Kansas and Hamilton, Ontario, Canada experienced similar attacks. And last spring, the city of Dallas, Texas was also attacked and wound up paying the ransom”
The big debate – to pay or not to pay. How does the ransom part usually play out? In the case of a ransomware attack, companies sometimes hire a security company where they will try to resolve the issue first, to remove the malware but, companies may also utilize ransomware negotiators. “The ransomware operators will ask for some amount of money and negotiators will try to negotiate it down,” “What we have seen is the threat actors or, or hackers, will actually find the corresponding insurance policy and see that you have $5 million worth of cyber insurance so they will ask for $5 million.” The negotiator will then arrange a payment using the hackers favored payment choice, cryptocurrency. But, smaller organizations likely would not even know how to buy Bitcoin – that’s why they end up hiring a company to handle payments to the hackers.
Here is another recent example, on June 24th it was reported that hackers rendered a company called CDK, an auto dealer software management system, unavailable for days. With CDK, hackers demanded ransom to restore its systems. How much? ‘Tens of millions.’ Ouch. It affected not only Ohio based car dealerships but likely, hundreds of dealerships across the U.S. And, like with any recent hacking incident - after the fact, the company (CDK) warned car dealerships to watch out for phishing scams or anyone pretending to be from their company in their goal of trying to obtain proprietary information such as passwords. What was the after-effect of the hack? It left some car dealers unable to do business altogether, while others reported having to use old-school pen and paper – plus, sticky notes to document transactions. The group responsible? The ‘BlackSuit Cybercrime Gang.’
This goes back to what we have mentioned in our earlier blog posts – that cities, companies, etc. need to keep educating and reminding their employees – before an attack, to watch out for phishing attempts.
So, we covered cities affected, a massive software platform that compromised car dealerships across the U.S. but we also have the Federal Reserve – yep, you read that correctly – the Federal Reserve.
Another gang called ‘LockBit’ claimed they hit the Federal Reserve – saying they have 33 terabytes of U.S. banking data. According to this hacker gang: “In the post on the leak site, LockBit said that the authorities had until June 25 to pay an undisclosed amount” or else, “the hackers will presumably make the leaked data public.” And, they did – on June 25th Cyber news reported: “the LockBit ransomware gang published a massive cache of files allegedly stolen from the US Federal Reserve central banking system after an apparent negotiation breakdown. The Russian-linked gang posted 21 separate links, containing files of what appears to be parent directories, torrents, and compressed archive files belonging to another US financial institution, Evolve Bank and Trust.”
If the aforementioned Federal Reserve breach is true (the Federal Reserve has not commented as of June 26th, 2024) – it would be “one of the biggest banking hacks in US history. Being the central banking system of the country, the Federal Reserve operates 12 banking districts in major cities such as Boston, New York, Dallas, Chicago, and San Francisco.” Analysts are still trying to find out if LockBit’s claim is real – since, in the past they have made two false claims about breaching federal agencies. We’ll be sure to keep you posted on whether the attack on the Fed is real, if true, it’s huge.
What to do? As always, stay vigilant and as we have mentioned in our previous posts – your organization needs to have an appointed person, a sort of cyber-threat-czar. Their job would be to be the point person that ensures your organization stays on top of the latest threats and educates employees on a regular basis on how to avoid being a victim of phishing attacks and more.