1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

7/7/2019

0 Comments

Disturbing Trend: More and More Ransomware Attack Victims Are Paying Ransom

 
ransomware attack

Disturbing Trend: More and More Ransomware Attack Victims Are Paying Ransom

UK's largest police forensics lab Eurofins reportedly paid ransom to ransomware attackers. The company joins the growing list of organizations that paid ransom to ransomware attackers.

The BBCrecently reported that Eurofins, UK's largest police forensics lab, paid an undisclosed amount to attackers after its computers were crippled by a ransomware attack. Eurofins Scientific, which has about 45,000 staff in more than 800 laboratories across 47 countries, is one of the global independent market leaders in testing and laboratory services for forensics. Eurofins Forensics Services, Eurofins Scientific's Forensics subsidiary which is based in the UK, is one of the primary forensic services providers to the UK police.

Last June 3, Eurofins Scientificdisclosed that during the first weekend of June 2019 (1stand 2ndJune) it fell victim to ransomware attack which caused disruption to many of its IT systems in several countries. The company said, in a statement, that from June 4th, it was able to “resume full or partial operations for a number of impacted companies and continue to do so every day”. As of June 17th, the company said, the vast majority of affected laboratories’ operations had been restored.

The ransomware involved, Eurofins Scientific said, appears to be a new ransomware variant which was “initially non-detectable by the anti-malware screen of our leading global IT security services provider at the time of the attack and required an updated version made available only hours into the attack”.

In a ransomware attack, a malicious actor or actors lock out legitimate users of IT systems or computer files through encryption (the process of converting plain texts to codes so that only people with access to a secret key, also known as decryption key, can access it). Ransomware attackers demand from their victims to pay ransom in exchange for the decryption keys that would unlock the encrypted IT systems or computer files.

Growing List of Ransomware Victims Paying Ransom

Eurofins Scientific joins the growing list of ransomware victims paying ransom. Two cities in Florida, U.S. and 2 towns in Ontario, Canada publicly admitted that they paid ransom to ransomware attackers.

Last June 17th, the City Council of the City of Riviera Beach, Florida unanimously approved the payment of ransom to ransomware attackers. A total of 65 bitcoins was paid to the ransomware attackers, equivalent to approximately $600,000 at the time of the ransom payment approval.

A few days after the ransom payment approval of the City Council of Riviera Beach City, another city in the Florida state Lake City paid its own ransomware attackers ransom. Lake City Mayor Stephen Witt told a local mediathat Lake City will pay cyber attackers USD $460,000 to get its computer system back. “I would’ve never dreamed this could’ve happened, especially in a small town like this,” the Lake City Mayor said.

Two towns in Ontario, Canada, the Town of Wasaga Beach and Town of Midland, have also publicly admitted that they paid ransom to ransomware attackers. Jocelyn Lee, Director of Finance and Treasurer of the Town of Wasaga Beach, reported to the City Council of Wasaga Beach that on April 30, 2018 the Town’s computer system was infected with a malicious software (malware) that left all of the Town’s data locked. Lee said the Town ended up paying the ransomware attackers 3 bitcoins, equivalent to $34,950 Canadian at the time of the ransom payment.

The Town of Midland, Ontario, meanwhile, in a statement said that on September 1, 2018, the Town's network was infected with ransomware. The Town said that it paid an undisclosed amount to the ransomware attackers in exchange for the decryption keys. In paying the ransom, the Town of Midland said, “Although not ideal, it is in our best interest to bring the system back online as quickly as possible.”

To date, South Korean web hosting company Nayanaholds the record of paying the most expensive ransom, totaling 397.6 bitcoins, valued USD$1.01 million at the time of the ransom payment.

Prevention & How to Recover from Ransomware Attacks

All ransomware victims that decided to pay ransom have one thing in common: They all failed to conduct regular back-up of their critical data. Organizations that diligently conduct regular back-up of critical data, in time of crisis, such as ransomware attack, can simply ignore the attackers’ ransom demand.

Paying the ransom also doesn’t guarantee that attackers will hand over the correct decryption keys that will unlock encrypted IT systems or computer files. Paying the ransom could instead encourage the attackers to launch another ransomware attack or the attackers could increase their ransom payment demand, knowing that organizations will likely consider paying the amount. 

While conducting regular back-up of critical data is important, implementing cybersecurity measures that prevent ransomware attacks are equally important as well. The UK's National Cyber Security Centre (NCSC)recently issued a Ryuk Ransomware Advisory. Ryuk is a particular type of ransomware that was first observed in the wild in August 2018. It has since been responsible for multiple attacks worldwide. This ransomware, in particular, targets its victims and ransom payment is set based on the target’s perceived ability to pay.

NCSC recommends the following measures in order to prevent ransomware attacks, in particular, Ryuk ransomware attacks:

  • Protect your organization’s devices and networks by keeping them up to date.
  • Whitelist applications to prevent malicious applications from running.
  • Keep any antivirus software up to date and consider the use of a cloud-backed antivirus product.
  • Implement architectural controls for network segregation and limit the opportunity for lateral movement.
  • Use multi-factor authentication to reduce the impact of password compromises.
  • Detect and quarantine as many malicious email attachments and spam as possible, before they reach end users.

You don’t need to face cybercriminals alone. When you need help, our team of professionals is ready to assist and help you mitigate risks, recover, and proactively secure your data. Contact ustoday and stay safe.

0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit