In our last post, we warned of the uptick of global ransomware attacks during the first 2 quarters of 2021. As the year continues, the volume continues to increase. Why? Certainly, more people in the world are even more dependent on the internet to communicate and work from home, opening up more vulnerabilities to a business's information. Possibly, there are more cunning and tech-savvy folks who are taking advantage of these new vulnerabilities. While the trend is to blame the COVID pandemic for everything, it certainly has changed things all over the world. Has it caused an increase in Ransomware Attacks? We can only guess, but what we DO KNOW is that if you rely on computer and network systems to keep your company's and your client's information secure AND keep your systems up and running efficiently and consistently; you must be prepared and protected from hacking. Ransomware is a particularly frightening online attack that affects a wide variety of business types. Approach Network Solutions thought we would share some of the worse Ransomware Attacks of 2021.
In 2020, attacks on the education sector rose significantly. That activity still has not ceased. While many schools have been hit by ransomware in 2021, the Buffalo Public School system in New York serves 34,000 students and contains highly sensitive information that may have been leaked. The ransomware attack on March 12 shut down the entire school system, canceling both remote and in-person instruction for an entire week. Buffalo Schools Superintendent Kriner Cash issued a statement on March 15 that said the school was "actively working with cybersecurity experts, as well as local, state, and federal law enforcement to fully investigate this cybersecurity attack."
Applus Technologies, which provides testing equipment to state vehicle inspection stations, suffered a ransomware attack that disrupted its systems for weeks. The attack knocked inspection services offline across a number of states. In Massachusetts alone, where Applus is used in thousands of inspection sites, the state's Registry of Motor Vehicles (RMV) was forced to extend deadlines for vehicle inspection stickers indefinitely. An Applus statement referred to the service as only "temporarily interrupted," but even weeks later, vehicle inspections continued to be postponed. The cause behind the long downtime is unclear because in its initial statement, Applus said it detected and stopped a malware attack on March 30. Further details on the attack and the type of ransomware have not been revealed. The Massachusetts RMV resumed inspection sticker services at most locations on April 17, while services in other states resumed later that month.
On May 14, the government organization that runs all public health services in Ireland shut down IT systems in the wake of a significant ransomware attack, and operations have yet to return to normal. While HSE systems were forced offline as a precautionary measure only, and the National Ambulance Services were operating as normal, access to many health services was disrupted. Because systems were not operating as usual, patients experienced delays and, in some cases, cancellations.
It was not until June 30 that online registration for medical cards was restored. Additionally, healthcare centers asked patients to bring in paper documents since computer records were inaccessible. Despite the disruptions, Ireland's public health network said it would not pay the ransom and neither would the government.
However, there was evidence that patient and staff information was accessed in the cyber attack and that some of the data was leaked. The organization comprises over 100,000 employees, in addition to all patients it serves. Leaked personal data could include names, addresses, contact phone numbers and email addresses. Medical information could include medical records, notes and treatment histories.
"A small amount of HSE data has appeared on the 'dark web', a part of the internet which can only be accessed using special programmes. Action is being taken to assist the people affected by this," HSE wrote in a statement on its website. HSE issued a cybersecurity incident update on July 5, stating healthcare services continue to be severely affected by the cyber attack.
JBS Foods is a leading global food company, with operations in the Unites States, Australia, Canada, Europe, Mexico, New Zealand and the UK. On May 30, 2021, JBS USA confirmed the REvil ransomware group hit the global beef manufacturer on May 30, forcing the company to shut down operations. On June 3, JBS issued a statement that its global facilities were "fully operational after resolving the criminal cyberattack." It cited its own "swift response, robust IT systems and encrypted backup servers" for the rapid recovery. However, one week later, the subsidiary of the world's largest beef producer confirmed it paid an $11 million demand. Operators behind REvil are known to use data exfiltration with threats to leak stolen data if victims do not pay. One reason JBS said it paid was to ensure no data was exfiltrated, but a vast majority of the company's facilities were operational at the time of payment. In the press release from June 9, JBS said "preliminary investigation results confirm that no company, customer or employee data was compromised."
The above are, unfortunately, just a few of the worse Ransomware attacks of 2021. Savvy businesses with information to protect know that recovery strategies should be developed for computer systems, applications and data. This includes networks, servers, desktops, laptops, wireless devices, data, and connectivity. Approach Network Solutions specializes in identifying the key aspects of your businesses computer and network infrastructure and are knowledgeable technicians know what it takes to bring your back online in a fast and effective manor to minimize downtime for you and your company.