A rough week in ransomware….
The following are just a few of the entities hit by ransomware attacks this week:
USNR LLC is a manufacturing firm in Woodland, Washington. On their site, they describe themselves as “the world’s largest, most comprehensive supplier of equipment and technologies for the wood processing industry.”
And according to a notification they sent, on September 28, they were hit with a ransomware attack that impacted 3,950 people. They first became aware of the intrusion on October 25. Their investigation revealed that the attackers not only encrypted files but could have accessed information on current and former employees, including names, addresses, dates of birth, social security numbers, bank account information, and beneficiary information (including names, addresses, dates of birth, and social security numbers of beneficiaries).
In response to the incident, USNR is rebuilding its internal network and infrastructure, and is offering services from Equifax to potentially affected employees, even though they have no evidence at this point that there has been any misuse of the data. The notification letters with the offers of services are scheduled to go out on December 7.
But USNR is not alone this week in disclosing ransomware attacks:
Shirbit, the Israeli insurance firm whose ransomware attack was previously disclosed earlier this week, seems to have totally mangled their attempts to negotiate with Black Shadow. You can spectate that disaster on Telegram, where the attackers paste some of their interactions with their victims and dump even more of their data. And there’s a lesson to be learned from this one: you may be smart, folks, but trying to negotiate with criminals on your own is risky. Get professional help and advice.
Multinational human resources firm Ranstad also fell prey to a ransomware attack. In a statement about the incident, the firm wrote, “”To date, our investigation has revealed that the Egregor group obtained unauthorised and unlawful access to our global IT environment and to certain data, in particular related to our operations in the US, Poland, Italy and France.” Sam Varghese of ITWire has more on this incident.
Metro Vancouver’s TransLink also confirmed a ransomware attack. Amy Judd and Simon Little of GlobalNews.ca have more on this one. TransLink’s most recent updated statement as of the time of this publication was yesterday, December 4.
And while we’re reporting on an attack in Canada, there’s an update on a ransomware attack on Parkland Corporation, a multi-million dollar publicly-traded Calgary energy firm. Howard Solomon reports on ITWorld Canada that the attackers have started leaking data. The firm has not actually confirmed that this was a ransomware attack, but it has all the signs and symptoms of one from what has been revealed publicly.
Sadly, these are just a drop in the bucket of the many attacks that were revealed this weak on dark web sites. And even if you have backups you can restore from if you are hit, there is still the risk of attackers extorting you so that they don’t dump your proprietary information or the personal information of your employees, or students, customers, or patients.