Jun 152019

Zach Clemens reports that Estes Park Health suffered a ransomware attack on June 2. No data was exfiltrated, but it was locked up, and after consulting with their cyberinsurer and IT people, they decided that they had to pay the ransom.

“At that point in time we are looking at the patients we have internally, we are looking at what is coming through the door and monitoring everything that was going on,” Leaming said.

And THAT’s what people who are not in healthcare don’t “get” when they blithely just advise entities to never pay ransom. If you are a healthcare facility you have to try to determine whether you can protect patient safety and health if you don’t pay the ransom. If your computer system got locked up but you have usable backups, then you are in a different situation than if your computer system was locked up and you’re the trauma center for your region.

“I think it is important to say that likely the only way to restore the software in the clinic and the only way we were able to restore the imaging and so forth is because our insurance company paid the ransom money and we were able to get the keys to unlock those files,” Leaming said.

Leaming did not mention having usable backups, and that is something that I expect the insurer asked about and that OCR will ask about.

EPH had to pay a $10,000 deductible to the insurance company for their payment of the ransom. Yet Leaming did say that an initial amount was paid, and as they were unlocking files, they found more locks, which they had to go back and pay the hackers more.

It is not clear how much they paid, total. Nor do they reveal the type of ransomware used.

Read more on the Estes Park Trail-Gazette.

Jun 132019

Seen on d/darknetlive:

On June 12, French law enforcement arrested the three suspected administrators of the French DeepWeb Market, the largest darkweb market in France. The administrators are facing charges in connection with the drug trafficking that took place on the site and several related crimes.

Three people were detained on June 12 as part of an operation aimed at dismantling a major illegal dark web platform that sold drugs, weapons and forged documents, French news outlets reported.

This operation, the second of its kind within a year, targeted the “French Deep Web-Market” or “FDW-Market.” The market was considered one of the most prolific darkweb marketplaces in France with almost 6,000 buyers and 700 vendors.

Source: lefigaro.fr

You can read the full post on dread.

Jun 132019

Sergiu Gatlan reports:

A critical flaw in the Evernote Web Clipper Chrome extension could allow potential attackers to access users’ sensitive information from third party online services.

“Due to Evernote’s widespread popularity, this issue had the potential of affecting its consumers and companies who use the extension – about 4,600,000 users at the time of discovery,” says security company Guardio which discovered the vulnerability.

Read more on BleepingComputer.

Jun 122019

Liisa Thomas, Sarah Aberg, Kari Rollins, and write:

The SEC recently issued a risk alert warning about using vendors and cloud-based platforms. Many broker dealers and investment advisors are turning to these third parties to store customer data. In its alert, the SEC’s Office of Compliance Inspections and Examinations warns firms that relying on those third parties’ security tools is not, in and of itself, sufficient for the companies to demonstrate compliance with Regulations S-P and S-ID. These regulations require broker-dealers and investment advisers to protect customer records and detect and prevent identity theft.

Read more on SheppardMullin Eye on Privacy.

Jun 122019

Catalin Cimpanu reports:

Two hacker groups are responsible for a huge spike in the number of hacked Magento 2.x shopping sites, according to Willem de Groot, founder of Sanguine Security.

This is now the third month in a row when the number of hacked Magento 2.x sites has doubled, after it previously doubled from March to April, and again from April to May.

Read more on ZDNet.