InTegriLogic Blog
The Week in Breach News: 05/03/23 – 05/09/23
This week: It’s an all ransomware edition featuring an attack that snarled operations for the city of Dallas, Texas, two big hits by ALPHV/BlackCat and an attack that shut down a medical center for two weeks.
Murfreesboro Medical Clinic & SurgiCenter (MMC)
https://www.hipaajournal.com/ransomware-attack-results-shutdown-operations-tn-medical-clinic/
Exploit: Ransomware
Murfreesboro Medical Clinic & SurgiCenter (MMC): Healthcare Provider
Risk to Business: 1.622 = Extreme
The Murfreesboro Medical Clinic & SurgiCenter (MMC)in Tennessee has been forced to shut down operations for two weeks as the result of a devastating ransomware attack. The incident began on April 22, resulting in a complete shutdown of the facility’s systems to limit the spread of the attack. Some individual offices within the system have reopened, but many major functions including a surgical center remain closed. MMC officials said that they have been working with cybersecurity experts and law enforcement to investigate the incident and determine the extent of the attack and restore full operations.
How It Could Affect Your Business: a virtually complete closure for two weeks is a disaster for this medical group and the community it serves.
AvidXchange
https://techcrunch.com/2023/05/03/avidxchange-second-ransomware-attack-2023/
Exploit: Ransomware
AvidXchange: Payment Processor
Risk to Business: 1.762 = Severe
North Carolina-based payments company AvidXchange has disclosed that it is suffering its second ransomware incident of 2023. The RansomHouse ransomware gang has claimed responsibility for the attack and released the stolen data on its leak site. That data includes non-disclosure agreements, employee payroll information and corporate bank account numbers. The data that was published by RansomHouse also includes many user accounts’ login details, including usernames, passwords and, in some cases, answers to security questions for a variety of the company’s systems, including cloud accounts and security software, through to smart door locks and surveillance cameras. The company said that it detected the intrusion in early April.
How It Could Affect Your Business: This type of financial data is extremely desirable on the dark web and valuable to bad actors, so it needs strong protection.
The City of Dallas, TX
https://www.securityweek.com/ransomware-attack-affects-dallas-police-court-websites/
Exploit: Ransomware
The City of Dallas, TX: Municipal Government
Risk to Business: 1.681 = Severe
A ransomware attack on the systems of the city government of Dallas, Texas impacted some systems last week. The attack shut down the Police Department and City Hall websites as well causing jury trials to be postponed in the Municipal Court. The computer-assisted dispatch system that is used to help firefighters respond to emergency calls was also knocked out, forcing first responders that utilize those systems to handle dispatch manually. The city said that the attack’s impact was limited and it’s working to restore affected systems. No word of any ransom demand and no one has claimed responsibility.
How It Could Affect Your Business: Governments and government agencies of every size have been prime targets for ransomware attacks in the past few years.
Edison Learning
https://thejournal.com/articles/2023/05/01/ransomware-gang-claims-edison-learning-data-theft.aspx
Exploit: Ransomware
Edison Learning: Education Management Organization
Risk to Business: 2.719 = Moderate
The Royal ransomware gang says that it is responsible for a ransomware attack on public school and distance learning management company Edison Learning. The group added Edison Learning to its dark web data leak site on April 26. It claims to have stolen 20GB of the company’s data including personal information of employees and students. Edison Learning has confirmed the incident but refused to provide further details, saying that an investigation is ongoing.
How It Could Affect Your Business: Because of the time-sensitive nature of their operations, schools are prime targets for ransomware attacks.
Constellation Software
https://www.bleepingcomputer.com/news/security/alphv-gang-claims-ransomware-attack-on-constellation-software/
Exploit: Ransomware
Constellation Software: Business Software Company
Risk to Business: 2.781 = Moderate
The ALPHV/BlackCat ransomware group successfully hit Ontario-based business software firm Constellation Software last week. The company has confirmed that some of its systems were breached by threat actors who also stole personal information and business data from a small number of systems related to internal financial reporting and related data storage. All systems have been restored. BlackCat listed Constellation on its leak site claiming to have nabbed 1 TB of data.
How it Could Affect Your Business: Supply chain attacks like strikes on business service and technology providers have been escalating, elevating supply chain risk for businesses.
UK – The National Smallbore Rifle Association (NSRA)
https://www.infosecurity-magazine.com/news/gun-owners-targeted-rifle/
Exploit: Ransomware
The National Smallbore Rifle Association (NSRA): Sports Governing Body
Risk to Business: 2.866 = Moderate
The UK The National Smallbore Rifle Association (NSRA) is warning members that it experienced a hacking incident last week that may have exposed member data. In a statement, the association assured members that the attack hit legacy servers that contain working documents and its membership portal remains secure. However, the group said it cannot be sure who was impacted because it doesn’t have access to the breached servers, leading to reports concluding that this was a ransomware incident. NSRA said that it is working with the UK’s South East Regional Organised Cybercrime Unit (SEROCU) in the investigation.
How it Could Affect Your Business: Information like this can be used by bad actors to mount spear phishing campaigns.
Australia – HWL Ebsworth
https://www.theguardian.com/technology/2023/may/02/australian-law-firm-hwl-ebsworth-hit-by-russian-linked-ransomware-attack
Exploit: Ransomware
HWL Ebsworth: Law Firm
Risk to Business: 1.883 = Severe
Australian commercial law firm HWL Ebsworth fell victim to a ransomware attack by the ALPHV/BlackCat ransomware group late last week. The bad actors claim to have snatched 4 TB of confidential company data. The group posted an assortment of data to their dark web leak site including employee CVs, IDs, financial reports, accounting data, client documentation, credit card information, and a complete network map.
How it Could Affect Your Business: Law firms can hold some very valuable and sensitive data making them very attractive targets for bad actors.
Australia – Crown Princess Mary Cancer Centre
https://theconversation.com/a-cancer-centre-is-the-latest-victim-of-cyber-attacks-why-health-data-hacks-keep-happening-205131
Exploit: Ransomware
Crown Princess Mary Cancer Centre: Specialty Medical Clinic
Risk to Business: 2.786 = Moderate
Crown Princess Mary Cancer Centre in Westmead Hospital has disclosed that it has been the victim of a ransomware attack by the cybercrime group Medusa that has led to data exposure for patients. The group claims to have grabbed thousands of files, some containing sensitive patient data, and is threatening to expose them if not paid $100,000. The clinic has not confirmed what amount or types of data were stolen. NSW Health is investigating the incident in concert with authorities.
How it Could Affect Your Business: Bad actors love to hit medical offices of all sizes hoping for a fast payment and lots of valuable data.
About the author
