During the back-to-school season, HKCERT noticed that ransomware attacks have been targeting educational institutions all over the world while the trend of double extortion attacks continued. Related ransomware, such as Maze and Netwalker, were also very active. Users must stay vigilant.
According to research by international cyber threat intelligence company “Recorded Future”, there were 9 ransomware attacks against educational institutions in just over two months from July to early September this year, 4 of them against universities. Also, Newcastle University in UK was forced to suspend most of its information technology services due to the attack recently. In fact, targets of the ransomware are not limited to educational institutions. Other organisations including banks, hospitals, governments and power companies, etc., have also fallen victims to such attacks.
The Ransomware “Maze” and “Netwalker” are becoming More Active
We noticed that another criminal gang which uses Netwalker ransomware for double extortion is becoming more active as well, even providing Ransomware-as-a-service to its members. Recently, many large enterprises such as Equinix and K-Electric, have been successfully hacked by Netwalker operators . The University of California San Francisco also paid US$ 1.14 million of ransom for being extorted. Studies have found that Netwalker usually compromises the networks of large organizations through unpatched VPN applications, weak passwords of remote desktop service or web applications.
Ransomware Attacks Can Cause Serious Impact
Besides direct financial losses, ransomware attacks may also cause casualties indirectly. Recently, the University Hospital Dusseldorf in Germany was mistaken by hackers to be the University of Dusseldorf and found itself subject to DoppelPaymer ransomware attack. This attack also exploited the CVE-2019-19781 vulnerability of the Citrix ADC server, causing part of the medical services to be suspended. Patients in critical condition were forced to be sent to other hospitals, consequently claiming the live of one of them due to delayed treatment .
As stated above, ransomware attacks can cause severe consequences which demand protective actions to be taken early. According to “The State of Ransomware 2020” published by Sophos, hackers most often spread ransomware by phishing emails with malicious links, followed by remote attacks on servers and emails with malicious attachments . These three kinds of ransomware attack tactics have accounted for around 70% of the total cases. HKCERT advises users not to click any links or open any attachments when receiving suspicious emails. Enterprises should carefully protect their servers via disabling unnecessary ports and deploying firewalls to mitigate the risk of remote attacks.
Is your business effected by Cyber Crime?
If a cyber crime or cyber attack happens to you, you need to respond quickly. Cyber crime in its several formats such as online identity theft, financial fraud, stalking, bullying, hacking, e-mail fraud, email spoofing, invoice fraud, email scams, banking scam, CEO fraud. Cyber fraud can lead to major disruption and financial disasters. Contact Digitpol’s hotlines or respond to us online.
Digitpol is available 24/7.
UK +44 20 8089 9944