Ransomware scourge continues as essential services are affected
Revelations of cyberattacks on transportation systems in New York and Massachusetts heightened concerns about the threat to U.S. businesses and essential services on Wednesday, after hackers held the world’s largest meat processor hostage this week. week.
An attack on JBS SA, the world’s largest meat company by sales, has disrupted the United States meat supply after causing JBS factories to shut down temporarily. JBS said it restarted most of its factories on Wednesday and plans to operate at near full capacity on Thursday. White House officials said the hack was likely carried out by a Russian-based group, and the Federal Bureau of Investigation attributed the attack to REvil, a criminal ransomware gang.
A ransomware attack on Wednesday disrupted ferry services in Massachusetts. New York’s Metropolitan Transportation Authority also revealed on Wednesday that it was hacked in April, although the attack did not disrupt operations, including the city’s subway system.
In May, the operator of a critical pipeline bringing gasoline to parts of the east coast paid about $ 4.4 million to regain control of its operations and restore service.
San Diego-based Scripps Health said on Tuesday it was still recovering from a cyberattack it discovered on May 1 that disrupted its patient portal, electronic medical records, radiology and other systems and has canceled or delayed appointments at its hospitals and clinics.
Emboldened by recent successes, hackers have turned away from data-rich businesses such as retailers, financial institutions, and insurance companies to providers of key public needs such as hospitals, transportation, and health care. food. The trend is part of a global criminal backbone ranging from data theft to disruptive operations via ransomware, where companies face demands for million dollars in payments to regain control of their operating systems.
“Pharmaceuticals, hospitals, healthcare, public companies, organizations that don’t have the talent and skills to defend themselves – they get beaten up. ”
President Biden said on Wednesday he would take a close look at whether to retaliate against Russia for the attacks. The president plans to raise the ransomware problem at a summit with Russian President Vladimir Putin in Geneva scheduled for June 16, the White House said. Russian officials did not immediately respond to a request for comment.
Security professionals whose business helps businesses and organizations protect and manage against these attacks have warned that it will only get worse.
“Pharmaceuticals, hospitals, health care, state-owned companies, organizations that don’t have the talent and the skills to defend themselves, they’re getting beaten up,” Kevin Mandia, chief executive officer, said Wednesday. cybersecurity firm FireEye Inc., at a conference on Wall Street. Newspaper conference on cybersecurity.
Department of Homeland Security officials on Wednesday issued new warnings about the importance of guarding against ransomware.
“The threat of ransomware continues to be serious. Ransomware can affect any organization in any sector of the economy, ”said Eric Goldstein, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency, which is part of DHS. “All organizations should urgently review our available resources and implement best practices to protect their networks from these types of threats. “
The profit potential of ransomware coupled with an explosion of remote working during the Covid-19 pandemic has provided both the incentive and the means for a ransomware boom, said Adam Meyers, vice president of intelligence at the cybersecurity company CrowdStrike. Inc.
Companies that previously viewed themselves as unlikely targets of data breaches have increasingly found themselves in the crosshairs of ransomware.
Prior to 2018, hackers viewed data-rich businesses such as financial services companies, retailers, and insurance companies as prime targets, but they shifted their focus due to the financial incentive of payouts. ransomware. Previously, they were looking to make money using data for identity theft, but ransomware offered an opportunity for industrial-scale hacking and payments that could be made quickly in hard-to-trace cryptocurrencies. like bitcoin, according to security professionals.
When ransomware shut down operations of aluminum and energy giant Norsk Hydro AS
in 2019, that was a wake-up call for the cybersecurity industry, said David Navetta, partner in the cybersecurity practice at law firm Cooley LLP.
“They hit everyone,” he said. “Any company that relies on its information technologies to provide a good or a service is a target. We have seen manufacturers; we’ve seen chemical companies; we have seen non-traditional targets being hit more frequently than four or five years ago, ”he said.
The Massachusetts attack disrupted reservations at the Steamship Authority, the largest ferry operator connecting passengers and cargo from the mainland to the islands of Martha’s Vineyard and Nantucket. Boats were able to continue sailing to the two islands, where populations increase during the summer, but the ferry operator said customers were unable to book or change their vehicle reservations online or by telephone.
Hackers launched a cyberattack in April against the New York MTA and gained access to three of the 18 computer systems used by the transport agency, although the breach had no impact on passengers, employees or sub -treaters, MTA officials said. The MTA hack had previously been reported by The New York Times.
DHS’s CISA, the National Security Agency and the Federal Bureau of Investigation notified the MTA of the violation in late April, MTA officials said. The transit agency was able to patch the vulnerabilities the next day, MTA officials said.
A forensic audit found no evidence that any accounts were compromised, MTA officials said. No employee information was viewed and no data was lost in the breach, they said. The hackers also did not make financial demands, MTA officials said. The transport agency has demanded password changes for about 3,700 employees and contractors as a precaution, they said.
Scripps warned on Tuesday that information on more than 147,200 patients had been exposed, possibly including clinical data and driver’s license and social security numbers. Last fall, ransomware groups took dozens of hospitals offline in a massive campaign, and a September hack cost United Health Services Inc $ 67 million.
Companies at risk of cyber attacks
More WSJ coverage of hacking attacks, selected by editors.
—James Rundle, Tarini Parti and Paul Berger contributed to this article.
Copyright © 2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8