August - 2021 Major Ransomware Attacks

This Ransomware Report is Courtesy of Blackfog, Inc.

In August we uncovered 21 reported ransomware attacks with government and healthcare being the most targeted during the month. The first healthcare incident took place in Italy where the Italian vaccination registration system was taken offline by RansomEXX. While US based Eskenazi Health and Memorial Health System were forced to divert ambulances and cancel procedures  due to ransomware attacks. Here’s a summary of what we uncovered during the month.

  1. The first reported incident of the month took place in Italy where the Italian vaccination registration system was taken offline by the RansomEXX gang. The attack on Italy’s Lazio region had rendered every file in the system inaccessible and meant that residents of the region which includes Rome, were unable to book Covid-19 vaccinations.

  2. Venture capital firm Advanced Technology Ventures made headlines after a ransomware attack resulted in the theft of personal information relating to its investors. It’s estimated that 300 investors were impacted by the attack which was disclosed when a letter was sent to the Maine Attorneys General’s Office. Data exfiltrated during the attack included names, email addresses, phone numbers and Social Security Numbers of individual investors in company funds.

  3. The Isle of Wight Education Federation in the UK was next to disclose that their IT systems were impacted by a ransomware attack which affected six schools.  The ransomware attack encrypted the schools data and left staff with no access to the network.

  4. Italian energy group ERG reported minor impact on their organization following at attack from the LockBit 2.0 gang. The company shared updates on social media which confirmed the rumors around the attack saying that “they had experienced only a few minor disruptions to ICT infrastructure which were quickly being overcome due to the prompt deployment of its internal cybersecurity procedures.

  5. Eskenazi Health in Indiana was forced to divert ambulances following a ransomware attack. The hospital shared that they had shut down the network out of “an abundance of caution and to maintain the safety and integrity of our patient care”. It’s not yet known who was behind that attack.

  6. Up next is the City of Joplin in Missouri whose insurer paid an unknown criminal gang $320,000 to prevent data from being shared following a ransomware attack. A forensics investigation is ongoing to determine the type of data accessed.

  7. Another Italian attack, this time it’s luxury fashion house Ermenegildo Zegna. The company which is the largest menswear brand in the world by revenue operates 480 retail stores. The RansomEXX criminal gang claimed the attack and admitted to exfiltrating 20.74GB of data from the company.

  8. The next victim for RansomEXX was Taiwanese PC manufacturer Gigabyte. Sources told news outlet Bleeping Computer that the gang had stolen 12GB of sensitive internal data as well as info from a code repository during the attack. The company is working with law enforcement and has not commented on whether or not they would pay the ransom.

  9. Up next is Ireland headquartered global IT consultancy giant Accenture who became a victim of the LockBit ransomware gang. The cybercriminal gang claimed to have stolen 6TB of files and demanded a $50 million ransom.

  10. The Department of Environmental Protection in Maine issued a warning to municipalities to be on alert following two ransomware intrusions that occurred in the Aroostook County town of Limestone and the town of Mount Desert on Mount Desert Island. A spokesperson said both attacks were fairly minor and there was no health and safety threat to the public.

  11. An attack on Memorial Health System saw dozens of hospitals and clinics in West Virginia and Ohio cancelling surgeries and diverting ambulances following a ransomware attack. Staff access to IT systems was affected across virtually all operations at the health system which represents 64 clinics.

  12. Twin Falls Idaho experienced service disruptions impacting most of its departments for a 2 week period following a ransomware attack, thankfully emergency services ran on a different system and were not affected. A forensics specialist was brought in to investigate.

  13. The Ministry of Economy of the Government of Brazil announced that the internal network of the National Treasury was hit by a ransomware attack. Multiple government agencies and security specialists were brought in to investigate the incident which is said to have impacted the internal network.

  14. Forviva Group, a UK based social housing group confirmed that data had been stolen from ForHousing and Liberty, two organizations within the group. They confirmed that no tenant or staff data from ForHousing’s systems had been accessed during the ransomware attack, but ‘a small amount’ of data from Liberty had been compromised.

  15. Tokio Marine Insurance Singapore, a subsidiary of Tokio Marine Group, released a statement confirming a ransomware cyberattack. In the statement they shared that they had contained the attack and that there was no indication of a breach of customer or confidential information. A third party has been brought in to investigate.

  16. Nokia subsidiary SAC Wireless was a victim of the Conti ransomware gang who were able to successfully breach its network, exfiltrate data and encrypt the company’s systems. Personal information relating to past and current employees was compromised. The gang claimed to have stolen 250GB of files.

  17. Next to make headlines was Bangkok Air, Thailand’s third largest airline. The company issued a press release confirming the attack after the LockBit gang posted a message on the Dark Web threatening to release stolen data if the ransom wasn’t paid. The hackers claimed to have stolen over 200GBs of data. The airline was not interested in negotiating with the criminal gang.

  18. A ransomware attack at Eye & Retina Surgeons (ERS) in Singapore has potentially exposed the personal data of more than 73,000 patients. Following the attack the Singapore government instructed ERS to work with the country’s federal cybersecurity agency to implement stronger defences against future attacks.

  19. The Ste. Marie Police in Ontario Canada became a victim of ransomware in the third week of August. Following the attack they issued a statement stating that its 911 service or online reporting for less urgent crimes had not been impacted. At time of writing email remains unavailable and the organization has not confirmed whether police dispatch or record systems had been impacted.

  20. The City of Rolle located near Lake Geneva in Switzerland initially downplayed the impact a ransomware attack that they described as a ‘weak attack’. Soon after however, the criminal gang known as Vice Society posted a large number of confidential documents to the Dark Web. The city then issued a press release saying they regretted underestimating the seriousness of the attack. The city did not pay the attackers.

  21. Indiana based CarePointe ENT, an ear, nose, throat, sinus and hearing center, suffered a ransomware attack that may have exposed the personal health data of nearly 50,000 patients. The ransomware attack encrypted the electronic health data which may have included information such has name, address, date of birth, social security, etc. The organization released a statement to patients saying they believed the attackers wanted money and not their data but they should be aware their information was encrypted by the attackers.

                                                  Courtesy of BlackFog.com

Our Ransomware Solutions are Unique and Innovative... Give us an Hour and we Will Show You why Our customers are Not on this List...