SC Magazine: Policyholders may be the primary target in hack of cyber insurance provider CNA

SC Magazine: Policyholders may be the primary target in hack of cyber insurance provider CNA. “Insurance firm CNA Financial, a prominent provider of cyber insurance, confirmed a cyberattack against its systems, which has some concerned that cybercriminals may target policyholders. Cybercriminals generally know that companies represented by a cyber insurance company are more likely to pay a large ransomware demand than an uninsured business that doesn’t have the financial backing.”

Bleeping Computer: Computer giant Acer hit by $50 million ransomware attack

Bleeping Computer: Computer giant Acer hit by $50 million ransomware attack. “Computer giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000. Acer is a Taiwanese electronics and computer maker well-known for laptops, desktops, and monitors. Acer employs approximately 7,000 employees and earned $7.8 billion in 2019.”

StateTech Magazine: New Forms of Ransomware and 5G Smart City Attacks Could Cause Real Harm, Expert Warns

StateTech Magazine: New Forms of Ransomware and 5G Smart City Attacks Could Cause Real Harm, Expert Warns. “The threat of ransomware attacks for state and local governments has been an ever-present peril over the past several years, one that has gotten worse, experts say. What’s more, the threat is likely going to evolve to attack cloud service providers that host government services. That’s according to cybersecurity expert Theresa Payton, who detailed her IT security predictions for 2021 and 2022 during a recent webinar sponsored by CDW and Intel.”

NBC News: Ripe for extortion? Navajo Nation hospital targeted by large-scale ransomware hack

NBC News: Ripe for extortion? Navajo Nation hospital targeted by large-scale ransomware hack. “Last year, at least 560 health care facilities were infected with ransomware, according to a survey from the cybersecurity company Emsisoft. In October, amid a particularly brutal wave of attacks, several federal agencies issued warnings of ‘an increased and imminent cybercrime threat’ to hospitals. An advisory from the American Hospital Association laid out how the Covid-19 pandemic had encouraged cybercriminals ‘to exploit, victimize and profit’ from ransomware attacks.”

Ransomware: Sharp rise in attacks against universities as learning goes online (ZDNet)

ZDNet: Ransomware: Sharp rise in attacks against universities as learning goes online. “The number of ransomware attacks targeting universities has doubled over the past year and the cost of ransomware demands is going up as information security teams struggle to fight off cyberattacks. Analysis of ransomware campaigns against higher education found that attacks against universities during 2020 were up 100 percent compared to 2019, and that the average ransom demand now stands at $447,000.”

Associated Press: Cybercops derail malware botnet, FBI makes ransomware arrest

Associated Press: Cybercops derail malware botnet, FBI makes ransomware arrest. “European and North American cyber cops have joined forces to disrupt what may be the world’s largest network for seeding malware infections. The operation appears to strike a major blow against criminal gangs that have used that network for years to install ransomware for extortion schemes and to steal data and money.”

The Register: Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online

The Register: Clop ransomware gang clips sensitive files from Atlantic Records’ London ad agency The7stars, dumps them online. “The attack appears to have happened after 15 December, when The7stars’ annual return was prepared for filing with Companies House. While the document talks in length about its healthy financial performance, it mentions nothing about cyber risks or attacks. Screenshots published on the Clop gang’s Tor website show scans of passports, invoices, what appears to be a photo from a staff party and, ironically, a ‘data protection agreement.’”

AP: As hospitals cope with a COVID-19 surge, cyber threats loom

AP: As hospitals cope with a COVID-19 surge, cyber threats loom. “By targeting providers with attacks that scramble and lock up data until victims pay a ransom, hackers can demand thousands or millions of dollars and wreak havoc until they’re paid. In September, for example, a ransomware attack paralyzed a chain of more than 250 U.S. hospitals and clinics. The resulting outages delayed emergency room care and forced staff to restore critical heart rate, blood pressure and oxygen level monitors with ethernet cabling.”

The Register: ‘Malwareless’ ransomware campaign operators pwned 83k victims’ MySQL servers, 250k databases up for sale

The Register: ‘Malwareless’ ransomware campaign operators pwned 83k victims’ MySQL servers, 250k databases up for sale. “A ‘malwareless’ ransomware campaign delivered from UK IP addresses targeting weak security controls around internet-facing SQL servers successfully pwned 83,000 victims, according to Israeli infosec biz Guardicore.”

MIT Technology Review: Ransomware did not kill a German hospital patient

MIT Technology Review: Ransomware did not kill a German hospital patient. “When a German hospital patient died in September while ransomware disrupted emergency care at the facility, police launched a negligent-homicide investigation and said they might hold the hackers responsible. The case attracted worldwide attention because it could have been the first time law enforcement considered a cyberattack to be directly responsible for a death. But after months of investigation, police now say the patient was in such poor health that she likely would have died anyway, and that the cyberattack was not responsible.”