We care about your data, and we'd use cookies only to improve your experience. By using this website, you accept our Cookies Policy.
The LockBit ransomware gang has begun releasing data allegedly stolen from the University of Sherbrooke in Quebec. The university confirmed a compromise in one research laboratory but stated that it had not been hit with ransomware, leaving the nature of the compromised data uncertain. The incident, affecting a student body of approximately 31,000 and 8,200 faculty and staff, has not disrupted university activities. Threat actors target educational institutions, often pressuring them to pay ransoms for stolen data, exploiting the sector's resource constraints. Canadian universities, including the University of Waterloo and Memorial University's Grenfell campus, have faced cyber-attacks, leading to disruptions and heightened security measures. (itworldcanada.com)
My Thoughts: The release of data by LockBit raises concerns about the compromised information's nature. The authenticity and details of the breach need to be addressed by the University to calm nervous individuals, whose data may be compromised.
Any public institution and enterprise must swiftly assess the extent of the breach, including whether personal information or intellectual property is at risk. Let’s assume data was compromised / stolen, the big question I have is; What kind of data was compromised? Often companies don’t have a great handle on their data inventory. When was the last time your company took an inventory of its assets, including data? A university is a business, and their reputation matters.
Take control of your digital security – explore our services here.
A cybersecurity company, Emsisoft, is urging governments to ban ransom payments to thwart ransomware attacks, especially on critical infrastructure providers like hospitals and schools. Emsisoft's plea comes as they release record numbers for 2023, reporting over 2,200 U.S. hospitals, schools, and governments directly impacted by ransomware, with additional indirect impacts on supply chains. The company argues that banning payments would undermine the profitability of ransomware, prompting attackers to shift focus to less disruptive cybercrimes.
Emsisoft points to successful bans in North Carolina and Florida, emphasizing that disruptive consequences were not observed. In 2022, 48 countries, including Canada and the U.S., committed to not giving in to ransomware demands under the International Counter Ransomware Initiative (CRI). (itworldcanada.com)
My Thoughts: This raises a very philosophical debate. A ban on payments could potentially discourage bad actors, knowing they may not get paid when successfully breaching a company, but doesn’t necessarily solve the problem. At the end of the day, companies will need to do what’s in the best interest of their organization. Face a fine or pay ransomware groups? Could be a tough decision.
I have a better idea. Invest in the best of breed cyber resilience solutions, make your processes better and train your employees. Banning payments is not all that bad an idea. While it won't eliminate all cybercrime, do you think it would discourage high-impact attacks on critical infrastructure?
Ransomware has evolved into a billion-dollar industry, with estimates of $450 million in payments during the first half of the previous year. The surge in cyber-attacks, doubling in frequency and payments each year, is attributed to the anonymity of cryptocurrency. The automotive sector, though not widely publicized, is increasingly vulnerable to ransomware attacks, with transportation-sector incidents doubling. Cybersecurity experts warn of the growing magnitude of attacks, exemplified by a ransomware assault on Orbcomm affecting trucking companies' operations across North America.
Automakers are the most targeted manufacturing subsector, facing threats to VINs, phone numbers, emails, and even physical addresses. Concerns escalate as hackers explore the potential to control or weaponize vehicles, with instances during the Russia-Ukraine war highlighting the susceptibility of farm machinery and ride-hailing apps. Critical vulnerabilities in various car brands, exposed by white-hat hackers, emphasize the ease of exploiting telematics systems in modern vehicles. (driving.ca)
My Thoughts: The anonymity of cryptocurrency facilitates these attacks, making it challenging to trace the perpetrators. Also, the fear of hackers gaining control or weaponizing vehicles is a legitimate concern. Recent incidents during geopolitical conflicts highlight the vulnerability of farm machinery and ride-hailing apps to cyber-attacks.
Cars and other IoT devices, like businesses, need to frequently update their equipment, operating systems, applications, and security software to patch vulnerabilities. Cybercriminals often exploit outdated software to launch attacks.
How do we halt the repetitive pattern of security vulnerabilities?
Gallery System, a major museum software provider, suffered a ransomware attack causing the encryption of its computer systems, including the eMuseum platform. The New York-based company, with over 800 clients in 31 countries, temporarily shut down its IT systems to prevent further encryption. Active eMuseum operators, such as The Museum of Fine Arts Boston and the Crystal Bridges Museum of American Art, are affected.
The attack potentially jeopardizes sensitive information stored in a Gallery Systems program called TMS, which holds data on donors, loan agreements, and artwork storage locations. While it remains unclear if hackers accessed the TMS system, the company plans to restore data using the last available backup. The incident underscores the risk of ransomware in the cultural sector and the potential compromise of valuable information. (psmag.com)
My Thoughts: The potential compromise of sensitive information in the TMS system raises concerns about the broader impact on donors, loan agreements, and priceless artworks... Gallery Systems' decision to restore data from the last available backup is not enough.
Immediate communication and transparency with affected clients are crucial during ransomware incidents. The company needs to provide regular updates on the restoration process and any security measures implemented to prevent future attacks.
How can we break free from this cycle of persistent cyber threats?
Your cybersecurity journey starts here – browse our company and see how we do it.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.