Did this dentist chain pay the $2 million ransom?

This Cyber Weekly includes:

1. Did dentist chain pay the $2 million ransom?
2. Password Manager solution hacked - inside job
3. Troubles with electoral votes
4. NHS Update

Thanks to all 4638 subscribers. It really takes a community to fight against ransomware. By sharing and commenting on these newsletters, we can reach more people and help others from becoming a statistic. Share your comments below or simply like the post.

Bonus Fun Fact:

The volume of ransomware threats detected spiked to more than 1.2 million per month between the January-June period, a report has revealed. (Business Standard)

1. Dentist Chain Forced to Pay Ransom?

Dentist chain Colosseum Dental, based in the Netherlands had to shut down its 130 locations last week. Unfortunately, the hackers gained access to a lot of data and the dental chain did not have all the data backed up. The dental chain decided to pay the ransom. (nltimes).

My thoughts: They did mention sensitive data was stolen. It remains to be seen if Personal Health Information (PHI) was also stolen, but I’d bet some data was leaked. The article also claims they paid 2 million Euros to get their data but apparently the official amount was never disclosed. It seems like they did pay a ransom but the exact amount is unknown at this time. In these types of situations, I encourage companies to be extra careful about potential subsequent attacks should they decide to pay the ransom. Colosseum Dental should be working overtime to ensure they have mitigated any further attacks.

2. Password Manager solution got hacked

Known for being security focused, the password manager company, LastPass used by 33 million people worldwide reported they were hacked last week. They detected an unauthorized party in their development environment through a single developer account. Source code was stolen.

In statements issued publicly LastPass said, “We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally.”

‍

My thoughts: It’s unclear how the hackers accessed the development environment. “Unauthorized party” can mean a lot of things. “Through a single compromised developer account” - that sounds way too easy, which makes it worrisome. Were they using MFA? Unlike the recent Cisco hack, we got far less technical details. Ultimately it sounds like whoever breached LastPass should not have had access in the first place. Two weeks went by before notifying the public which gave them enough time to conduct a proper analysis of the situation and ensure they have secured their environment. Hiding details is a never a good idea. But let's hope they took proper measures to prevent this from happening again.

3. Troubles with Electoral Votes

In a country in a South West England, the council’s electoral records were the target of a cyber attack. The electoral register was retrieved, but the postal vote applications were lost. As a result, they are asking voters to re-apply.

Council returning officer Jon McGinty said: "We apologize for the inconvenience to voters, but we would urge them not to delay in returning their new postal vote application form so that we can make sure they can continue to vote by post at future elections." (bbc)

‍

My thoughts: Hackers will continue attacking government entities to cause the most chaos. This hack will potentially lose voters – potentially change election outcomes and disrupting the country’s election processes. This is just the tip of the iceberg. Anything is possible if we don’t start taking cyber security more seriously.

4. National Health Service (NHS) Update

The National Health Service (NHS) in Europe got hacked a few weeks ago. We reported this in an earlier Cyber Weekly. What we know now is that a lot of services were disrupted and it’s going to take up to two weeks to retrieve the lost information. But it’s already 22 days since the attack and data has not been restored.

It is estimated that for every passing day it will take an additional two weeks to go back to normal. At this rate, it looks like it will take a year for things to return to status quo.

One source said: “Its total chaos…there have been incidents with drugs being given at the wrong dose to people who couldn’t check the dose.” (independent)

‍

My thoughts: Speaking of things getting worse. This is a good example. Recurring themes in Cyber Weekly: 1) backup your data, 2) due diligence on our vendors, 3) Educate your employees 4) limit access to data to employees. We go through these themes every week. Which one stands out the most to you?

‍