A small Canadian accounting firm hit by ransomware, a criminal marketplace offering stolen data to competitors of victim firms, and more.
Welcome to Cyber Security Today. It’s Wednesday, June 23. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com.
A small accounting firm north of Toronto has acknowledged it was hit by ransomware last month. Naz Sukhram Financial Services, a six-person firm based in Vaughan which offers tax and bookkeeping services for small businesses and individuals, was victimized by the recently discovered Grief ransomware gang. The head of the financial company told me the firm’s server has been encrypted, affecting all employee and customer data. He hasn’t followed the link in a ransomware note so doesn’t know how much the crooks are asking for. For the time being the business has been paused until the server and its data has been restored. Fortunately, he said, because of the pandemic the office has been closed and work has been slow.
My longer story on this attack will be available later this morning on ITWorldCanada.com.
Meanwhile the REvil ransomware gang says a Western Canadian hotel chain is one of its latest victims. The gang has posted copies of people’s drivers’ licences, passports, job applications and an insurance benefits claim it says were copied from the files of the hotel chain. Gangs post portions of copied data as proof to victim companies they’ve been hacked. It also an extra squeeze to pay up or all of the copied data will be publicly published. I’ve left two messages for the chief executive of the company, but he hasn’t got back to me so I can’t confirm the breach of security controls.
A second tranche of stolen documents from memory and storage chip maker Adata Technology has been published by the Ragnar Locker ransomware gang. That is, the data was briefly published. According to the Bleeping Computer news service, the 700 GB of data was made publicly available on Saturday. But soon after the site where the gang stored that data was closed. Still, a smaller group of stolen documents that was published earlier this month can still be downloaded. The documents were stolen sometime before May 23rd, when Adata was hit by ransomware. The publishing of documents suggests the company isn’t paying the ransom to get decryption keys. Overall the gang claims it copied 1.5 terabytes of data.
A few days ago I reported that some people associated with the Clop ransomware group had been arrested in Ukraine. There was speculation the gang might have been put out of business. But on Tuesday a threat intelligence company called DarkTracer tweeted that the web site of the Clop gang had just posted another victim. This is allegedly a California firm that sells John Deere tractors and light construction equipment.
Ransomware groups have been trying several tactics to pressure victim firms into paying them to not publicly release stolen data. A criminal marketplace that hosts data stolen by crooks called Marketo is now doing the same. According to Bleeping Computer the site is finding and emailing the competitors of victim firms and offering them the chance to buy the data it has stolen. Some companies might be tempted to get information from the competition, although buying stolen goods might be illegal. Marketo is one of a number of data-theft extortion marketplaces that have recently opened.
One of the biggest American supermarket chains has admitted customer information on two of its databases was recently left open to be copied by anyone who knew where to find it. Wegmans’ says it became aware of the problem in April. The statement on the company’s website doesn’t say how long the databases were open. It says the cause was a misconfiguration of the databases. What could have been copied were customer names, addresses, phone numbers, birth dates and e-mail addresses. Also available were scrambled passwords for access to Wegmans.com accounts.
Finally, builders of intelligent machines that use Nvidia’s Jetson graphics modules should make sure they’re running the latest Jetson Linux software. A number of vulnerabilities have been discovered that could lead to devices being hacked. The updates close these holes.
That’s it for now Remember links to details about podcast stories are in the text version at ITWorldCanada.com. That’s where you’ll also find other stories of mine.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon