Ransomware Attacks Becoming More Widespread



More ransomware attacks made news headlines this month, with the most notable being the Oslo, Norway-based aluminum manufacturing Norsk Hydro being shut down by ransomware.

The company manufactures aluminum products, manufacturing close to half a million tons each year, and is also a significant provider of hydroelectric power in the Nordic state.

The LockerGoga malware was used to disrupt operations at one of the largest global aluminum manufacturers. According to Techcruch, “Employees were told to ‘not connect any devices’ to the company’s network.”

Wired magazine offered this Guide to LockerGoga, the ransomware that is crippling industrial firms.

Here’s a quote from the Wired article: “Since the beginning of the year, LockerGoga has hit a series of industrial and manufacturing firms with apparently catastrophic consequences: After an initial infection at the French engineering consulting firm Altran, LockerGoga last week slammed Norwegian aluminum manufacturer Norsk Hydro, forcing some of the company’s aluminum plants to switch to manual operations. Two more manufacturing companies, Hexion and Momentive, have been hit by LockerGoga—in Momentive’s case leading to a “global IT outage,” according to a report Friday by Motherboard. And incident responders at security firm FireEye tell WIRED they’ve dealt with multiple LockerGoga attacks on other industrial and manufacturing targets they declined to name, which would put the total number of victims in that sector at five or more.”

The Cost of Ransomware

At the beginning of 2019, Digital Guardian chronicled the history of ransomware attacks in this article which does a good job of defining terms, describing the effects of ransomware, explaining how the fraud works, and projecting future trends, but also underestimates the costs of ransomware in my view.


Because the research lists that ransomware costs are under $2.4 million (US), but the cost already associated with the Norsk Hydro event alone are reported to be at least $40 million – with costs still growing.

HealthITSecurity offers an article with the headline “71% of Ransomware Attacks Targeted Small Businesses in 2018. Here’s an excerpt: “About 70 percent of ransomware attacks in 2018 targeted small businesses, with an average ransom demand of $116,000, according to a recent report from Beazley Breach Response Services.

Beazley researchers analyzed 3,300 ransomware attacks against their clients last year and found the highest ransom demand was $8.5 million. The highest demand paid by one of their clients was $935,000. …”

According to Coveware’s recently released 2018 Q4 Ransomware Marketplace Report, we’re seeing scary trends in ransomware attacks:

  • Ransoms have increased by an average of 13% over Q3 in 2018 to $6733
  • Attacks on backups as part of the ransomware attack have increased by 39% over Q3 2018
  • The average victim company size has risen from 38 to 71 employees

Ransomware Attacks on Governments Continue

In the past few days, the City of Albany, New York, was attacked by ransomware, according to their mayor.

Over the past year, there were numerous cities, counties and state government agencies hit by ransomware.

Back in 2017, I wrote this piece of ransomware attacks in government up to that time. And since 2017, attacks have only accelerated.

If you think insurance will take care of any costs, you may need to think again. I was surprised to read that some insurers are not paying if they can claim “an act of war.” Consider this article:

Citing “Act of War” Clauses, Insurers Refusing to Compensate Firms Hit in Ransomware Attacks – “Global insurance firm Hiscox is the now second insurance firm known to have refused to pay out a company damaged in a NotPetya cyberattack, Verdict reports. …

Danish shipping giant Maersk has reportedly claimed that NotPetya malware, whereby hackers encrypt data and will not release it unless a cryptocurrency ransom is paid, resulted in losses of $378 million to the company.

FedEx subsidiary TNT Express pegged NotPetya losses at $374 million.

The other insurer that has reportedly used “Act of War” provisions to refuse to make NotPetya payout is Zurich, insurer of Mondelez, a large American food company.

Mondelez is now suing Zurich for $100 million. Mondelez says that 1700 servers and 24000 laptops were destroyed in its NotPetya hack.”

Closing Thoughts

At the beginning of 2019, many predictions were made about the growing spread of ransomware, and growing amounts of destructive malware. Those predictions are happening before our eyes.

One year ago, I wrote a blog on the difficult decision that many governments face regarding whether to pay the ransom or not when they are infected – especially if they don’t have adequate backups. I urge tested data backups as an important step to protecting your organization from an attack. Also, prepare for cyber incidents in advance with these helpful tips from NIST.

What is clear is that our ransomware problems are getting worse, and the stakes are getting higher, with more destructive malware being used against critical infrastructure every day.

Your IT Data Might Be At Risk


The cyber security industry is growing as you’re reading this. More specialists join the ranks, more malware is being launched every day than ever before. In 2015, 230,000 new malware sample were recorded daily. Naturally, more resources are being deployed to counter cyber attacks. That’s why I thought it would be helpful to sum up 10 cyber security facts that define the current information security landscape.

Don’t think that hackers are only targeting corporations, banks or wealthy celebrities. They go for individual users like you and me also.

Read the full article at the link above…



Latest Chrome update plugs a zero-day hole

Full Article Text Here:


Google has revealed that the update for Google Chrome, rolled out late last week, addressed a security hole that attackers were already exploiting in the wild.

“Google is aware of reports that an exploit for CVE-2019-5786 exists in the wild,” the company noted in an update on Tuesday after initially releasing the advisory last Friday. Also on Tuesday, a tweet by leading Chrome security engineer Justin Schuh added urgency to the issue: “[Like], seriously, update your Chrome installs… like right this minute”.

The vulnerability that affects the browser in Windows, Mac, and Linux was reported by Clement Lecigne of Google’s Threat Analysis Group on February 27.

The security hole is a “use-after-free” memory corruption bug in the browser’s FileReader API, a browser component intended to enable web apps to read locally stored files. That said, exploitation of the vulnerability can result in more damage than the API’s name might imply. As revealed by a note by the Center for Internet Security (CIS), attackers may ultimately be able to remotely execute arbitrary code on the targeted system:

“Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” reads the note. The zero-day can be triggered when a user is lured to a specially crafted web page.

In light of all that, users are advised to update to Chrome version 72.0.3626.121 if they haven’t done so already. Arguably the easiest way to check if an update is pending is to type chrome://settings/help into the browser’s address bar and, if your browser is indeed out of date, follow the prompts.