Cyber Attack Update - “KillDisk” - December 29, 2016
Within the past 24 hours, Sandworm/Telebots gang activity has been reported regarding KillDisk
ransomware. Formerly targeting SCADA systems in the U.S. in 2014, sharing of tools between
cybercrime gangs brought the Russian Blackenergy cyber-espionage group into the picture,
targeting mining and media companies in the Ukraine for espionage and sabotage, usually
consisting of disk reformatting and data deletion.
Currently, KillDisk is being deployed against Ukrainian banks as a backdoor trojan through phishing
exploits as well as email attachments. However, with this attack the victims’ data is encrypted, only
after substantial data collection ensues prior to the disruption of system files, file replacement, and
revision of file extensions, offering the potential opportunity for detection and prevention of the
ransomware attack utilizing PCC-IT International MSSP tools and services.
The ransom is substantial for this attack, amounting to 222 Bitcoin, or approximately $215,000 USD.
After responding via email to the demand appearing on your screen, and ransom payment, they will
supply the decryption key to recover your files.
Don’t let this happen to you....call us today for more information on our MSSP Cyber Security
services.
Cyber Security Industry Updates and
Commentary
© Copyright PCC-IT International 2018
HIPAA Compliance Breaches Can Be Costly
HIPAA requires all covered healthcare facilities, hospitals, laboratories, and others to perform risk
analysis on a regular basis in identifying data vulnerabilities. This year, numerous healthcare
companies have been fined or had civil judgments as a result of single or multiple breaches of
regulatory requirements. HIPAA guidelines can be found here.
During 2016, the Office for Civil Rights has fined several organizations, including:
- Care New England Health System (CNE) $400,000 for Woman & Infants Hospital of Rhode
Island’s (WIH) loss of ultrasound results backup tapes on 14,004 patients along with insufficient
written business associate agreements between the two organizations
- Advocate Healthcare $5.55 million for three 2013 breaches affecting 4 million individuals, as well
as lack of risk analysis and management, implementation of policies and procedures involving
physical access to electronic information, lack of safeguard implementation by a business associate,
and deficient employee security measures for mobile devices when offsite
- Catholic Health Care Services of the Archdiocese of Philadelphia for 1 unsecured iPhone in the
amount of $650,000
- Cancer Care Group, P.C. $750,000 for the theft of unencrypted backup media from an employee’s
car
- University of Mississippi Medical Center $2.75 million for multiple violations and lack of risk
management measures initiation until after a breach involving 10,000 individuals’ ePHI
(electronically protected health information)
- Feinstein Institute for Medical Research (sponsored by Northwell Health, Inc., formerly known as
North Shore Long Island Jewish Heath System) due to improper disclosure of research participants’
ePHI for $3.9 million
- Lincare, Inc. civil monetary penalties from a summary judgment for $239,000 as a result of a single
employee removing ePHI containing information on 278 patients and leaving it behind when they
moved residences
- New York Presbyterian Hospital $2.2 milion and 2 years of monitoring for impermissible disclosure
of two patients’ protected health information to news media and the lack of appropriate ePHI
safeguards
HIPAA Compliance analysis services are a mandate for healthcare facilities on an ongoing basis in
order to assure that all required measures are undertaken and maintained for all systems, data, and
organizations. Contact us today to find out more about PCC-IT International’s HIPAA Compliance
Services.
Cyber Attack Update
Recent malware attacks have included WildFire masquerading as Hades Locker, leveraging of the
Windows Troubleshooting platform to deliver malware, the Odinaff trojan active in the financial
sector, Asruex shortcut infections, Flash Player threats from DealersChoice (Sofacy origin) and
Android banking malware, EnRoute and DOWNDELPH from Sednit (aka Sofacy), Sarvdap spambot,
the Bitter Pakistan attack, a new version of Hworm, Moonlight attacks against Middle East targets,
phishing attacks from Operation Lotus Blossom, Veil-Framework, and those cloaked as “Brad Pitt
Found Dead”, IRS, Tech Support Hard Drive delete, and Locky. Additional attacks from Sundown
EK and Flying Dragon Eye have recently been reported.
Cyber Attack Update - 2016 Ransomware, Malware, and Non-Malware Attacks
Accelerating At A Rapid Pace - January, 2017
2016 saw a marked increase in various types of attacks on businesses involving a broad cross-section
of industries. According to Carbon Black, ransomware attacks increased by more than 50% over 2015,
and were revealed as the fastest-growing malware across all industries with major victimization increases
in the technology, energy/utility, and financial services industries. Although Locky deployment dominated
the field, accounting for 25% of all ransomware-based attacks, CryptoWall, CrypXXX, Bitman, and
Onion (CTB Locker) followed closely behind. Malware targeted virtually every industry with
manufacturing as the leading target, along with non-profits, and utility/energy companies. Ransomware
generated profits totaling $24 million in 2015 expanding to $875 million in 2016, evidencing the
rapid growth of this industry of illegality.
Non-malware attacks also grew substantially, with 1/3 of organizations surveyed suffering from at least
one severe, non-malware attack. Non-malware attacks often leverage PowerShell and Windows
Management Instrumentation (WMI), designed to maintain a low profile on the systems while
wreaking havoc through data and credential theft, and/or IT environment surveillance. Exploitation of
in-memory access and running applications, including web browser and Office applications is prevalent..
While antivirus programs are a necessary part of cyber defense, most cyber attacks rapidly subvert
this protection, and proceed to cause sometimes irreversible damage. The message for SMB,
as well as enterprise organizations: If you have not deployed 24 hour, 7 day a wekk, year round
monitoring by trained, certified personnel, you are vulnerable to potentially costly intrusion, business
disruption, and data theft.
CALL US TODAY, TOLL-FREE AT 844-PCC-IT-INT (722-4846) to discuss your Cyber Security issues,
and our state-of-the-art Managed Security Services Provider (MSSP) defense packages, each
custom-designed to your orgnaization’s specific requirements.