Costa Rica REFUSES to Pay The Ransom...What Will Happen Next?

This week’s cyber news includes who is getting attacked, the chaos after an attack and who is refusing to pay the ransom.

Thanks to all 1500 subscribers! If you like receiving the cyber news every week, be sure to show your support by sharing the weekly posts. It helps a lot!

‍

188 Flights Delayed

Sunwing passengers were stranded as a result of a breach which took place at one of their external partners; aka 3rd party vendor, Airline Choice. According to Airline Choice, hackers accessed and compromised systems containing data. Many people were told that their flights were delayed. Others were stranded unable to get on a flight. Boarding and check-in features were impacted and it became a nightmare both passengers and Sunwing staff. 188 flights were impacted because of the hack. (CityNews)

Thoughts: I chose this story first for a few reasons; One, it’s a local company, data was comprised (we don’t know exactly how much) and Sunwing’s business disruption was caused by a third party. Risk of third party breaches are now becoming top of mind as we are witnessing often nowadays. Not only should you be mindful of your internal IT risks but those of your external partners who manage and guard your systems.

‍

New FBI Warning of BlackCat Ransomware

BlackCat is an organization offering ransomware-as-a-service who emerged last November. They are responsible for attacking over 60 entities worldwide. Yes, that means 60 attacks in about a 4 month span!

“Also called ALPHV and Noberus, the ransomware is notable for being the first-ever malware written in the Rust programming language. Rust offers type safety and memory safety and can be optimized for increased performance.”

The FBI is issuing a warning.

“As recommendations, the FBI is urging organizations to review domain controllers, servers, workstations, and active directories for new or unrecognized user accounts, take offline backups, implement network segmentation, apply software updates, and secure accounts with multi-factor authentication.”

Thoughts: If you need help backing up data, let me know.

‍

Farmers Getting Cyber Attacked

To create the most chaos and urgency, hackers are victimizing farmers to disrupt their precious grain production. If they do succeed, this could impact the entire food chain. Two farmers have already been attacked this year. (ABC30)

Thoughts: I thought gas prices increase was bad… Wiping out or interrupting the grain supply is worse!

‍

Ukraine’s Postal Service Hacked Last Friday

Last Friday, Ukraine’s new postage stamp went for sale. It’s an image of a soldier making a crude gesture to a Russian Warship. The stamp emerged after one of Russia’s ships sank. Still today, there is debate on how the ship sunk. (reuters) Nonetheless the Ukraine Postal Service is dealing with a DDoS (distributed denial-of-service) attack and attempting to restore service to it’s users. I wonder who attacked them?

Thoughts: Every week, I bring you the news and this is the news. Unfortunately, the war is still going on between Ukraine and Russia. And in this day and age the war is not only on land, sea and air, A dangerous cyber war is also being fought.

‍

Three emergency Google Chrome security updates in three weeks

“Google issued yet another emergency security update for all 3.2 billion users of the Chrome web browser. The third such update, which discloses a single high-severity vulnerability, to be rushed out in three weeks. This one is a zero-day vulnerability: one that Google has confirmed is already being exploited by attackers.” (Forbes)

Thoughts: I didn’t know about this! Tell everyone!

‍

Costa Rica Refuses To Pay The Ransom

It’s a week since the government of Costa Rica got hacked and they still refuse to pay the ransom. They are bracing for documents to appear online on the Dark Web. The Conti Gang (we spoke about last week) is claiming responsibility for the attack. How is this affecting Costa Rica and its citizens? Tax collection, importation, exportation and customs are all being impacted.

“On Friday, Conti’s extortion site indicated it had published 50% of the stolen data. It said it included more than 850 (GB) gigabytes of material from Finance Ministry and other institutions’ databases. “This is all ideal for phishing, we wish our colleagues from Costa Rica good luck in monetizing this data,” it said.” (Infosecurity)

Thoughts: Hackers hit where it hurts. And although this will affect Costa Rica greatly, I’m glad they didn’t pay the ransom because I don’t think it would have improved the situation in the short and long term. This will deter ransomware gangs from their criminal activities.

‍