Two major Las Vegas casinos, Caesars Entertainment and MGM Resorts, fell victim to a ransomware attack in 2023 orchestrated by the Scattered Spider crime gang. Caesars chose to pay the ransom, experiencing a seemingly smoother recovery, while MGM opted against payment, enduring a week of disruptions, $100 million in losses, and data leaks. The differing outcomes shed light on the complexities of the decision to pay or not pay a ransom, considering ethical dilemmas, varied impacts, and factors influencing the choice. (theregister.com)
What’s important about this? Well:
Ethical Dilemma: Paying a ransom has broader ethical implications, as it may perpetuate ransomware and fund criminal activities.
Differing Outcomes: The contrasting experiences of Caesars and MGM suggest that the decision to pay may not guarantee a less painful recovery.
Visibility Challenges: Limited insight into each company's security hygiene, strategy, and network architecture makes it challenging to draw direct comparisons.
My Thoughts: Caesars' swift recovery post-payment doesn't diminish the imperative of robust defenses. The focus must shift from negotiation tactics to addressing systemic vulnerabilities. Organizations need to prioritize fortifying hardware (internal and the perimeter), software, and implementing robust backup strategies. Legal consequences, particularly in the context of sanctions, make paying ransoms a risky proposition. Efforts to disrupt the ransomware ecosystem are commendable, but sustained collaboration and innovation are essential for a genuinely secure cyber landscape.
Why does it keep happening? High profile attacks like these make the news, but there are thousands of other victims out there.
Are you facing the same issue? Book some time in my calendar. I’m here to have a serious conversation with you.
On Christmas Eve, the Ohio Lottery fell victim to a cyberattack by a seemingly new gang; DragonForce ransomware gang, resulting in the shutdown of critical systems. Services such as mobile cashing and prize claims above $599 at Super Retailers were affected, with the attackers claiming to have encrypted devices and stolen sensitive data, including Social Security Numbers and dates of birth of over 3 million Ohio Lottery customers and employees. (bleepingcomputer.com)
My Thoughts: This incident goes beyond the usual playbook. The scale of the data breach is staggering – over 3 million entries, each containing Personal Identifiable Information. This isn't child's play; it's a stark reminder that sophisticated ransomware tactics demand a tailored defense especially if hosting and managing personal data. The 600+ gigabyte data leak claim isn't just a number and proves not a lot of data needs to be breached to cause a lot of damage.
Protecting data, any type of data is a serious responsibility. To address and prevent such attacks, enterprises must focus on:
1. Advanced Threat Detection Systems
2. Regular System Audits
3. Data Encryption and Segmentation
4. Employee Training Programs
5. Backup and Recovery Protocols
6. Zero Trust Network Architecture
7. Incident Response Plan
As IT professionals, the challenge is clear – Strengthen your defenses, improve threat detection, and guard against the ever-evolving strategies of cyber adversaries.
Assurance IT is here to guide you through the process; the entire way through.
On Christmas Eve, a cybercriminal event named "Leaksmas" unfolded on the Dark Web, with multiple threat actors releasing substantial data leaks. Resecurity, a global cybersecurity firm, reported over 50 million records containing personally identifiable information (PII) of consumers worldwide being exposed. The potential financial damage is immense, and the intricate connection between personal data and digital identity makes mitigation challenging. The leaks, tagged as 'Free Leaksmas,' were generously shared among cybercriminals, leading to heightened risks for victims globally. The impact includes account takeovers, business email compromises, identity theft, and financial fraud, affecting individuals across various countries. (securityaffaires.com)
How do you know if your data was exposed? Is your enterprise safe?
My Thoughts: The "Leaksmas" event is a further reminder of the relentless nature of cyber threats, especially during festive seasons. This attack impacted individuals from several large countries, begging the question if an international / joint effort will emerge to further protect citizens. Beginning with government enforcement through tough legislation, enterprises must increase defenses with robust encryption, advanced threat detection, strict access controls, and continuous monitoring. Employee education on phishing and stringent authentication is non-negotiable. Invest in threat intelligence and collaborate to stay ahead. Maintain a comprehensive incident response plan for swift, effective action. No excuses for lapses; cybersecurity demands relentless vigilance and proactive measures.
Need help getting started? Not sure what your mid-sized enterprise needs first? Ask me.
A Lockbit ransomware attack targeted the German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO), causing service disruptions at three hospitals. The attack, occurring on Christmas Eve, led to the specifically encrypted data being compromised. In response, KHO shut down affected systems to prevent further spread. While the extent of the damage remains undisclosed, the interruption of medical emergencies raises serious concerns for the local population. The hospital organization initiated a crisis team, and security measures are underway to secure data. Patient care continues with slight technical restrictions, emphasizing the critical nature of cybersecurity in healthcare. (securityaffaires.com)
Healthcare institutions are very attractive targets for bad actors. So many entry points, so much data to breach including tons of PII data.
My Thoughts: The hospital's ability to quickly set up a crisis team and keep operating (albeit in a minimal capacity) is indicative of executing an incident response plan. Swift response and situation management is essential in the recovery process after an attack. The Lockbit gang's audacious move demands a relentless pursuit of accountability and heightened vigilance across the healthcare sector. Why does it keep happening in the public sector?
Implementing a Zero Trust architecture could significantly enhance the resilience of organizations, especially in scenarios like the Lockbit ransomware attack on the German hospital network KHO. In a Zero Trust model, trust is never assumed, and verification is required from everyone, whether inside or outside the network.
Listen to our podcast episode about Zero Trust where we have an honest conversation with an industry expert around the framework.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.