At a glance.
- Psychotherapeutic data stolen in extortion scheme.
- US voters prospected in phishing scams.
- Ransomware hits ski resort.
Finnish psychotherapy patient data leaked.
Finnish psychotherapy center Vastaamo suffered a patient data breach this week, reports Yle Uutiset, and the attacker is holding the information ransom for nearly half a million euros. The center confirmed that this is the second time their information systems have been hit, as a previous attack occurred in November 2018. Referring to himself as “ransom_man,” the operative has already leaked the confidential information of three hundred patients on a Tor website, and he is now blackmailing additional patients, emailing them directly and demanding bitcoin payments. The center has not confirmed how many patients were affected, but thousands have filed criminal reports as a result of the breach. The Finnish government has been alerted and officials have recommended ways the affected patients can seek support, including a crisis hotline.
We received comment on the incident from industry sources who found themselves in substantial agreement with Finnish President Niinistö's assessment of the attacks as "especially cruel." Brian Higgins, security specialist with Comparitech wrote:
“This is an appalling attack on some incredibly vulnerable individuals and it beggars belief that, whilst the data may have been stolen as long ago as 2018 with Vastaamo allegedly refusing to pay ransoms to prevent its release, none of the potential victims appear to have been made aware of any existing threat until they were contacted by the criminals themselves. The moral bankruptcy of a perpetrator who is willing to extort money by threatening to release highly personal information from confidential therapy sessions is both disgraceful and disturbing in the extreme and I’m not sure how the offer of a further session, free of charge or not, is supposed to help those currently under attack by ‘the ransom guy’. This incident offers a sober lesson indeed that it is so very important to understand how your personal information will be used, stored and retained by any and all organizations you choose to share it with. The Finnish authorities are right to call this situation ‘exceptional’ and one can only hope Vastaamo will be suitably called to account once the full circumstances are established.”
US voters fall prey to phishing scams.
With the US presidential election just over a week away, threat actors are taking advantage of voter registration anxiety with a phishing campaign, reports ZDNet. Similar operations have been identified over the past few months, stealing personal data from victims under the guise of collecting voter registration information. Currently, the attackers are posing as the US Election Assistance Commission in order to lure victims to fraudulent webpages mimicking legitimate government sites. Playing on voters’ desperation in the final hour, the recent scams have grown even more audacious; in addition to asking for the typical data like contact info and social security numbers, this operation is also requesting banking info and vehicle identification numbers, claiming the data is necessary to send the victim “stimulus” funds. Security firms KnowBe4 and Proofpoint say the attacks are consistent with the well-known activities of criminal groups that have also taken advantage of the COVID-19 pandemic.
Ski resort hit by ransomware attack.
This is the peak season for reserving a ski vacation, but travelers will be out of luck if hoping to book through Boyne Resorts. The US ski and golf resort operator, which manages properties in popular destinations like Big Sky, Montana and Sugarloaf, Maine, has been attacked by Russian ransomware WastedLocker, reports Bleeping Computer. Boyne has not yet officially disclosed the attack; Bleeping Computer was contacted by an anonymous source claiming to be an employee. Boyne has shut down all reservation processes in order to curb the spread of the malware. Complicating things further, WastedLocker is operated by Russian cybercrime group Evil Corp, which was sanctioned by the US Treasury Department in December 2019. If Boyne chooses to pay the requested ransom they could be violating sanction laws. Ransomware attacks are under increased scrutiny, as the Treasury Department's Office of Foreign Assets Control recently tightened their stance on penalizing companies who negotiate with sanctioned entities.
We received some perspective on what this sort of attack means for the travel sector from Jayant Shukla, CTO and co-founder of K2 Cyber Security:
"This latest ransomware attack on the Boyne Resorts adds to the many attacks on the travel industry, which last year became the second most targeted sector by cyber criminals, behind only financial organizations.
"Travel and leisure firms cannot operate without a web presence. Travelers want to see where they will stay, need quick access to resort websites for trouble-free booking and confirmations, and rely on the company to ensure their data and payment methods remain private. This makes the travel industry a highly attractive target.
"Ransomware can stem from a number of sources, including phishing campaigns as well as exploited vulnerabilities in applications. The travel industry needs to remain vigilant in their security, not only using phishing detection and training employees to recognize phishing, but also making sure they have defense in depth for all of their applications, data, and assets that are internet- facing. This includes making sure their devices and software are up to date and patched, and having security in place for their applications. Equally important, organizations need to make sure they vet the security of the many partners and third party organizations that they depend on, as thoroughly as they vet their own security infrastructure."