At a glance.
- PwndLocker ransomware hits cities and businesses with a threat to expose sensitive data.
- Prince Edward Island adds a data breach warning to its ransomware disclosure.
- Simon Fraser University suffers data breach.
- Walgreens says its messaging app may have exposed prescriptions.
- Free Wi-Fi in British rail stations exposed traveler data.
PwndLocker ransomware jumps on the info-stealing bandwagon.
The PwndLocker strain of ransomware, which is known to have hit both LaSalle County, Illinois, in the US and the Serbian city of Novi Sad, has been active since late in 2019. Lately, according to BleepingComputer, the ransomware operators have distinguished themselves by demanding a bigger than usual payoff--between $175,000 and somewhere north of $660,000, payable, naturally, in Bitcoin, with the amount depending on the size of the network. The extortion notes that accompany the attacks are fairly routine in their content: pay us, or we'll destroy the decryption keys and your data will be forever lost to you (and contact our help desk for assistance in paying up). Act now, they say--you've got just one month to come to your senses and do business with them. The hoods do add, as a by-the-way, "We also have gathered your sensitive data. We would share it in case you refuse to pay."
Prince Edward Island says its recent ransomware attack also involved a data compromise.
The Canadian Province's recent incident was apparently worse than simple ransomware, CBC reports. Prince Edward Island authorities are warning citizens that some personal information was apparently exfiltrated during the weekend attack, and that the government will soon be notifying those affected. "As stewards of Islanders' personal information, continued protection is of the utmost importance, as is limiting the impact of this event to those personally affected," the official statement said.
Simon Fraser University discloses a data breach.
Elsewhere in Canada, British Columbia's Simon Fraser University has said that it detected a data breach on February 28th. The university posted a letter yesterday warning those affected, a group that includes, the Georgia Strait writes, "faculty, staff, students, alumni, and retirees who joined the university before June 20, 2019." They're being advised to change their passwords for university computing services, although the university says it has no indication that any accounts were compromised. What did get exposed was data, specifically "Computing IDs; SFU student or employee ID numbers; first, last, and preferred names; birthdates; employee groups; mail list memberships; course enrollment; external email addresses; web form data; and encrypted passwords." This is extensive enough to warrant assuming that a fair amount of remediation beyond a password reset may be in order. The university has reported the incident to British Columbia's Office of the Information and Privacy Commissioner. Users apparently took the advice to reset their passwords seriously. Simon Fraser University says that, due to unusually heavy traffic yesterday, their password reset page was swamped and may have been unavailable to some users.
Buggy messaging app may have exposed pharmacy customers' prescriptions.
Walgreens, the large US pharmacy chain, has warned customers that "an internal application error [in the company's messaging app] allowed certain personal messages from Walgreens that are stored in a database to be viewable by other customers using the Walgreens mobile app." Among the data that could in principle have been exposed were customers' first and last names, prescription number and drug name, store number, and, where applicable, shipping address. The company is investigating and working on a fix for the app. As an interim measure it's disabled the message viewing feature.
Free Wi-Fi (and worth every penny).
Actually, our heading is a little unfair. Let those among us who've never used free Wi-Fi while travelling cast the first stone. Still, it's notoriously risky, even if it's a risk a lot of us accept. The BBC reports that Network Rail and C3UK have confirmed that an unsecured Amazon Web Services database exposed the information of about ten-thousand travelers passing through Harlow Mill, Chelmsford, Colchester, Wickford, Waltham Cross, Norwich, London Bridge, and possibly other stations. The operators say they've now secured the database, and that, because after all as far as they can tell nobody actually saw the data, they haven't reported the incident to the Information Commissioners Office.