At a glance.
- Widespread ransomware operation infests thousands.
- British hospital trust accidentally leaks staff data.
Widespread ransomware operation infests thousands.
According to data released by Ransomwhere, a crowdsourced platform that monitors digital extortion attempts, a global ransomware outbreak over the weekend impacted over 3,800 victims. Ransomwhere did not release the names of the organizations that were hit, but Reuters reports that they include the Supreme Court of the US state of Florida and at least a dozen higher learning institutions in the US and EU. While not a particularly sophisticated campaign, the operation, which appears to have exploited a two-year-old vulnerability in VMWare Inc software, was notable for the speed at which it spread.
Patrice Auffret, founder of French internet scanning company Onyphe, explained, "This is nothing unusual. The difference is the scale." The operation was also unique in that it was highly visible. It appears the attackers did little to cover their trail, making the attacks easily traceable by researchers. Florida Supreme Court spokesman Paul Flemming says the impacted network was segmented from the Supreme court’s main system. "Florida Supreme Court's network and data are secure," he stated.
Attempts to contact the hackers responsible yielded no response, but Ransomwhere says the cybercriminals appear to have extorted only a modest $88,000, and many victims were able to restore their data without paying a ransom. Samuli Kononen, an information security specialist at the Finnish National Cyber Security Centre, says the lack of sophistication indicates the wave of attacks were likely carried out by a criminal gang rather than a state-backed entity.
British hospital trust accidentally leaks staff data.
Personal data belonging to approximately 14,000 employees at Liverpool University Hospital Foundation Trust (LUHFT), the largest hospital in Liverpool, England, were inadvertently leaked. The Liverpool Echo reports that a file containing staff members’ personal details including names, addresses, National Insurance numbers, and salaries, was accidentally emailed to hundreds of managers at LUHFT. The incident has been reported to the Information Commissioner and staff were notified via email. James Sumner, the trust’s chief executive, issued an apology, stating, “I’m sorry to report that employees’ personal information has been inadvertently disclosed. A file has been emailed to a number of managers at LUHFT to assist in the day-to-day administration of payroll details as part of the industrial dispute arrangements. The spreadsheet file contained a hidden tab that contained employees’ personal information.” Sumner added that each of the recipients had been contacted to ensure the file had been deleted.