Some Ransomwares Attacks of Month October 2020

Last month October set a record with a tremendous many attacks recorded yet. An attack affected Covid-19 trials and ended the month with warnings that hospitals across the US were under serious attack from the Ryuk ransomware gang when we started the month.

  • On 5th Oct the first attack of the month was recorded at Philadelphia based eResearchTechnology (ERT), their clinical trials being run to develop tests, a vaccine for COVID-19 and treatments but a ransomware attack disrupted.
  • Next one was a privately owned insurance broker of the UK, who stands in second position in the market and headquartered in Jersey as Ardonagh Group. As reports said, there was pressure on the firm to suspend 200 internal accounts with admin privileges as the incident progressed through its IT estate. The firm did not confirm any specifics, but they didn’t deny that the attack was ransomware.
  • Customs broker and freight forwarder Texas based Daniel B. Hastings was next. U. S. -Mexico cross-border shipments specialized company didn’t comment on the attack, the exfiltrated company files were posted online from the Conti ransomware gang.
  • In Georgia the Hall County Government was the next victim. Even officials neither release details of how the attack happened, nor what was being done to resolve it, government offices, including community centers, courthouse, and the sheriff’s precincts were experiencing issues with phone and email services. It disclosed that no employee or resident data had been compromised.
  • Up next is the first education attack of the month. With over 4500 employees, 25000 students and 60 schools, the Springfield Public School district is the third largest school district in Massachusetts. The district shut down all the systems when the attack was identified and closed the schools to prevent spread of the attack.
  • Clop ransomware gang who demanded more than $20 million targeted Software AG, one of the largest software companies in the world. When the Software AG company and the Clop ransomware gang failed in negotiations, then the Clop gang published screenshots of the company’s data on the Dark Web, the screenshots showed directories, employee emails, employee’s passport and ID scans and financial documents from the company’s internal network.
  • US trucking company Daseke became a victim of the Conti ransomware gang next. Thousands of internal documents exposing the personal information of their drivers and other sensitive data was posted to the Dark Web. Texas-based Daseke declined to offer further information as the investigation into the attack continues.
  • Next to fall victim was The City of Mount Pleasant in Michigan. A remote ransomware attack was detected on the city’s computer and phone systems, according to a press release. An investigation was conducted by the Michigan State Police and it’s not thought that any personal data had been breached.
  • Facilities services provider Spotless Group, an Australian based company was the next company to hit the headlines when a number of their servers were compromised in a ransomware attack. They combine other large companies of Australia including Lion, Toll Group, Regis Healthcare and BlueScope as 2020 victims of ransomware.
  • Yazoo County School District in Mississippi was next targeted by the ransomware attackers. The school took its IT systems offline and engaged a cybersecurity firm to help recover data encrypted by threat actors, after the attack. The school board agreed to pay a big amount $300000 to recover the data that was encrypted by malware.
  • Seyfarth Shaw, a leading global legal firm revealed that they had become a victim of a sophisticated and aggressive ransomware attack. It’s unknown yet who was behind this attack and the extent of the incident.
  • Crytek an German based game developer suffered an attack at the hands of the Egregor ransomware gang. In addition to encrypting the devices, the gang claims they have stolen unencrypted files from Crytek and have leaked a 380MB archive on their data leak site.
  • Toledo Public Schools (TPS) next report an incident. In September the district confirmed that a cyberattack had occurred, but they were unaware that data had been compromised. Maze ransomware was responsible for the attack and more than nine gigabytes of data were dumped which included addresses, social security numbers and for employees as well as former and current students.
  • Haldiram’s India based snacks manufacturer faced a ransomware attack on its servers. Ransomware attackers sent a message on all affected services, confirming it was a ransomware attack and that all data, applications, files and systems had been encrypted and a ransom would have to be paid to release the data.

IT system has been compromised by ransomware announced by The City of Shafter in California. They revealed that the city’s IT system appeared to be frozen and locked, In an Instagram post. Any personal information is not obtained, that is not believed, according to the city and in a follow up post they revealed that they had hired a privacy legal counsel and a forensic investigation firm to determine if any personal information had been compromised.