It’s all ransomware all the time this week with a spate of damaging attacks in the U.S., U.K. and South America.
Entrust
Exploit: Ransomware
Entrust: Cybersecurity Solutions Company
Risk to Business: 1.877 = Severe
Entrust has fallen victim to a ransomware attack by the LockBit group. LockBit added Entrust to its Tor site last Thursday. The Minneapolis-based provider of payment security solutions confirmed the incident. The company admitted that threat actors had gained access to systems used for HR, finance and marketing, but said there was no evidence that the operation or security of its products and services was impacted.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How It Could Affect Your Business: Ransomware groups have been ramping up operations, with risk up by over 60%.
Practice Resources LLC
Exploit: Misconfiguration
Practice Resources LLC: Medical Billing Service
Risk to Business: 1.687 = Severe
Practice Resources LLC (PRL) is at the center of a ransomware attack that led to a supply chain data breach impacting 26 healthcare organizations. In a filing, PRL declared that 942,138 people had data exposed in the April 2022 incident. The company provides billing and other related services to healthcare providers. PRL declared that it has sent out data breach letters to all affected parties.
Individual Risk: 1.733 = Severe
The information exposed in the attack included patient names, addresses, health plan numbers, dates of treatment, and medical record numbers.
How It Could Affect Your Business Supply chain risk has been a constantly rising risk for businesses as bad actors target service providers.
Valent U.S.A. LLC
Exploit: Ransomware
Valent U.S.A. LLC: Agricultural Chemical Manufacturing
Risk to Business: 1.902 = Severe
Chemical company Valent U.S.A. LLC has filed notices that it experienced a data breach as a result of a suspected ransomware attack. The company revealed that the attack was discovered when employees were unable to access some of Valent’s computer systems and subsequently discovered that files had been encrypted. Valent said that it secured its network and then retained an outside cybersecurity firm to investigate the incident.
Individual Risk: 1.768 = Severe
The company says the breach resulted in the names, Social Security numbers, driver’s license numbers, passport numbers, financial account information, medical information and dates of birth of certain individuals being compromised.
How It Could Affect Your Business: Both the Chemical and Agricultural sectors have been under heavy pressure from bad actors in the last 12 months.
Brasseler USA
Exploit: Ransomware
Brasseler USA: Dental Equipment Manufacturer
Risk to Business: 2.077 = Severe
Brasseler USA has disclosed that it experienced a data breach as a result of a ransomware attack. The company discovered that this incident occurred in June 2022. In July 2022, the company learned that certain files containing sensitive consumer data were compromised. The company says that it reported the incident to law enforcement and then worked with third-party data security specialists to investigate the scope of the cyberattack Brasseler USA is a dental and surgical product manufacturer based in Savannah, Georgia.
Individual Risk: 1.966 = Severe
Breached information varies depending on the individual, but may include an individual’s name, Social Security numbers, driver’s license numbers, passport number, financial account information (including debit card and credit card numbers), medical and insurance information and other information, such as date of birth.
How it Could Affect Your Business: Manufacturing companies have ad it rough as bad actors seek valuable OT and personal data.
The Government of Fremont County, Colorado
Exploit: Ransomware
The Government of Fremont County, Colorado: Regional Government
Risk to Business: 1.684 = Severe
The government of Fremont County, Colorado has been paralyzed by a cyberattack that left employees unable to connect to networks or access email. Local reports say that the Fremont County Administration Building, Garden Park Building, Department of Human Services and Fremont County Sheriff’s Office are closed to the public, although the Sherrif’s Office is still operating. The phone systems for the impacted offices are still working. A spokesperson said that they do not believe that any data was stolen. Efforts are underway to restore services.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business It pays to remember that the most likely vector for ransomware is a phishing message.
Argentina – Judiciary of Córdoba
Exploit: Ransomware
Judiciary of Córdoba: Government Entity
Risk to Business: 1.429 = Severe
New ransomware group Play has hit Argentina’s Judiciary of Córdoba. The government entity was forced to shut down its IT systems last week and its online portal and was left only able to conduct business through old-fashioned paper and pen. The Judiciary confirmed that it was hit by ransomware and engaged with Microsoft, Cisco, Trend Micro, and local specialists to investigate the attack and restore services.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Governments have been popular targets for cybercriminals even when they’re not nation-state aligned.
United Kingdom – South Staffordshire PLC
Exploit: Ransomware
South Staffordshire PLC: Utility Company
Risk to Business: 2.173 = Severe
This week’s most interesting story starts with South Staffordshire PLC. The parent company of South Staffs Water and Cambridge Water confirmed on Monday that it was the victim of a ransomware attack. The Cl0p ransomware gang claimed responsibility but named the wrong water company on its dark web leak site. The group initially said that the victim was Thames Water and not South Staffordshire. Thames Water is the United Kingdom’s largest water supplier, serving 15 million customers in Greater London and other areas on the river that runs through the city. Data posted to the gang’s dark web site includes a spreadsheet of usernames and passwords featuring South Staff Water and South Staffordshire email addresses.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Cybercriminals love to go after utility companies because of the high chance they’ll get paid to avoid service disruptions.
United Kingdom – Holdcroft Motor Group
Exploit: Ransomware
Holdcroft Motor Group: Car Dealerships
Risk to Business: 1.634 = Severe
U.K. auto retailer Holdcroft Motor Group has admitted that it has fallen victim to a ransomware attack that has led to some dire consequences. The company said that the July 2022 attack caused significant damage, resulting in the deletion of data from its servers. Internal investigations revealed that some of the data that was compromised may have contained employee personal information. Holdcroft Motor Group operates nine different dealer franchises across 23 locations in the Midlands and north of England.
Individual Impact: No information about consumer/employee PII, PHI or financial data exposure was available at press time.
How it Could Affect Your Business Paying the bad guys doesn’t mean you’re getting your data back, more than 90% of organizations that pay don’t get all their data back.
1 – 1.5 = Extreme Risk
1.51 – 2.49 = Severe Risk
2.5 – 3 = Moderate Risk
Risk scores for The Week in Breach are calculated using a formula that considers a range of factors for each incident