Ransomware scourge
Locked-up computer systems not only threat
Ashadowy group of cyber criminals that attacked a prominent nursing organization and Canadian Tire store has successfully targeted other companies with clients in governments, health care, insurance and other sectors.
Posts on their Netwalker “blog” indicate the recent infiltration of cloud-services company Accreon and document company Xpertdoc, although only the College of Nurses of Ontario has publicly acknowledged being victimized.
Experts say Netwalker surfaced about a year ago but its attacks took off in March as the criminals exploited fears of COVID and people working remotely. The ransomware, like similar malware, often infiltrates computer networks via phishing emails. Such messages masquerade as genuine, prompting users to provide log- in information or inadvertently download malware.
Earlier ransomware attacks focused on encrypting a target’s files — putting them and even backups out of reach. Increasingly, attackers also threaten to publish data stolen during their “dwell time,” the days or weeks spent inside an exploited network before encryption and detection.
The intruders promise to provide a decryption key and destroy stolen records if the organization pays a ransom, often based on what the attackers have learned about its finances, by a given deadline.
To underscore the extortion, Netwalker criminals publish tantalizing screen shots of information they have, such as personnel, financial, legal and health records.
“The data in these cases is extremely sensitive,” said Brett Callow, a Vancouver Island- based threat analyst with cybersecurity firm, Emsisoft. “Lots of companies choose not to disclose these incidents, so the individuals and ( third- party) organizations whose data have been compromised never find out.”
In an interview, Richard Brossoit, CEO of Montreal- based Xpertdoc, said this month’s attack was a “little terrifying” at first. Fortunately, he said, damage was limited and no confidential client or personal information was compromised, although some records might be permanently lost.
“Once we were able to isolate the problem and knew it was minimal — that our customers weren’t really affected at all — obviously it was a very big relief,” Brossoit said.
With new computers, his several dozen employees were back up and running within days, he said. Still, Xpertdoc did hire specialists to deal with the cybercriminals.
“We were able to negotiate a very low ransom,” Brossoit said.
Morneau Shapell, one of dozens of potential thirdparty victims, said it accepted Xpertdoc’s assurances no sensitive information had been compromised.
Accreon, which has until the first weekend in October to pay up, would not discuss its situation.
Netwalker did recently publish gigabytes of internal data from a Canadian Tire store in Kelowna, B.C. In response to a query, Canadian Tire Corporation said store computers were hit and authorities were investigating.
The nurses’ college, which angered members by taking more than a week to admit the attack discovered Sept. 8, did say it was getting back on its feet, although some services remained down.
“We share our members’ distress and frustration that this has happened,” college CEO Anne Coghlan said in a statement. “Members can rest assured that we will notify them directly if we identify any risk to individuals.”
The consequences of ransomware can go beyond the financial and reputational. This month, a hospital in Duesseldorf, Germany, was unable to admit a patient for urgent treatment after an apparent cyberattack crippled its IT system, authorities said. The woman died.
This year, the University of California San Francisco paid US$ 1.14 million to regain access to encrypted information on “academic work we pursue as a university serving the public good.”
Lots of companies choose not to disclose these incidents.