Ransomware Scourge Continues as Essential Services Are Hit

A ransomware attack has infected an unknown number of computers in the Atlanta area, according to local media reports. The incident, which is believed to have affected the region’s 911 emergency dispatch system, began on Friday and continues to plague the area’s network, the Atlanta Journal Constitution said.

Internet service providers (ISPs) have continued to be hit by ransomware — malicious software that locks down computers and demands payment to unlock them — even as the Cyber Intelligence Sharing and Protection Act (CISPA) is debated on Capitol Hill.

Revelations of cyberattacks on transportation systems in New York and Massachusetts raised concerns Wednesday about threats to vital U.S. businesses and services after hackers took the world’s largest meat processor hostage this week. The attack on JBS SA, the world’s largest meat company in terms of sales, posed a threat to the meat supply in the United States after it led to the temporary closure of JBS plants. JBS said most of its plants resumed operations Wednesday and are expected to return to near full capacity Thursday. White House officials said the hack was likely the work of a Russia-based group, and the Federal Bureau of Investigation attributed the attack to REvil, a criminal ransomware group. A ransomware attack disrupted ferry service in Massachusetts on Wednesday. New York City’s Metropolitan Transportation Authority also said Wednesday that it was hit by a hack in April, although the attack did not disrupt operations, including the city’s subway system. In May, the operator of a critical pipeline that delivers gasoline to parts of the East Coast paid about $4.4 million to take over control and operation. San Diego-based Scripps Health said Tuesday that it is still recovering from a cyber attack on Jan. 1. The discovery in May disrupted the patient portal, electronic medical records, radiology and other systems, causing appointments at hospitals and clinics to be canceled or rescheduled. Encouraged by their recent success, hackers have shifted their focus from data-intensive companies, such as retailers, financial institutions and insurance companies, to large public service providers, such as hospitals, transportation companies and grocery stores. This trend is part of a global shift by criminals from data theft to blockchain ransomware operations, with companies demanding payments of millions of dollars to regain control of their operating systems. Pharmaceutical companies, hospitals, the health care industry, government companies, organizations that don’t have the talent and skills to defend themselves – they will be screwed. – Kevin Mandia, CEO of cyber security firm FireEye President Biden said Wednesday that he would closely examine whether to retaliate against Russia for the attacks. The president plans to address the issue of ransomware during the summit with the Russian president. Vladimir Putin in Geneva, which is scheduled for the 16th. June is scheduled, the White House said. Russian officials did not immediately respond to a request for comment. Security experts, whose job it is to help companies and organizations defend against and combat these attacks, warn that things will only get worse from here on out. Pharmaceutical companies, hospitals, the health care industry, public companies, organizations that don’t have the talent and skills to fight back – they get punched in the stomach. Kevin Mandia, said the top executive of FireEye Inc. on Wednesday at a cybersecurity conference hosted by The Wall Street Journal. Officials at the US Department of Homeland Security issued a new warning Wednesday about the importance of protecting against ransomware. The threat of ransomware remains serious. Ransomware can affect any organization in any industry, says Eric Goldstein, executive deputy director for cybersecurity at the Cybersecurity and Infrastructure Protection Agency, which is part of the DHS. All organizations must urgently review their resources and implement best practices to protect their networks from these threats. The profit potential of ransomware, combined with the rise of telecommuting during the Covid 19 pandemic, served as the impetus and vector for the rise of ransomware. Adam Meyers, Vice President of Intelligence at a cyber security firm CrowdStrike Inc. CRWD -0.67%. Companies once considered unlikely targets for data breaches are increasingly in the crosshairs of ransomware. Prior to 2018, hackers targeted data-intensive companies, such as financial services, retailers and insurance companies, but they have shifted their focus because of the financial incentive of ransomware payments. They used to try to make money by using data to steal identities, but ransomware has created an opportunity for industrial-scale hacking and payments that can be made quickly in hard-to-trace cryptocurrencies like bitcoin, security experts say. When ransomware struck the aluminum and energy giant Norsk Hydro AS NHYDY 0,15 in 2019, was a wake-up call for the cybersecurity industry, says David Navetta, cybersecurity partner at law firm Cooley LLP. They hit everyone, he said. Any business that depends on its information technology to deliver goods or services is a target. We see manufacturers, we see chemical companies, we see unconventional targets being hit more often than four or five years ago, he said.

Massachusetts attack disrupts bookings at Steamboat Authority.

Photo: Maddie Meyer/Getty Images The attack in Massachusetts disrupted ticket reservations at the Steamship Authority, the largest operator of ferries that carry passengers and cargo from the mainland to the islands of Martha’s Vineyard and Nantucket. Boats could continue to sail to the two islands, which see an influx of people in the summer, but the ferry company said customers could not book or change car reservations online or by phone. In April, hackers attacked the New York MTA and gained access to three of the 18 computer systems used by the transportation agency, although the hack did not affect passengers, employees or contractors, MTA officials said. The MTA hack was previously reported by the New York Times. According to the MTA, the Department of Health and Human Services’ CISA, the National Security Agency and the Federal Bureau of Investigation notified the MTA of the hack in late April. According to the MTA, the transportation agency was able to patch the vulnerabilities the very next day. According to the MTA, forensic investigations did not reveal any evidence that accounts had been compromised. According to the company, there was no access to employee data and no data was lost as a result of the leak. The hackers also did not ask for money, MTA officials said. As a precautionary measure, the transport company demanded that the passwords of some 3 700 employees and subcontractors be changed. Scripps warned Tuesday that information on more than 147,200 patients had been leaked, including potentially clinical data and driver’s license and Social Security numbers. Ransomware groups crippled dozens of hospitals last fall in a large-scale campaign, and September’s hack cost United Health Services Inc. Sixty-seven million dollars.

Companies exposed to cyber attacks

Other WSJ hacking stories selected by the editors. -James Rundle, Tarini Partee and Paul Berger contributed to this article. Write to Robert McMillan at [email protected], Joseph De Avila at [email protected] and Jacob Bunge at [email protected]. Copyright ©2020 Dow Jones & Company, Inc. All rights reserved. 87990cbe856818d5eddac44c7b1cdeb8