•   
  •   
  •   

World Ransomware hits AXA units in Asia, Irish healthcare

10:30  18 may  2021
10:30  18 may  2021 Source:   msn.com

Ransomware gangs get more aggressive against law enforcement

  Ransomware gangs get more aggressive against law enforcement RICHMOND, Va., (AP) — Police Chief Will Cunningham came to work four years ago to find that his six-officer department was the victim of a crime. Hackers had taken advantage of a weak password to break in and encrypt the files of the department in Roxana, a small town in Illinois near St. Louis, and were demanding $6,000 of bitcoin. “I was shocked, I was surprised, frustrated," Cunningham said. Police departments big and small have been plagued for years by foreign hackers breaking into networks and causing varying level of mischief, from disabling email systems to more serious problems with 911 centers temporarily knocked offline.

BANGKOK (AP) — The Thai affiliate of Paris-based insurance company AXA said Tuesday it is investigating a ransomware attack by Russian-speaking cybercriminals that has affected operations in Thailand, Malaysia, Hong Kong and the Philippines.

FILE - In this Feb. 21, 2019, file photo, people stand in front of the logo of AXA Group prior to the company's 2018 annual results presentation, in Paris. The Thai affiliate of Paris-based insurance company AXA said Tuesday, May 18, 2021 it is investigating a ransomware attack by Russian-speaking cybercriminals that has affected operations in Thailand, Malaysia, Hong Kong and the Philippines. (AP Photo/Thibault Camus, File) © Provided by Associated Press FILE - In this Feb. 21, 2019, file photo, people stand in front of the logo of AXA Group prior to the company's 2018 annual results presentation, in Paris. The Thai affiliate of Paris-based insurance company AXA said Tuesday, May 18, 2021 it is investigating a ransomware attack by Russian-speaking cybercriminals that has affected operations in Thailand, Malaysia, Hong Kong and the Philippines. (AP Photo/Thibault Camus, File)

Meanwhile, a cyberattack on a public health provider in New Zealand took down information systems across five hospitals, forcing staff to cancel some elective surgeries and creating all sorts of other problems.

AXA pledges to stop reimbursing ransom payments for French ransomware victims

  AXA pledges to stop reimbursing ransom payments for French ransomware victims One of Europe’s biggest insurers is now suspending policies in France that reimburse victims for ransomware payments. The best cyber insurance

In Bangkok, Krungthai AXA said it has formed a team with AXA's Inter Partner Assistance to urgently investigate the problem. It was unclear how long it might take to evaluate the exposure of personal data after the criminals claimed to have stolen 3 terabytes of data including medical records, customer IDs and privileged communications with hospitals and doctors.

Kanjana Anantasomboon, Asia vice president for corporate and internal communications at Krungthai-AXA Life Insurance, said the company handles some of its services inhouse, so only part, she declined to say how much, of its customer data was with Inter Partner Assistance’s claim service.

Other AXA affiliates in the Phlippines, Malaysia and Hong Kong did not respond to requests for comment.

Ransomware attack on healthcare admin company CaptureRx exposes multiple providers across United States

  Ransomware attack on healthcare admin company CaptureRx exposes multiple providers across United States Faxton St. Luke’s Healthcare in New York, Randolph, VT-based Gifford Health Care and Thrifty Drug Stores are just a few of the victims.At least three healthcare-related institutions -- including UPMC Cole and UPMC Wellsboro in Pennsylvania, Lourdes Hospital and Faxton St. Luke's Healthcare in New York, Gifford Health Care in Randolph, Vermont and a number of Thrifty Drug Stores -- have reportedly had the health information of customers or patients exposed and stolen in the breach.

AXA Partners, the Paris insurer’s international arm, has given few details. It said Sunday that the full impact of the attack was being investigated and that steps would be “taken to notify and support all corporate clients and individuals impacted.” It said the attack was recent, but did not specify when exactly. It said data in Thailand was accessed.

In New Zealand, Waikato District Health Board Chief Executive Kevin Snee said its emergency department was now only taking urgent patients. He said administrators were working to resolve the issue but he gave no timeline for when the system might be restored.

Dr. Deborah Powell, the national secretary for two unions representing doctors and other health professionals, said the attack hit every part of the operation, with doctors unable to access clinical records to quickly assess patients.

Still, Powell said she didn’t believe patients were at extra risk because staff were using workarounds.

Colonial Pipeline ransomware hack and gas shortage: What you need to know

  Colonial Pipeline ransomware hack and gas shortage: What you need to know A weekend shutdown of the pipeline is still playing out along the East Coast.Colonial Pipeline was the target of a ransomware attack that forced it to shut down operations.

Hospital discharges were being done by hand, and a pager system to alert multiple doctors when a patient suffered a cardiac arrest that was down was replaced by a system of personal mobile numbers. People trying to contact patients were encouraged to try calling their cell phones.

Powell said she was told it was a ransomware attack but she didn’t have all the details. New Zealand’s Ministry of Health described it only as an “attempted cyber incident.”

It was unclear if the event was linked in any way to others, including a cyberattack that has nearly paralyzed Ireland's national healthcare IT systems. Conti, a Russian-speaking ransomware group different from the one involved in the attack on AXA, was demanding $20 million, according to the ransom negotiation page on its darknet site, which The Associated Press viewed.

That gang threatened Monday to “start publishing and selling your private information very soon.”

The Irish government's decision not to pay the criminals means hospitals won't have access to patient records — and must resort mostly to handwritten notes — until painstaking efforts are complete to restore thousands of computer servers from backups.

Opinion: The failures that led to the Colonial Pipeline ransomware attack

  Opinion: The failures that led to the Colonial Pipeline ransomware attack Arun Vishwanath writes that last week's Colonial Pipeline cyberattack could've been stopped. As ransomware attacks have become more frequent, Vishwanath says these incidents call for improving national and international law enforcement efforts and fixing the user problem rather than focusing solely on technology.By now, we have all heard about last week's Colonial Pipeline ransomware attack that caused a shutdown of the 5,500-mile pipeline responsible for carrying fuel from refineries along the Gulf Coast to New Jersey. The disruption led to stranding gasoline supplies across half the East coast, raising gas prices at the pump and to some states preemptively declaring an emergency.

News of the Asia attack was first reported by the Financial Times. The attackers used a ransomware variant called Avaddon. Avaddon threatened to leak “valuable company documents” in 10 days if the company did not pay an unspecified ransom.

So-called “big-game” hunters like Avaddon and Conti identify and target lucrative victims, leasing their “ransomware-as-a-service” to affiliates they recruit who do most of the heavy-lifting — taking more risk and a higher share of the profits.

AXA, among Europe’s top five insurers, said this month that it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. It said it did so out of concern that such reimbursements encourage cyber criminals to demand ransom from companies they prey on, crippling them with malware. Once victims of ransomware pay up, criminals provide software keys to decode the data.

Ransomware attacks returned to headlines this month after hackers struck the United States’ largest fuel pipeline, the Colonial Pipeline. The company shut it down for days to contain the damage.

Last year, ransomware reached epidemic levels as criminals increasingly turned to “double extortion,” stealing sensitive data before activating the encryption software that paralyzes networks and threatening to dump it online if they don't get paid.

That appears to be what happened to the AXA subsidiaries and Ireland's health care system.

The top victims of ransomware are in the United States, followed by France, experts say. The extent of damage and payouts in Asian countries is unclear. Like most top ransomware purveyors, Avaddon's ransomware is programmed not to target computers with Russian-language keyboards and enjoys safe harbor in former Soviet states.

Conti also enjoys Kremlin tolerance and is among the most prolific of such gangs. It recently attacked the school system in Broward County, Florida, which serves Fort Lauderdale and is one of the largest U.S. school districts.

___

Perry contributed from Wellington, New Zealand. Elaine Ganley in Paris and Frank Bajak in Boston also contributed to this report.

After just 9 months, Darkside ransomware gang brings in $90 million in Bitcoin .
The cryptocurrency was sourced from 47 different wallets, according to research from Elliptic. Ransomware: An executive guide to one of the biggest menaces on the web

usr: 1
This is interesting!