Ransomware Recap – April

Welcome to our April Ransomware Recap! In this monthly series, we discuss a few of the biggest ransomware stories. Let’s jump in.

Cognizant Confirms Ransomware Attack

Fortune 500 company Cognizant has confirmed it was hit by Maze ransomware. Not many details have been released, but the attack has caused service disruptions for some of its clients.

Maze hackers have denied any responsibility. Typically, Maze attackers publish stolen files online if a ransom isn’t paid. No Cognizant data has been published yet.

According to Tech Crunch and Emsisoft ransomware expert Brett Callow, ““That does not mean Maze was not responsible… At some point in the last three weeks, Maze also hit two Manitoba law firms, neither of which has been listed.”

Source: Tech Crunch https://techcrunch.com/2020/04/18/cognizant-maze-ransomware/

Travelex Pays to Regain Network Access After Ransomware Attack

In January of this year, Travelex learned it had fallen victim to a cyber-attack that had lasted six months. Now, the company has paid $2.3 million in bitcoin to regain access to its network. Travelex runs the biggest network of foreign exchange offices and kiosks in the country.

According to CryptoGlobe, “While Travelex had yet to disclose the amount of ransom paid, the WSJ report claims the amount was over $2.3 million in order to regain access to its computer systems. The foreign exchange company originally blamed the attack on the malware Sodinokibi, which publishes stolen data from companies who refuse to pay the ransom.”

Source: CryptoGlobe https://www.cryptoglobe.com/latest/2020/04/travelex-paid-2-3-million-in-bitcoin-following-ransomware-attack/

Brandywine Urology Ransomware Attack Affects 131K Patients

On January 27, Brandywine Urology discovered a ransomware attack on its network that had started two days earlier. A third-party investigation found that this was an automated attack intending to encrypt and extract a financial payment rather than steal data.

According to Health IT Security, “However, it’s still possible patient data was compromised during the attack, including names, contact details, Social Security numbers, medical file numbers, claims data, and other financial and personal information.”

Source: Health IT Security https://healthitsecurity.com/news/ransomware-attack-on-brandywine-urology-impacts-131k-patients

Ransomware Attacks Jump 148% in March

In March, expert analysts saw a huge increase in ransomware attacks compared to February. Hackers are taking advantage of security gaps with many employees working remotely due to COVID-19.

According to SDX Central spikes in attacks have correlated with key COVID dates , “…on March 1, VMware Carbon Black reported another 66% spike on the day the first COVID-19 death was announced in the U.S. And a 49% jump over baseline levels on March 2, when Italy’s COVID-19 cases surpassed 2,000. The spikes continued in the days following when Italy issued a public lockdown and then the World Health Organization (WHO) declared a pandemic.”

Source: SDX Central https://www.sdxcentral.com/articles/news/ransomware-attacks-spike-148-amid-covid-19-scams/2020/04/