ransomware

Less than three weeks have passed since we released our ransomware-themed newsletter to our subscribers, and we’ve already come across endless new headlines about big-name ransomware attacks. And we all know - when the attacks are big, the ransom prices are high!

These days a big-name ransomware attack can demand Millions, but the total cost is always much higher, with the price of brand damage and remediation boosting losses into the Billions of dollars.

In this post, we’ve rounded up some of the latest ransomware news, featuring high profile companies that fell victim to ransomware attacks.

Already using ThreatSTOP? Make sure to add the Ransomware IP and Domain Target Bundles

to your policy and stay protected against new and emerging ransomware types.

 

Garmin

In late July, the fitness technology giant Garmin was hit with ransomware, forcing the company to shut down its call centers, website, and all customer services. The attack also shut down a service that Garmin uses to synchronize sporting activities, called Garmin Connect, and their aviation database service called flyGarmin. The ransomware, later discovered to be WastedLocker, encrypted Garmin’s internal network and some production systems. The attack is believed to have been carried out by a Russian cybercriminal group dubbed “Evil Corp”, utilizing WastedLocker for its targeted attack capabilities. The cyber gang asked for $10 million as ransom, and although Garmin kept very quiet about the ransom price and payment during the first few days after the attack, it was later reported that Garmin used a ransomware negotiation company to help them settle a payment amount with the attackers. Following the payment, Garmin received a decryption key for their systems and started attack remediation, and bringing their services back online.

 

Telecom Argentina

One of Argentina’s largest Internet Service Providers (ISPs) was also infected with ransomware in July. The variant used in this attack was Sodinokibi, also known as REvil ransomware, which asked for a ransom of 7.5 Million dollars in Monero cryptocurrency, or a price double that size if the company failed to pay within 48 hours. Aside from charging a high price from its victims, this ransomware is also known for pressuring victims in to paying by threatening to release sensitive information obtained from the attack online. Sodinokibi infiltrated Telecom Argentina’s network via a malicious email attachment that was downloaded and opened by one of their employees. The attackers then hijacked an internal Domain Admin and used it to infect over 18,000 devices in the network. The attack on Telecom Argentina disrupted some of its internal systems, and caused the suspension of its customer care services, but luckily, it did not dramatically impair the company’s services. This is the second ransomware attack on ISPs’s by the same cyber gang, who attacked Sri Lanka Telecom earlier this year.

 

Travelex

The ransomware attack on Travelex, the global leader of the cash foreign exchange market, occurred in December of last year, but news about the attack hit headlines again last week as the company went public about the attack’s long-term effects in a press release. Travelex had paid a $2.3 Million ransom almost four months after the attack, to the attacker group that infected them with Sodinokibi (sound familiar?). In addition, they faced damages costing them enormous sums of money, as the incident crippled their customer services for weeks, taking almost three weeks just to get their first customer-facing system live again in the UK. In their press release this month, Travelex stated that the financial damages from the December attack, along with hardships posed by the Covid-19 pandemic, led the company to fire over 1,300 employees.

 

Canon

The tech giant Canon reportedly fell victim to a ransomware attack on July 30. Maze ransomware group claims to be behind these attacks, stating that they have extracted 10 terabytes of data from Canon’s databases. Reports on the incident claim that the attack caused outages across Canon’s main website, email and collaboration platforms, and other internal systems, as well as a temporary suspension of related mobile apps and the online platform. The ransomware threatens to post stolen data if the ransom is not paid, and a few days ago, Maze claimed to have posted about 5% (2.5 gigabytes) of the data it had exfiltrated during the attack. Will Canon pay the ransom to retrieve their files and regain network control? We will just have to wait and see…

 

Become Ransomware-Aware

So what’s happened over the last few years that led ransomware to suddenly pop in to our lives and start wreaking havoc at every turn? What are the different types of ransomware, and how do you make sure you’re protected from the threat?

Find answers to all your ransomware-related questions in our exclusive, new Ransomware Guide.

 

With ThreatSTOP your firewalls and routers will block inbound ransomware attacks and outbound C2 connections automatically, and DNS servers will block the initial DNS requests that precede early infection.

That’s how you beat ransomware.

 

Want to Learn More?

Check us out below to start a 30-day trial, request a demo, or just see what we’re about.