Last Week in Ransomware: 11.18.2024
Last week in ransomware news we saw Halliburton post a $35M loss from ransomware attack, MOVEit exploit data leaked from 1000+ companies, and ransomware Attacks increasing 68% in H1-2024...
Halliburton: $35 Million Loss from Ransomware
In August 2024, Halliburton, a global energy services firm with over 48,000 employees, reported a $35 million loss following a ransomware attack that forced it to shut down parts of its IT systems, leading to temporary client disconnections.
According to an August 23 SEC filing, the breach allowed unauthorized access to Halliburton’s network, prompting the company to take swift action to minimize disruptions. The RansomHub ransomware group later claimed responsibility, though the extent of stolen data remains under investigation.
Despite the breach, Halliburton projected no long-term financial impact, noting only a minor earnings impact of $0.02 per share in its Q3 report. The company reassured stakeholders that cash flow projections and shareholder returns would remain unaffected. ?
However, leaked data could lead to legal costs and reputational harm, underscoring the evolving risks tied to data exfiltration in ransomware attacks.
Modern ransomware tactics have shifted beyond file encryption to data theft, leveraging the threat of exposure for extortion. To counter this, organizations must adopt robust detection, early threat interception, and compliance with breach laws. ?
This proactive stance reduces operational and reputational risks, reinforcing resilience against the mounting legal and regulatory challenges of cyberattacks.
MOVEit Exploit: Data Leaked from 1000+ Orgs
A recent data leak by an entity called Nam3L3ss has exposed extensive employee information from global corporations due to a vulnerability in MOVEit, a widely used file transfer software. ?
Known as CVE-2023–34362 , this flaw allowed attackers to bypass security, resulting in large-scale data exfiltration from sectors like finance, healthcare, and retail. ?
Employee directories from 25 major companies, including Amazon, MetLife, and HSBC, were compromised, revealing sensitive details like names, emails, phone numbers, department codes, and hierarchical structures. Such information heightens the risk of phishing, identity theft, and social engineering.
The authenticity of the data has been verified by cybersecurity researchers who matched leaked emails with LinkedIn profiles. This breach's public disclosure by Nam3L3ss on a cybercrime forum has highlighted potential gaps in corporate defenses, urging companies to act on their vulnerabilities. ?
While CL0P ransomware group has previously exploited MOVEit, it remains unclear if they, affiliates, or Nam3L3ss solely executed this attack.
This incident underscores a trend where attackers prioritize data theft over ransomware, exploiting vulnerabilities for easier data extraction rather than encryption. The availability of leaked data introduces security risks, especially for companies unaware of their exposure. ?
Public companies may face increased regulatory scrutiny, particularly under new SEC rules requiring timely breach disclosures. Today’s threat landscape complicates corporate security with potential regulatory penalties and lawsuits, intensifying accountability for executives. ?
Organizations must strengthen cybersecurity and regulatory response strategies to mitigate the twin threats of cyberattacks and legal repercussions, prioritizing transparency and resilience in breach response to protect both sensitive data and stakeholder trust.
Ransomware Attacks Increased 68% in H1-2024
Coalition's 2024 Cyber Claims Report highlights a notable shift in ransomware dynamics, with a decrease in attack frequency but a marked increase in severity. ?
From January to June 2024, smaller businesses (under $25 million in revenue) saw a 4% drop in claim frequency, averaging $73,000 per incident. However, claims among larger companies ($100 million+ revenue) surged, with average losses escalating to $307,000—an increase of 140%. Ransomware incidents reached an average cost of $353,000, reflecting a 68% increase in attack severity.
Healthcare faced a 134% uptick in attacks compared to early 2023, despite a 32% decline in incidents targeting large healthcare providers. High-profile breaches, including those at Change Healthcare and CDK Global, disrupted key sectors. ?
Meanwhile, Play and Blacksuit ransomware groups set record demands of $4.3 million and $2.5 million, respectively, as law enforcement efforts weakened the dominant LockBit group.
Ransomware comprised 18% of all claims, behind business email compromise (32%) and fund transfer fraud (27%). The report noted that AI-driven attacks contributed to a rise in email compromise claims, though their severity decreased by 30%.
With ransom demands frequently surpassing $1 million, attackers are increasingly targeting larger organizations. The report underscores the need for strong defenses as ransomware continues to exploit software vulnerabilities, imposing costly recovery expenses, regulatory fines, and reputational damage on affected organizations.
Attack on BBS Financial Included Data Breach
On November 11, 2024, BBS Financial, LLC reported a data breach to the Maine Attorney General following a ransomware attack compromising sensitive consumer data, including names, addresses, Social Security numbers, government IDs, and financial account information. ?
The breach, discovered on January 29, 2024, involved attackers exfiltrating data and demanding a ransom to prevent its public release. In response, BBS shut down its systems, enlisted cybersecurity experts, and eventually paid the ransom. While BBS received confirmation of data deletion, the risk of future misuse remains uncertain.
BBS initiated a comprehensive review of compromised files, identifying affected individuals and notifying them via letters sent on November 11, 2024. The breach also involved potentially sensitive health information and billing codes, highlighting the depth of compromised data.
Modern ransomware attacks often involve data exfiltration, adding pressure on victims to pay ransoms even if they can restore systems independently. However, paying does not ensure that data won’t be misused or disclosed, exposing organizations to further risks. ?
Sensitive exfiltrated data can trigger regulatory oversight, lawsuits, and fines, especially when involving regulated information like financial or health data.
The Securities and Exchange Commission’s new rule requires publicly traded companies to disclose material security events within four days. This regulation, effective since December 2023, intensifies pressure on organizations to disclose breaches quickly, often before investigations conclude. ?
Incomplete disclosures may damage public trust, subjecting companies to potential regulatory penalties and investor lawsuits, and highlighting the complex challenges facing cybersecurity and compliance leaders amid evolving ransomware threats.
Halcyon.ai is the only cybersecurity company that eliminates the business impact of ransomware. Modern enterprises rely on Halcyon to prevent ransomware attacks, eradicating cybercriminals’ ability to encrypt systems, steal data, and extort companies – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile , and check out the Recent Ransomware Attacks resource site.
SENIOR SALES ENGINEER, MIDDLE EAST & TURKEY. at Cybereason
4 天前Very helpful