Application security, Malware, Phishing, Ransomware

A tale of two ransomware attacks

Two schools, two ransomware attack and two different outcomes.

The Allegheny Intermediate Unit school system was able to fend off a recent ransomware attack using back up files, meanwhile the University of Maastricht just disclosed it paid 30 bitcoins to regain control of its encrypted computer network.

Allegheny Intermediate Unit (AIU), a regional public education agency that is part of Pennsylvania's public education system, reported that portions of its network recently were hit with ransomware with the attackers demanding a ransom payment to restore the files. The school system refused to pay the unnamed amount.

AIU interim director Rosanne Javorsky hired an outside security firm to lock down and restore the system using back up files.

“The AIU had backup versions of the most critical information and was able to restore access to the vast majority of the impacted files without engaging or paying the intruder. To ensure the integrity of our systems and avoid similar incidents in the future, we are reviewing our policies and procedures and continuing to enhance the security of our information systems,” she said.

AIU does not believe any information was removed from its system.

However, The University of Maastricht, was unable to recover from a December 24, 2019 attack, Tripwire reported. The university hired the security firm Fox-IT which traced the attack to the cybergang TA505 who used a phishing email most likely containing a malicious document to download the malware. The school reported that the lost data contained student and scientific work and the overall damage to the institution was very severe.

IT News reported the school considered rebuilding its system from scratch, but in the end opted to pay the 30 bitcoin ransom, or about $300,000.

TA505 is a well-known threat group that has hit a variety of targets at least one U.S. based electrical company, a U.S. state government network and one of the 25 largest banks in the world. The gang is known for spreading Dridex, TrickBot and Locky malware, and is widely considered synonymous with the alleged Russian cybercriminal outfit Evil Corp.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Abusing GitHub flaw could compromise GitLab

Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.