Page 18 - Threat Intelligence 12-13-2019
P. 18
Data Breaches &
Attacks
Significant malware attack hits Waterloo Catholic District School Board. The Waterloo Catholic District School
Board was in the midst of responding to a significant malware incident on Wednesday, according to chief
managing officer John Shewchuk. Shewchuk said the board learned of the attack early on Sunday. "Our IT
team worked through Sunday, and we promptly retained a leading cyber-security expert," Shewchuk said in an
email. The board has since taken steps to secure its network, Shewchuk said. He said some services have been
restored but that there is "more work to do.“ There is no indication that personal or business information has
been taken as a result of the attack, Shewchuk said, although a forensic investigation is still to come. The
malware incident is the latest in a string of cyber-attacks that have hit southern Ontario this year. Last week,
Waterloo Brewing Ltd. said it has lost $2.1 million in a cyber attack. The city of Stratford agreed to pay an
attacker $75,000 worth of Bitcoin to unlock its information systems following an attack in April. Hospitals in
Listowel and Wingham were also hit by a ransomware attack in September and regained access to their
systems in October. The city of Woodstock was also struck by a cyber-attack in September.
Source: https://www.cbc.ca/news/canada/kitchener-waterloo/waterloo-catholic-district-school-
board-responding-to-significant-malware-incident-1.5375226
Yet another school district hit by ransomware, this time in Illinois. Adding to a mounting tally of schools that
have fallen victim to ransomware this year, a school district in northern Illinois announced this week that some
of its systems too have been infected. Sycamore Community School District 427, a preK-12 district with seven
schools that lies 60 miles west of Chicago, noted on its website on Tuesday that some of its “internal
technology servers” have been infected by ransomware, though the note’s author, Superintendent Kathy
Countryman, did not supply the type of ransomware used, the ransom amount or whether the district intends
to pay. Uncharacteristically for an attack of this sort, many of the district’s systems remained uninfected,
however, including its email, phones, website, student information systems, building alarm, Chromebooks and
Google Suite for Education applications and data.
Source: https://edscoop.com/sycamore-community-school-district-ransomware/
Ransomware Locks Medical Records at Great Plains Health. Great Plains Health medical center is recovering
from a ransomware incident that hit its computer network at the beginning of the week and forced switching
to pen and paper to maintain activity. The attack was detected on Monday around 7 p.m. and the IT
department worked through the night to reduce the impact on local health services. Ransomware encrypts
files on affected systems and is not typically associated with data theft. However, a new trend is prefiguring
where data is stolen before being encrypted by the malware. The group behind Maze ransomware carried out
such an attack and threatened the victim company that they would leak the stolen data unless they paid 300
bitcoin ($2.3 million at the time) for the decryption key. When the company refused to pay the ransom, Maze
operators kept their word and published a cache of 700MB worth of files.
Source: https://www.bleepingcomputer.com/news/security/ransomware-locks-medical-records-at-
great-plains-health/
www.accumepartners.com
18
