Ransomware attacks hit Florida ISP, Australian cardiology group

After Florida ISP Network Tallahassee was hit with a ransomware attack, the broadband provider reportedly paid a $6,000 ransom. Details of the attack – such the type of ransomware and how many customers were affected – were not revealed. We know only that the infection was discovered on Saturday. The Tallahassee Democrat quoted a former cop as saying he could no longer send email on Monday, but he could still receive it.

As of Wednesday morning, the afflicted ISP’s site is still down, but the company left the following voicemail for customers who called in on Monday: “We have been in contact with the hackers and paid the ransom and have been advised it will be tomorrow, Tuesday, before we get the compiled encrypter tools. If the hackers deliver, it will probably be Wednesday before we are partially back up and running.”

Network Tallahassee’s message added, “We apologize for the inability to contact folks, but nearly all systems are down and those that aren’t down are largely crippled. To say we’re sorry is inadequate. We are doing our best.”

The ISP later said no customer data had been compromised, as “the threat is localized” to a few “crippled” servers, including the server for the phone system. The first server was reportedly nearly restored, and the ISP said, “With any good fortune, we will be back online within the next 24-36 hours.”

More ransomware news

Ransomware attack hits Australian cardiology group and likely Toyota manufacturer

The Melbourne Heart Group, out of Australia’s Cabrini Hospital Malvern, has recovered from a recent ransomware attack. Fifteen thousand cardiology patients’ records were allegedly encrypted. Also, according to The Age, an undisclosed ransom was paid – yet not all of the files could be decrypted. An unnamed source suggested the ransomware payload was Hermes 2.1. Although the ransomware attack occurred in late January – called a “cybersecurity incident” by the Melbourne Heart Group – the cardiology unit didn’t post an all clear signal until Feb. 25.

Toyota Australia was also recently a ” victim of an attempted cyber attack.” BankInfoSecurity suggested this, too, may have been a ransomware attack.

New ransomware targeting Linux servers comes with ransom demand of over $75,000

Bleeping Computer reported that a new ransomware that targets Linux servers – and possibly Windows boxes – comes with a $75,000 ransom demand. When this B0r0nt0K ransomware was reported to a Bleeping Computer forum, the user said his client’s website – running on an Ubuntu 16.04 server – had been encrypted and the ransom demand was 20 bitcoins; at the time of publishing, 20 BTC was the equivalent of over $76,000.

Ransomware attacks decline as cryptojacking and fileless malware attacks increase

You wouldn’t think it, based on the above ransomware attacks, but the newly released 2019 IBM X-Force Threat Intelligence Index says both the reliance on malware and ransomware attacks are on the decline. Criminal cyberthug groups are instead shifting to cryptojacking attacks. The amount of cryptjacking attacks were almost twice as many as those of ransomware attacks in 2018.

“If we look at the drop in the use of malware, the shift away from ransomware, and the rise of targeted campaigns, all these trends tell us that return-on-investment is a real motivating factor for cybercriminals,” said Wendi Whitmore, Global Lead of the IBM X-Force Incident Response and Intelligence Services. “We see that efforts to disrupt adversaries and make systems harder to infiltrate are working. While 11.7 billion records were leaked or stolen over the last three years, leveraging stolen Personally Identifiable Information (PII) for profit requires more knowledge and resources, motivating attackers to explore new illicit profit models to increase their return on investment. One of the hottest commodities is computing power tied to the emergence of cryptocurrencies. This has led to corporate networks and consumer devices being secretly highjacked to mine for these digital currencies.”

Trend Micro agreed that ransomware attacks are on the decline, stating, “Overall ransomware-related threats decreased by 91 percent from 2017 to 2018.”

According to Trend Micro Research’s newly released report ( pdf), cryptojacking detections peaked at more than 1.3 million in 2018 – a 237 percent increase, fileless threats were up a whopping 819% from 2017, and cyberthugs turned from zero-days attacks to abusing flaws that were recently patched.