Ransomware Attack Impacts Legal Software Provider Trialworks

A ransomware attack has impacted legal software platform provider TrialWorks, blocking roughly 5 percent of the company’s customers from accessing their case management accounts, according to The Miami Herald.
In response, TrialWorks may have paid the ransomware in a bid to decrypt the infected case management software systems, BleepingComputer speculates.
The attack apparently surfaced in early to mid-October, with some details surfacing in emails from TrialWorks over the past week. At least one law firm has been unable to access legal case documents from TrialWorks since October 11, the Miami Herald reports.
TrialWorks has hired cybersecurity consulting firms to assist the business recovery, multiple news stories say. However, current reports do not discuss whether the company proactively employed a managed security services provider (MSSP) for risk mitigation, data protection and business continuity services.
As of 2:00 p.m. ET on October 27, neither TrialWorks’ blog nor the company’s support site specifically mention the alleged business issue. MSSP Alert has reached out to TrialWorks seeking a status update on the apparent ransomware issue.

Ransomware Attacks Target Cloud Business Applications

In recent months, hackers have increasingly extended their ransomware attacks from on-premises systems to cloud-based and hosted business applications.  Among the victims: Insynq, a cloud service provider (CSP) and hosted Quickbooks provider that suffered a ransomware attack in July 2019.
Credit: MSSP Alert

Ransomware Attack Count Total for 2019 (So Far)

Cybercriminals have launched ransomware attacks against at least 621 government agencies, healthcare providers and schools in the first nine months of 2019, according to antimalware and antivirus software provider Emsisoft.
At least 68 state, county and municipal entities have been affected by ransomware attacks this year, Emsisoft noted. In addition, at least 62 ransomware attacks have involved school districts, and 491 ransomware attacks were reported against healthcare providers.

Ransomware Attack Trends in 2019

Emsisoft identified the following ransomware attack trends thus far in 2019:
  • Cybercriminals Target MSPs: Cybercriminals are increasingly targeting software used by MSPs and other third-party service providers to simultaneously attack service providers and their customers.
  • Ransoms Are Increasing: Cybercriminals want to maximize their profits, and as such, are increasing their ransom requests.
  • Cyber Insurance Drives Ransom Payments: Organizations that leverage cyber insurance are more prone than others to pay cybercriminals’ ransoms.
  • Cybercriminals Prioritize Email and Remote Desktop Protocol (RDP): Emails and RDP attachments represent the top choices for cybercriminals to launch ransomware attacks.
Coordination and communication between public and private organizations could help limit the impact of ransomware attacks, Emsisoft said. If organizations across all sectors understand how to identify and address ransomware attacks, these organizations can prevent data breaches.
Credit: MSSPAlert (https://www.msspalert.com/)

City of Johannesburg held for ransom by hacker gang

Image: mzgiaconte

A hacker group going by the name of Shadow Kill Hackers is holding South Africa's largest city for ransom, demanding 4 bitcoins from Johannesburg authorities, or they'll upload stolen city data on the internet.
The deadline is October 28, 5 pm, local time, according to a message from the hackers.
"Your servers and data have been hacked," the note reads. "We have dozens of back doors inside your city. We have control of everything in your city. We also compromised all passwords and sensitive data such as finance and personal population information."
The message was discovered on city employee computers, in the form of a logon screen.

Johannesburg ransom note
Image: pule_madumo via Twitter

Authorities immediately responded by shutting down all the IT infrastructure, such as websites, payment portals, and other e-services. A breach was later confirmed via the city's official Twitter account.

Initially, employees thought they were the victims of a ransomware attack, like the one that hit the city's power grid in July, attack that left many without electricity for days. However, it was later discovered that city computers were not encrypted.
Furthermore, the hackers went to Twitter to post screenshots showing that they had access to the city's Active Directory server, even claiming that they were the ones who took down the website after deactivating the DNS server.


City officials were not available for comment. It is unclear if they intend to pay the ransom demand, estimated at around $30,000. In some interviews, city officials also suggested they would be investigating the incident as the work of a disgruntled current or former city employee.


On the same day, local media also reported that several South African banks were hit by cyber-attacks attacks, and their services went down. Standard Bank and Absa were two of the five banks that were attacked by what appeared to be DDoS attacks.
Initially, the attacks were reported as coming from the same group, but Shadow Kill Hackers confirmed on Friday that they were not involved in these unrelated attacks.


Over the past week, financial institutions across the world have been getting hit by DDoS attacks and extortion demands. South Africa was one of the countries affected by these attacks, according to a spokesperson from Group-IB, a cyber-security firm that provides security services to financial institutions. The attacks on the South African banks are most likely a coincidence, happening at the same time with the attack on the Johannesburg municipality's network, but evidence and statements suggests they are not the work of Shadow Kill Hackers.
source: https://www.zdnet.com/article/city-of-johannesburg-held-for-ransom-by-hacker-gang/

German Automation Giant Still Down After Ransomware Attack

One of the world’s biggest producers of automation tools is still crippled over a week after it was hit by a ransomware attack.
German giant Pilz was forced to notify the prosecutor’s office and Federal Office for Security in Information Technology after suffering a targeted cyber-attack the Sunday before last.
However, despite setting up an incident response team to locate the source of the attack and resolve the disruption, it warned that outages will continue for several more days.
“Since Sunday, October 13, 2019, all server and PC workstations including the communication network of the automation company have been affected worldwide. The website is currently only partially functional,” it noted in a status update.
“As a precaution, the company has removed all computer systems from the network and blocked access to the corporate network.”
The IT disruption appears to have affected delivery of shipments and communications, although email came back online around the world on Friday. The last update from the company yesterday claimed that deliveries had restarted in “certain areas.”
It’s unclear which these are, however: Pilz operates in over 70 countries around the world, across Europe, Asia Pacific and the Americas.
The firm offers a range of products vital to automate industrial environments, including: configurable safety controllers; programmable safety systems; safety sensors; operator and visualization systems; networks; system and application software; drive technology; integrated standard and safety automation systems.
Pilz is the latest in a long-line of large enterprises targeted by ransomware authors looking for a big ROI on attacks.
Back in March, Norsk Hydro, the world’s number one aluminium producer, was hit by the LockerGaga variant in an attack which is said to have cost the firm at least $41m. More recently, US mailing technology company Pitney Bowes and French media giant Groupe M6 were both caught out.
Ransomware detections grew 77% from the second half of 2018 to the first six months of this year, according to Trend Micro.
source: https://www.infosecurity-magazine.com/news/german-giant-pilz-down-after/