Ransomware attacks have been circulating data security and infosec news quite heavily since last year’s Wannacry and Petya attacks. Unfortunately, Family Planning New South Wales (NSW) has had a recent encounter with ransomware attacks. The personal and reproductive health not-for-profit organization fell victim to the attack on April 25.
In the ransomware attack, Family Planning NSW databases were breached. Within the databases lives patient information for an estimated 8,000 individuals. An email disbursed to all individuals affiliated with the organization stated that the breach had occurred two weeks earlier. Specifics around those whose information may have been stolen pertains to anyone who has inquired about services, appointments or left feedback with the organization in a span of the last two and a half years, according to The Guardian.
Medical records were reportedly not accessed in the ransomware attack, however any names, addresses or phone numbers submitted in an appointment request was left in a state of vulnerability.
The chief executive of Family Planning NSW, Ann Brassil offered specifics on the ransomware attack’s requests:
“The ransom said, ‘We’re shutting down your website, and you pay us $15,000 in bitcoin for us to release the website.’”
Those behind the ransomware did state that failure to generate the appropriate payment would result in a release of all information collected. Fortunately, once the website was disassembled the hackers behind the attack did exit. The website was then taken into a security exploration and overview mode. It has also been noted by Brassil that no information stolen has yet been put to use or further abused. However, it is a possibility that stolen information may eventually be put into action.
The Family Planning NSW webpage has changed their landing page to a security notification, making visitors aware that the webpage is under a security update and will return after completion.
The particular vulnerability that allowed the hackers entry into the Family Planning NSW database is believed to be due to a vulnerability in a web content management system, known as Drupalgeddon2. Other organizations that utilize the same content management system have also experienced recent attacks.
Ransomware attacks are particularly dangerous as they add insult to injury, not only are they going to slither into an organization but they are also going to have a monetary demand and a threat should their demands not be met. As the ransomware attacks have began to surge, cyber security efforts to protect against the attacks must follow suite. A foundation of awareness, transparency and insider threat knowledge are vital assets organizations must arm themselves with in order to prevent ransomware attacks. Click below to learn more about Teramind.