In July, various public sector entities, including county governments and a state health department, fell victim to ransomware attacks, showcasing the ongoing threat of cyber extortion in the digital landscape. While the month also saw a global IT outage caused by an erroneous CrowdStrike channel file update, ransomware attacks continued to plague organizations across different sectors.
One notable incident involved Jefferson County, Kan., where the CrowdStrike outage disrupted services, including access to the Kansas driver’s license system. The county clerk’s office received an extortion note from threat actors claiming to have stolen data, leading to initial speculation that the outage was used as a cover for the attack. However, further investigation revealed that data had indeed been compromised, highlighting the intersection of extortion and the CrowdStrike outage.
The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert on July 19, noting that threat actors had exploited the CrowdStrike outage for various malicious activities, including phishing attempts. CrowdStrike also observed phishing domains posing as legitimate support links, used by threat actors to distribute an infostealer known as Lumma. These incidents underscore the importance of remaining vigilant against cyber threats, even amidst major IT disruptions.
In the realm of ransomware attacks, Check Point Software Technologies identified RansomHub as the most prevalent ransomware gang in July, responsible for 11% of all reported attacks. LockBit followed closely behind, comprising 8% of the total share. RansomHub notably targeted the Florida Department of Health, leaking sensitive data such as test results and employee records on the dark web, causing disruptions to healthcare services and funeral homes.
Additionally, private sector organizations also faced cyber threats, with Bassett Furniture disclosing a cyberattack in a filing with the Securities and Exchange Commission (SEC). The company detected unauthorized activities on its IT systems, leading to the encryption of data files by threat actors. As a result, business operations were disrupted, impacting order fulfillment and temporarily closing manufacturing facilities.
In a separate incident, Clay County, Ind., declared a local disaster following a ransomware attack that affected court and clerk’s office services. The attack, attributed to the Blacksuit Ransomware group, highlighted the increasing sophistication and persistence of cybercriminals targeting municipalities and businesses alike.
Overall, the events of July serve as a stark reminder of the pervasive threat posed by ransomware attacks and cyber extortion, underscoring the critical need for robust cybersecurity measures and proactive response strategies to safeguard against evolving threats in the digital realm. It is imperative for organizations to remain vigilant, enhance their cybersecurity posture, and collaborate with law enforcement and cybersecurity experts to mitigate the risks posed by malicious actors seeking to exploit vulnerabilities in the digital ecosystem.