Following the announcement that Accellion was infected with ransomware, February was bound to be a bad month for the cyber security industry.
In total, we found 118 publicly disclosed cyber attacks and data breaches, which accounted for 2,323,326,953 breached records.
You can find the full list of incidents on our sister site, but as always, we use this blog to delve into the more notable incidents affecting European organisations.
And, no surprise, ransomware is at the top of the agenda.
French hospitals targeted by ransomware
Hospitals have had a desperate enough time dealing with COVID-19 without having to worry about cyber crime.
Unfortunately, attackers have been pouncing on overworked and under-resourced healthcare facilities with an influx of ransomware attacks.
Two French hospitals – in Villefranche-sur-Saône and Dax – became the latest victims, being targeted within a week of each other.
The Villefranche-sur-Saône hospital complex in eastern France said the attack “strongly impacts” its sites in Villefrance, Tarare and Trévoux.
In a separate attack against the Dax-Côte d’Argent hospital in the south of France, the facility’s computer system had been shut down entirely.
The hospital’s deputy director, Aline Gilet-Caubere, explained that although no data had been stolen, staff were unable to access patient data stored digitally, and were forced to keep paper records.
Both hospitals implemented incident response processes to ensure that patient records could be processed.
Meanwhile, a third hospital group – in Dordogne – narrowly avoided falling victim, after an IT supplier detected ransomware on the organisation’s servers.
Hugues Alegria, the director of computer systems at the hospital, said his team cut off the networks going to the supplier and immediately deactivated the backup servers to ensure they weren’t infected.
Following these attacks, French President Emmanuel Macron unveiled a plan to better protect the public sector against ransomware.
Macron spoke with officials and workers from some of the hospitals, noting the severity of the attacks and the threat to patients’ health.
Indeed, a patient at Dusseldorf University Hospital in Germany died during a ransomware infection last year.
The hospital was unable to accept emergency patients because of the attack, so the woman – who needed urgent treatment for a life-threatening illness – was sent to another hospital 20 miles away.
“We are learning about these new attacks, some coming from states as part of new conflicts between nations, others coming from mafias,” Macron said.
Serco denies data leak after cyber attack
Sticking with ransomware, Serco confirmed last month that parts of its infrastructure in mainland Europe had been encrypted during an attack.
The announcement followed the release of stolen images on social media that appeared to belong to the outsourcing giant.
Serco confirmed that it had been targeted, but assured its clients – which include NATO and the European Space Agency – that no sensitive data had been compromised.
In a ransom note, the attackers claimed to have had access to Serco’s systems for three weeks, and that they’d exfiltrated a terabyte of data.
They added: “Your partners such as NATO, or Belgian Army or anyone else won’t be happy that their secret documents are in free access in [sic] the internet.”
These types of ransom, known as double-extortion scams, are designed to dissuade organisations from simply restoring their systems from backups because the data will be leaked anyway.
In reality, paying the ransom makes no difference. Once an attacker has infiltrated your systems, a data breach has occurred. Someone has already gained unauthorised access to the data, and you must therefore meet your regulatory requirements to report the incident.
This is, fortunately, a lesson that organisations are learning. According to a Coveware report, the average ransom payment plummeted by 34% in the final quarter of 2020, as organisations realised that meeting criminals’ demands made no difference to their predicament.
In most cases, the attackers leaked the information whether the victim paid up or not, so breached organisations would be better off using that money to handle incident response – or, better yet, to implement mechanisms to prevent breaches.
You can find out more about how to handle a ransomware attack with our cyber incident response service.
Stay up to date with cyber security news
Are you looking for regular updates on the latest cyber attacks and data breaches?
Subscribe to our Weekly Round-up to learn what’s happening in the cyber security industry and receive tips on how to protect your organisation.