Group Blog Home
Group Blog Home

Recent Posts
NJCCIC LogoThe NJCCIC assesses with high confidence that educational institutions across the globe will remain attractive targets for a range of cyber-attacks designed to disrupt daily operations, steal sensitive data, instill fear in the community, and hold critical operational data for ransom

In October 2017, the US Department of Education issued an updated Cyber Advisory warning schools about a new method of cyber extortion impacting institutions across the country. Inr ecent attacks, cyber-criminals demanded large ransom payments in exchange for sensitive student record information obtained via schools’ compromised networks. In some instances, cyber-criminals made direct threats to the safety of students and staff members via SMS messaging.

According to Verizon’s 2017 Data Breach Investigations Report, the education sector was impacted by approximately 455 security incidents in 2016, with at least 73 of these events involving the disclosure of data. As the use of technology within the classroom is increasingly required for educational purposes, more schools are implementing Bring Your Own Device (BYOD) policies, allowing students and employees to connect their personal computers, tablets, and mobile phones to their networks. Unfortunately, if BYOD is not implemented with security in mind, schools could be exposing their networks and sensitive data to an increased risk of compromise created by vulnerable and infected devices. Sophisticated and profit-motivated threat actors are cognizant of this fact and will continue to target universities and school districts as many of them do not have adequate resources, funding, or staffing to properly protect and defend their networks.

Read more here: 20180207 - Education Sector - An Attractive Target for Cyber-Attacks.pdf
Posted by melson  On Feb 12, 2018 at 8:37 AM
The NJCCIC is aware of a ransomware campaign that has already impacted two hospitals, one municipality, and an ICS company within the US.

According to multiple open-source reports, the perpetrator(s) behind this campaign are targeting victims with a new version of MSIL/Samas.A/Samsam ransomware (hereafter referred to as SamSam). This version of SamSam appends .weapologize to the names of encrypted files and drops a ransom note named 0000-SORRY-FOR-FILES.html on infected systems. When SamSam ransomware first emerged, campaigns would target vulnerable servers running outdated versions of JBoss using JexBoss, an open-source JBoss testing/exploitation tool.

However, one Bleeping Computer article suggests that the perpetrator(s) behind this campaign may now be distributing SamSam via Remote Desktop Protocol (RDP) compromise. This article also reports that the online ransomware identification service, ID Ransomware, has received at least 17 submissions of SamSam-related files so far in January 2018, suggesting this campaign is currently and actively targeting victims.

Known victims of this campaign include Hancock Health Hospital in Greenfield, Indiana, Adams Memorial Hospital in Decatur, Indiana, and the city of Farmington in New Mexico.
Posted by melson  On Jan 22, 2018 at 10:26 AM