“Once is happenstance. Twice is coincidence. Three times is enemy action.” – James Bond

More pattern recognition and sensemaking efforts here – following up our recent spotlight on The City of Dallas, Over a Month After A Ransomware Attack, Still not at Full Functionality and the U.S. Turning its Strategic Focus Towards Cyber Threat Vectors in Guam, Albania, and Costa Rica  – further validating the broader cyber battles that the U.S. is fighting on a daily basis (in what is a broader, global cyber war in which we are already engaged against nation-state and non-state actors alike). 

Ransomware Epidemic Hits a Mississippi County and a Hospital in Tampa; Cyberattack Outages in Trinidad and Tobago

Recent Outages in Trinidad and Tobago

The Record provided the following summary the recent cyberattack in Triniad and Tobago:  

Trinidad and Tobago’s justice department is dealing with a cyberattack that has impacted the ministry’s operations. The island nation of more than 1.4 million people announced on Friday that its Ministry of Digital Transformation discovered a cyberattack targeting the country’s Office of the Attorney General and Ministry of Legal Affairs (AGLA) in recent days. Here’s what you need to know:

1. The Ministry of Legal Affairs in Trinidad & Tobago has been targeted by a cyberattack that has disrupted services, including electronic court documents. While internal investigations are ongoing, no information about the nature of the attack or any potential ransom demands has been shared.
2. Due to the attack, critical government services have been impacted, leaving lawyers unable to access email accounts and important documents for trials. An emergency response plan has been put into place, with alternative methods for submitting court documents being provided.
3. This incident is not isolated; there seems to be a recent pattern of cyberattacks on government agencies in island nations around the world:

• • In June, the Caribbean island of Martinique said it was dealing with a cyberattack that disrupted internet access and other infrastructure for weeks. Guadeloupe — an overseas department and region of France in the Caribbean consisting of six islands with a population of about 385,000 — also dealt with a cyberattack this year that crippled many of the local government’s systems.
  • Pacific islands have also faced attack, with the government of Vanuatu being knocked offline in early November 2022 following a ransomware attack.
  • The Medusa ransomware group launched a wide-ranging attack on Tonga’s state-owned telecommunications company in February and in March, the largest provider of mobile, television, internet and telephone services to the U.S. territories of Guam and the Northern Mariana Islands was hit with a cyber incident.
  • Trinidad itself faced its own cyberattack last year when its biggest supermarket chain was attacked by a now defunct ransomware group. (1)

For the full report by The Record’s Jonathan Greig, go to: Trinidad and Tobago facing outages after cyberattack

A ‘Digital Hurricane’ in a Coastal Mississippi County

“A coastal Mississippi county is in the process of recovering from a wide-ranging ransomware attack that took down nearly all of the government’s in-office computers. Nestled right along the border with Alabama, George County is the quiet home to more than 25,000 people. Here’s what you need to know:

1. The recent ransomware attack on George County in coastal Mississippi exposed the vulnerability of the local government’s IT system. The attackers utilized a well-crafted phishing email to infiltrate and take over nearly all in-office computers, disrupting county operations over a weekend. The incident underlines the importance of robust cybersecurity measures in protecting public services and infrastructures.
2. The ransomware attack, much like similar incidents in other U.S. counties, underscored the need for contingencies during such cyber incidents. Following the attack, the county increased its IT workforce to expedite the recovery process. In addition, the county made sure not to engage with the ransom demands which, despite their seeming professionalism, held no guarantees of system restoration.
3. While the first quarter of 2023 saw fewer publicly-reported attacks than the same period in the previous year, this does not diminish the threat these attacks pose to both small and large municipalities. The case of George County serves as a reminder that cyber criminals show little preference in their choice of targets. Governments at all levels must therefore prioritize cybersecurity to protect their operations and the data of their constituents.”  (2)

For full coverage of this cyberattack by Greig, see ‘It feels like a digital hurricane’: Coastal Mississippi county recovering from ransomware attack

Graph Source:  The Record

Failed Ransomware Attack on a Tampa Hospital (1.2 million patient records stolen) 

“One of the largest hospitals in Florida said hackers stole the sensitive data of more than 1.2 million patients during an attempted ransomware attack in May. Here’s what you need to know:

1. Tampa General Hospital experienced a significant data breach, where the sensitive information of over 1.2 million patients was stolen during an attempted ransomware attack. The compromised data included personal information and health insurance details.
2. Despite the hospital‘s quick response to unusual network activity, the forensic investigation revealed that the hackers had infiltrated their network for about three weeks before trying to encrypt the data. The hospital effectively thwarted the encryption attempt, avoiding major disruption to patient care services.
3. The Snatch ransomware group, implicated in many high-profile cyber-attacks since 2019, added Tampa General Hospital to its leak site. The hospital declined to pay the ransom and is offering free credit monitoring services to those who had their Social Security numbers compromised. The incident is part of a concerning trend, with healthcare companies becoming increasingly targeted by cybercriminals.”  (3)

“Since 2019, the Snatch gang has been implicated in a number of high-profile attacks, including

• The Metropolitan Opera;
• A school district in Wisconsin; 
• Swedish automaker Volvo; and 
• It was most recently implicated in the ransomware attack on the California city of Modesto.”  (3)

Greig provides further coverage of this ransomware attack.  See Tampa hospital says sensitive data of 1.2 million stolen in failed ransomware attack.

https://oodaloop.com/archive/2023/06/08/the-city-of-dallas-over-a-month-after-a-ransomware-attack-is-still-not-at-full-functionality/

https://oodaloop.com/archive/2023/04/05/the-u-s-turns-strategic-focus-towards-cyber-threat-vectors-in-guam-albania-and-costa-rica/