The Week in Breach: 07/10/19 - 07/16/19

This week, ransomware stops the music at a local radio station, employees fall for phishing scams, and U.S. mayors promise not to pay any more ransom demands.

Dark Web ID Trends:

Top Source Hits: ID Theft Forums 
Top Compromise Type: 
Top Industry:
Medical & Healthcare
Top Employee Count:
11 - 50 Employees 


United States - Los Angeles County Department of Health

Exploit: Phishing attack
Los Angeles County Department of Health: Government agency responsible for overseeing health initiatives in Los Angeles County
twib-severe Risk to Small Business: 1.555 = Severe: On March 28th, an employee at a third-party contractor opened a phishing email that gave hackers access to the company’s data, which included personally identifiable information from the Los Angeles Department of Health. Although the data was encrypted, the email account also contained the encryption keys, which functionally nullified this security feature. As the second-largest health system in the United States, the agency oversees many clinics and hospitals that could be impacted by this attack. Now, the Los Angeles County Department of Health is tasked with reinforcing its cybersecurity standards while they support their constituents who were harmed in the attack.

Individual Risk: 2.285 = Severe: The data breach exposed sensitive patient information, including names, addresses, dates of birth, medical record numbers, and Medi-Cal identification numbers. In addition, two patients had their Social Security numbers compromised. Although patients were not the target of the attack and authorities haven’t found evidence that their information is being misused, personally identifiable information can quickly make its way to the Dark Web where it can be used to perpetrate financial and identity crimes. Therefore, those impacted by the breach should enroll in the provided credit and identity monitoring services to ensure their data’s continued integrity.

Customers Impacted: 14,591
How it Could Affect Your Customers’ Business: Phishing attacks are an easy way for hackers to circumvent security standards by relying on employee ignorance and indifference to gain access to sensitive computer networks. Every organization can defend against these attacks by conducting awareness training with their employees. By equipping employees to identify and report phishing emails, organizations can effectively render these attacks ineffective.

ID Agent to the Rescue: BullPhish ID™ simulates phishing attacks and conducts security awareness training campaigns to educate your employees, making them the best defense against cybercrime. Click the link to get started:


United States - La Porte County Government

Exploit: Ransomware
La Porte County Government: Local government serving La Porte, Indiana
twib-severe Risk to Small Business: 2.111 = Severe: A malware attack on the government’s IT infrastructure rendered more than half of their servers unusable. The attack, which delivered a ransomware virus, cut off access to the county’s website, email accounts, and other services. The remaining servers were taken offline to prevent malware from spreading further. The county purchased ransomware insurance last year, which will help offset the repair costs, but officials expect in order to fully recovery it will come at a significant expense.
whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware attacks on government agencies and institutions are on the rise, making a response plan a must-have element of any cybersecurity initiative. La Porte officials demonstrated many benefits of these plans, including rapid response capabilities, clear communication channels, and proper insurance to reduce the expense of an attack. Of course, surveying your organization’s IT infrastructure should be a top priority as well, since it can prevent an attack before it occurs.

ID Agent to the Rescue: Monitoring the Dark Web for stolen credentials is critical for MSPs who want to provide comprehensive security to their customers. BullPhish ID compliments that data with simulated phishing attacks and security awareness training campaigns to educate employees, making them the best defense against cybercrime:


United States - Essentia Health

Exploit: Phishing attack
Essentia Health: Integrated healthcare system offering services in Minnesota, Wisconsin, North Dakota, and Idaho
extreme gauge Risk to Small Business:  2 = Severe: A vendor providing billing services for the healthcare provider was the victim of a phishing scam that consequently compromised patient data at Essentia Health. The healthcare provider is investigating the incident and the integrity of other third-party vendor systems. In today’s digital landscape, verifiable data security standards are a must have for any partnership that involves personally identifiable information.
twib-severe Individual Risk: 2.428 = Severe: Essentia notified those impacted by the breach, but they have not identified any attempted misuse of patient data. Even so, once sensitive personal information is accessed, it can quickly become accessible on the Dark Web, so those affected will need ongoing credit and identity monitoring services to ensure their data’s integrity.

Customers Impacted: 1,000
How it Could Affect Your Customers’ Business: Data breaches that expose people’s personal information can have devastating consequences for both the company and the victims. The most advantageous road to recovery starts with ensuring that victims have the support necessary to adequately recover from the incident. This includes identifying the cause and scope of a breach as well as providing the credit and identity monitoring services that offer rapid detection of data misuse.

ID Agent to the Rescue: Backed by ID Agent’s $1 million identity theft restoration policy, SpotLight ID™ allows MSPs’ clients to protect customers while enhancing their overall cybersecurity awareness. Learn more:


United States - Monroe College

Exploit: Ransomware
Monroe College: Private for-profit college and graduate school based in New York City
twib-severe Risk to Small Business: 1.888 = Severe: The college endured a ransomware attack that disabled network services at its three campuses. The perpetrators issued a demand for $2 million in Bitcoin to release the encrypted files that likely include most of their critical data for executing business and educational activities. While classes remain in session, all of the school’s email and website-based activities are inaccessible. Monroe College outsources its payroll, which preserved those services during the attack. Unfortunately, the school now has to decide between paying the exorbitant ransom and incurring the considerable cost of recovering network systems. Either way, it will be an expensive recovery process for Monroe College.
whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Monroe College is just the latest in a series of academic institutions impacted by a ransomware attack. These attacks significantly curtail their operations while costing precious funds that are earmarked for academics. Therefore, it’s imperative to understand potential vulnerabilities before such an attack occurs. Given the high expense of recovery, the slew of negative press, and the opportunity cost associated with a ransomware attack, the relatively affordable cost of examining network vulnerabilities and compromised credentials is a bargain.

ID Agent to the Rescue: We go into the Dark Web to keep you out of it. Dark Web ID™ is the leading Dark Web monitoring platform in the Channel. The award-winning platform combines human and sophisticated Dark Web intelligence with search capabilities to identify, analyze and proactively monitor for an organization’s compromised or stolen employee and customer data. Schedule a demo today:


United States - Richmond Heights City Hall

Exploit: Ransomware
Richmond Heights City Hall: Local government offices for Richmond Heights, Ohio
twib-severe Risk to Small Business: 2.111 = Severe Risk: When an employee opened a phishing email, it unleashed ransomware that disrupted City Hall’s IT infrastructure. The malware encrypted the employee’s files and displayed a ransom note on the screen that demanded payment in Bitcoin to restore services. While the ransomware disabled the city’s computers and servers, their email and internet services were not impacted in the attack. Fortunately, the city-maintained backups that allowed them to restore their files without paying the ransom.
whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: Ransomware can have catastrophic consequences for any organization, but this incident is a reminder that they are often initiated by subtle mistakes. In this case, a single phishing email could have compromised the IT infrastructure for an entire city government. Maintaining adequate backup services and other restorative processes are critical to recovering from a ransomware attack but protecting against the methods that are frequently used to deploy these attacks is equally important.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here:


United States - KHSU Radio Station

Exploit: Ransomware
KHSU Radio Station: Radio station owned by Humboldt State University
twib-severe Risk to Small Business: 2.333 = Severe Risk: Hackers exploited a network vulnerability to deliver ransomware to KHSU’s programming systems and storage servers. Fortunately, the affected servers did not contain any sensitive data, but the attack disrupted the station’s programming, which went offline on July 1st. The hackers are demanding a ransomware to restore the systems, but an actual amount hasn’t been specified. Until services are restored, the station’s listeners will continue to be without programming.
whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: The opportunity cost associated with a ransomware attack can be just as damaging as the immediate recovery cost. In this case, listeners are without the station’s regular programming, which will drive them to other stations. To make matters worse, the attack was issued using an avoidable network vulnerability. When it comes to avoiding a ransomware attack, the best offense is a strong defense. Prioritize a thorough review of your network infrastructure and repair any vulnerabilities before hackers exploit them for their own gain.

ID Agent to the Rescue: With BullPhish ID, MSPs can provide a more complete picture of a company’s security posture and potential risk, transforming the weakest links of an organization into their strongest points of protection. Find out how you can get started with us here:


United States - Arlington County

Exploit: Phishing attack
Arlington County: County in the Commonwealth of Virginia
twib-severe Risk to Small Business:1.555 = Severe Risk: A phishing scam gave hackers access to the county’s payroll systems that contained copious amounts of personal data. Upon discovering the breach, officials worked to identity the scope and severity of the incident, concluding that this preventable breach will have serious implications for their employees. In this case, the agency’s preventative measures will prove to be too little too late, and their own employees will pay the price for inaction.
twib-severe Individual Risk: 2.285 = Severe Risk: An investigation by two government agencies concluded that only employee data was compromised in the breach. Because hackers gained access to payroll systems, this information could include employee’s most sensitive information, including their names, addresses, Social Security numbers, and bank account information. Consequently, anyone impacted by the breach should immediately acquire credit and identity monitoring services to ensure their information’s long-term security.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In the wake of this attack, Arlington County is taking several steps to protect their infrastructure in the future, including updating their network’s ability to identify a phishing email before it reaches an employee’s inbox and providing training to employees to identity and delete phishing emails before they compromise the network’s integrity. These measures can significantly reduce the risk of a phishing scam, and every organization should implement these protocols as a precaution against not a response to a phishing scam.

ID Agent to the Rescue: Designed to protect against human error, BullPhish ID simulates phishing attacks and manages security awareness training campaigns to educate employees, making them the best defense against cybercrime. Learn more here:


Canada - The Nation, Ontario

Exploit: Ransomware
The Nation, Ontario: Eastern Ontario municipality

Risk to Small Business: 1.666 = Severe: On June 30th, the Canadian municipality was hit with a ransomware attack that crippled the government’s use of network capabilities, computers, and email accounts. Hackers demanded $10,000 in Bitcoin to decrypt the files, which the government declined to pay. Instead, it took officials more than two weeks to restore network services, although email systems are still inaccessible. The incident is a reminder that there are no good solutions once a ransomware reaches a company’s network.

 whitebox Individual Risk: No personal information was compromised in the breach.

Customers Impacted: Unknown
How it Could Affect Your Customers’ Business: In the wake of this event, government officials are reorienting several of the IT protocols to prevent future ransomware attacks. With ransomware becoming an all-too common malady for organizations in virtually every sector, it’s paramount that they execute those strategies before an attack occurs. While a comprehensive ransomware response plan has many components, it’s common for hackers to enter a company’s network using an employee’s compromised credentials. Partnering with security providers that can monitor for these things can prevent hackers from accessing your network and delivering crippling ransomware.

ID Agent to the Rescue: Dark Web ID alerts MSPs when their customers’ employee emails and passwords have been compromised and are for sale to the highest bidder, before a breach occurs. Learn how you can partner up with us here:

Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.

In Other News:

U.S. Mayors Unite Against Ransomware Payments 

2019 has seen a significant uptick in the number of ransomware attacks on local governments. High profile attacks on cities in Florida and Maryland attracted most of the mainstream media attention, but, to date, 22 municipalities were the victim of a ransomware attack in the first half of the year.

Local mayors are tired of paying the price for these attacks, and they codified this sentiment in a nonbinding, unanimous resolution at this year’s meeting of the U.S. Conference of Mayors where they vowed not to pay any more ransom demands.

Noting that ransom payments provide a financial incentive for additional perpetrators to proliferate these attacks, conference members are committed to disincentivizing this behavior in an attempt to abate this troubling trend.

The conference is comprised of 1,400 mayors from various U.S. cities with populations of over 30,000, and, while there is no mandate that members must follow this resolution, it provides political and legal cover for mayors to refuse ransom payments.

In some cases, not paying a ransom can be considerably more expensive, and it can take longer to recover affected systems

It also raises the stakes in the fight against ransomware, and local municipalities will need to do everything they can to fortify their IT infrastructure against the many access points for ransomware. Partnering with qualified third-party professionals can help your organization identify its most prescient vulnerabilities to ensure that they can avoid the decision to pay a ransom altogether.

What We’re Listening to:

Know Tech Talks
Security Now
Defensive Security Podcast
Small Business, Big Marketing – Australia’s #1 Marketing Show!
IT Provider Network – The Podcast for Growing IT Service
TubbTalk – The Podcast for IT Consultants
Risky Business

A Note for Your Customers:

Ransomware Attacks Target Network Attached Storage Devices 

According to recent findings by cybersecurity researchers, a new form of ransomware dubbed eChoraix, is being used to attack network attached storage (NAS) devices.

The malware specifically targets QNAP NAS devices, which are used around the world. These devices are already connected to the internet, and hackers use brute-force attacks to expose weak login credentials to gain access to the device.

These devices frequently store critical system backups and other sensitive information, but they often don’t come with the sophisticated security features that accompany built-in computer storage.

Much like the delivery method, the malware’s source code is simple, consisting of less than 400 lines. Unfortunately, this simplistic attack can still cause serious damage to users’ data, as they will be forced to either pay a ransom to recover the backups or to rely on other storage units to provide these services.

QNAP has issued a patch for these vulnerabilities, but, more broadly, every organization needs to be aware of the rapidly shifting landscape for today’s ransomware attacks that are becoming stealthier and more damaging. Cybersecurity services can help you navigate this landscape by transforming your vulnerabilities into your greatest asset in a robust cyber defense


 Are you an ID Agent Partner? Feel free to re-use this blog post (in part or in entirety) for your own social media and marketing efforts! Just send an email to to let us know!

Not a Partner? Learn more about Dark Web ID™ and the benefits it holds for your Business. Contact us today!