Please fill in the form below to subscribe to our blog

The Week in Breach News: 10/13/21 – 10/19/21

October 20, 2021

Ransomware rocks Ecuador’s largest bank, a malicious insider strikes at a US healthcare organization, everyone in Argentina had their identity stolen and a look at a diabolical ransomware attack that’s in fashion right now.


Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>



Olympus Corporation of the Americas

https://www.bleepingcomputer.com/news/security/olympus-us-systems-hit-by-cyberattack-over-the-weekend/

Exploit: Ransomware

Olympus Corporation of the Americas: Medical Technology Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 2.122 = Severe

Olympus was forced to take down IT systems in the U.S., Canada, and Latin America following a cyberattack that hit its network Sunday. The medical equipment manufacturer says that it does not believe that any data was stolen. Olympus also said that the incident was contained to the Americas with no known impact to other regions. Just last month, Olympus suffered another ransomware attack on its EMEA region systems.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Many ransomware gangs aren’t bothering to steal data anymore, opting to lock down networks and production lines to force a speedy ransom payment.

ID Agent to the Rescue: 50% of ransomware attacks in 2020 were against SMBs. Learn more about how ransomware is evolving and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>> 


Premier Patient Healthcare

https://www.govinfosecurity.com/former-executive-accessed-phi-nearly-38000-individuals-a-17724

Exploit: Malicious Insider

Premier Patient Healthcare: Medical Clinic Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.712=Severe

Texas-based accountable care organization Premier Patient Healthcare filed a statement this week detailing a malicious insider incident that caused the exposure of PII for over 37,000 patients from around the country. According to the report, a terminated executive had retained credentials that enabled them to access and obtain an unspecified amount of PHI. No further details were included and a HIPAA filing has not yet appeared. When the breach first came to light, the company’s early statements pointed to a fault at a vendor, which turned out to not be the case. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.712=Severe

The patient records that were accessed included name, age, sex, race, county and state of residence, and zip code, as well as Medicare beneficiary information, such as Medicare eligibility period, spend information, and hierarchical condition category risk score for an unspecified number of patients.

Customers Impacted: 8.5 million

How It Could Affect Your Customers’ Business This incident isn’t just a double helping of embarrassment for Premier Patient Healthcare, it’s also going to be a financial nightmare after regulators get finished with them.

ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>> 



Ecuador- Banco Pichincha

https://www.bleepingcomputer.com/news/security/cyberattack-shuts-down-ecuadors-largest-bank-banco-pichincha/

Exploit: Ransomware

Banco Pichincha: Banking & Financial Services

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.412=Extreme

Ecuador’s largest private bank Banco Pichincha has suffered a suspected ransomware attack that has resulted in some systems being knocked offline for days. Many services of the bank were disrupted, including online banking, its mobile app and ATM network. The bank is working with national authorities at the Superintendency of Banks to investigate the incident. In an internal notification sent to the Bank’s agencies and seen by BleepingComputer, employees are notified that bank applications, email, digital channels, and self-services will not be operational for an unspecified amount of time due to a technology issue, limiting many bank services to in-person transactions. Some ATM services have been restored. The incident is ongoing.    

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Attacks on the banking and fintech sectors have been growing, creating complications for every financial services organization.

ID Agent to the Rescue:  See how to transform every employee into a security asset to become the real secret weapon that successful organizations deploy to fight cybercrime like phishing! WATCH NOW>>


Argentina – Registro Nacional de las Personas (RENAPER)/National Registry of Persons 

https://therecord.media/hacker-steals-government-id-database-for-argentinas-entire-population/

Exploit: Hacking

Registro Nacional de las Personas (RENAPER): National Identity Database 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.232=Extreme

Hackers have broken into the Argentina Interior Ministry’s IT network and stolen a massive amount of data from Registro Nacional de las Personas (RENAPER)/National Registry of Persons. That extremely sensitive database contains ID card details for the country’s entire population. The leak was announced when a Twitter user posted ID card photos and personal details for 44 Argentinian celebrities including the country’s president Alberto Fernández and soccer superstars Lionel Messi and Sergio Aguero. While the Argentine government admits to the hack, they maintain that no data was stolen. However, cybersecurity experts and journalists were able to contact the threat actors through a dark web posting and confirm the authenticity of the database. The hackers appear to have gained access through a compromised VPN.

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.222= Extreme

According to a sample provided by the hacker online, the information they have access to right now includes full names, home addresses, birth dates, gender info, ID card issuance and expiration dates, labor identification codes, Trámite numbers, citizen numbers, and government photo IDs.

Customers Impacted: The population of Argentina is 45 million

How it Could Affect Your Customers’ Business A strong security culture helps reduce the likelihood of an incident caused by employee carelessness as this one reportedly was.

ID Agent to the Rescue: Gamify cybersecurity and information safety to make it interesting. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>


Brazil – Hariexpress

https://www.infosecurity-magazine.com/news/ecommerce-player-leaks-billion/

Exploit: Misconfiguration

Hariexpress: e-Commerce Firm

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.616 = Severe

Brazilian e-commerce firm Hariexpress is in hot water after it exposed an estimated to 1.8 billion client and seller records. The problem appears to have originated with a misconfigured Elasticsearch server, according to researchers. The server was left unencrypted with no password protection in place, exposing 610GB of data and that data may have been exposed for several months.  

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.616 = Severe

Exposed customer data included full names, home and delivery addresses, phone numbers and billing details. Also exposed were sellers’ full names, email and business/home addresses, phone numbers and business/tax IDs (CNPJ/CPF).  

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Human error will always be a company’s biggest cyberattack risk. It pays to make sure that everyone feels like they’re responsible for security to avoid messes like this.

ID Agent to the Rescue Solving complex security problems in a mobile access world can be fraught with peril. Find answers to 5 common remote and hybrid security problems in this handy infographic. DOWNLOAD IT>>

Over 80% of organizations felt the sting of cybercrime in 2020. See what cybercriminals are shopping for to better predict what will happen next in The Global Year in Breach 2021. READ IT>>


Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>



Spain – Meliá Hotels International 

https://therecord.media/cyberattack-hits-melia-one-of-the-largest-hotel-chains-in-the-world/

Exploit: Ransomware 

Meliá Hotels International: Hotel Chain 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615 = Severe

Meliá Hotels International, one of the largest hotel chains in the world, had fallen victim to a suspected ransomware attack. Attackers took down parts of the hotel chain’s internal network and some web-based servers, including its reservation system and public websites. An investigation is underway. No ransomware gang has yet claimed responsibility. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Ransomware is always expensive. Even without the extortion demand, it can cause massive losses simply from business interruption.

ID Agent to the Rescue Horrors like ransomware lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our new eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>


Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>



Taiwan – Acer 

https://www.bleepingcomputer.com/news/security/acer-confirms-breach-of-after-sales-service-systems-in-india/

Exploit: Hacking

Acer: Computer Manufacturer 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.631 = Severe

Acer has just been beleaguered by cyberattacks in 2021. In its second time at the dance this year, Acer’s India after-sales service has suffered a data breach. A threat actor has already claimed the attack on a popular hacker forum, saying that they stole more than 60GB of files and databases from Acer’s servers. The stolen data includes client, corporate, and financial data and login details belonging to Acer retailers and distributors from India. The threat actor posted a  video showcasing the stolen files and databases to a dark web forum showcasing the records of 10,000 customers, and stolen credentials for 3,000 Indian Acer distributors and retailers. 

Individual Impact: No information about the nature of the exposed customer data was available at press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Companies that store large amounts of data are hacker catnip. The data that they can steal will not only reap a big profit, it also opens other cybercrime doors.

ID Agent to the Rescue See why data like this has become so valuable and see how it impacts the cybercrime landscape in our annual cybercrime report The Global Year in Breach 2021. DOWNLOAD IT NOW>>


remote workers pose a cryptocurrency risk

Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>



1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.


Learn to defend castles from cybercriminal invaders in our How to Build Your Cybersecurity Fortress webinar! WATCH NOW>>



Go Inside the Ink to Get the Inside Scoop on Cybercrime


Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:

Kaseya Patch Tuesday: NEW! Patch notes & bug fixes for October 2021 are up: SEE PATCH INFO>> 



Knock Out Your Sales Goals with This 1–2 Punch

Ready to score a great Q4? These two webinars will help you clobber the competition.

ID Agent Quarterly Product Update 4
Find out what we’ve got in store this quarter and how you can boost your MRR! WATCH NOW>>

Battle of the Killer QBR Strategies
Don’t let QBRs intimidate you. Learn to harness their power to score more wins! WATCH NOW>>

Are You Afraid of the Dark (Web)?
Cybercrime horrors lurk around every corner. Using an unholy combination of dark web data, phishing and malware, bad actors have cooked up a brew that’s sure to devastate every business unless they’re ready for trouble. Arm yourself with this pair of resources to help your clients ward off danger!

Monsters of Cybersecurity
 – Everything you need to know about today’s nastiest threats is packed into one essential guide that helps you keep your clients’ systems and data safe from harm. DOWNLOAD IT>>
The Cybersecurity Monster Hunter’s Checklist – Use this checklist to make sure your clients have all the right equipment to face today’s nastiest cybercrime threats like ransomware, BEC and more! DOWNLOAD IT>>


Did You Miss…?  Hear about Cloud Tech 24’s experience as an ID Agent partner. WATCH NOW>>


Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>




New Ransomware Variant Packs an Extra Punch 


Bad Actors Threaten Even Bigger Damage


The good guys may be innovating (check out our Q4 Product Update Webinar) but the bad guys are too. One of today’s fastest evolving cyberthreats is ransomware, with new varieties coming at businesses and IT professionals faster and more furiously than ever before.  Ransomware has been consistently on the rise in 2021, with global attack volume increasing by 151% for the first six months of the year compared with the same period in 2020. As though ransomware wasn’t already a body blow to any business, a fresh twist on that old favorite is adding a touch of extra devastation to anyone it hits. 

Ransomware continues to be the story for media coverage about ransomware, and that makes sure it stays at the forefront of your clients’ minds. That’s a good thing; 54% of SMBs in a recent survey claimed that they were too small to be at risk of a cyberattack. Unfortunately, that is a dangerous misconception that puts businesses at risk for trouble. 

Ransomware Fast Facts 


dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>


A Nasty Rising Threat 


A recent report on a nasty up-and-coming variety of ransomware sheds light on exactly how devious – and devastating – one of today’s souped-up ransomware threats can be. Dubbed Yanluowang, researchers report that the cybercriminals behind this type of ransomware have raised the stakes. A Yanluowang attack follows many of the familiar patterns of a traditional ransomware threat, starting with the usual penetration of a company’s IT systems typically through phishing. An estimated 94 % of ransomware arrives at businesses via email.  

That grand entrance is followed by a quick-spreading infection that encrypts data and wreaks havoc in the victim’s IT environment. This attack follows the popular double extortion model, demanding that victims pay multiple ransoms to obtain a decryptor for their frozen data and equipment. Similar attacks prefer the triple extortion style, demanding three separate sums from victims. The average ransomware payment climbed 82% over the same period in 2020 to a record $570,000 in the first half of 2021. But that’s where the normalcy in Yanluowang stops because the operators’ further demands take the attack to the next level.  

The cybercriminals behind Yanluowang drop an increasingly popular threat on their victims that’s familiar to anyone who’s familiar with classic crime-show kidnapping: don’t call the cops.  These ransomware operators promise in their ransom note that the victim calls in outside help or contacts law enforcement officials, the gang will launch DDoS attacks against the victim to snarl their company websites in so much traffic that they’re rendered inoperable. Adding insult to injury, the extortionists also threaten to call customers and business partners and divulge company secrets. They also insinuate that uncooperative victims will face further damage. The bad actors threaten to attack again or return with additional attacks or delete the encrypted data. 


Use this checklist to be sure that you’ve found and mitigated every cyberattack risk that your client faces! DOWNLOAD IT>>


Even Cybercriminals Follow Influencers 


Sometimes called Ransom DDoS (RDDoS) or Cascading Extortion attacks, this tactic isn’t limited to just one kind of malware or the playbook of one ransomware gang. It’s also not new but it has grown much more prominent in the last few months. Purportedly innovated by legendary ransomware outfit Evil Corp (REvil), the gang provided a free service to its menu that enabled RaaS buyers to pay the group or affiliated partners to take further action against recalcitrant victims, including voice-scrambled VOIP calls to the media or the victim’s business partners and clients with information about the attack to ramp up the pressure by further damaging the victim’s business. 

Evil Corp may have brought Ransom DDoS (RDDoS) attacks to prominence in the cybercrime underworld, but other ransomware organizations were quick to hop on that lucrative bandwagon. Well-known ransomware operators such as SunCrypt and Ragnor Locker were also early adopters of the cascading extortion technique, according to a report in Bleeping Computer. Experts also contend that other ransomware gangs are offering the RDDoS option on their menu. Signs point to the Avaddon ransomware group and notorious cybercrime gang DarkSide, who rose to prominence with their Colonial Pipeline attack, as regular users of this type of ransomware threat. 


Zero Trust security is the key to keeping your clients safe – and the cornerstone is access management. We can help. LEARN MORE>>


Rapidly Evolving Threats Are Around Every Corner


Ransomware techniques are continually evolving, seemingly popping up like mushrooms after a rainstorm. Bad actors know that they have to keep adding new tactics and changing things around because cybersecurity solutions are evolving just as quickly. That’s why adding an extra component like a DDoS attack is a smart move for threat actors and ransomware developers. DDoS attacks are cheap and easy, creating a very low barrier to entry with very low risk. However, they can be extremely lucrative, making them a perfect add-on to a multi-extortion attack or a menu of cybercrime services,  

Businesses just cannot afford the kind of downtime that sustained DDoS attacks promise. In an analysis of almost 200 successful ransomware attacks against US businesses in 2020, researchers discovered that ransomware is as crippling as you think it is. The surveyed companies lost an estimated $21 billion due to attack-induced downtime after a successful ransomware incident. That’s just under 250% more than the same cost in 2019. No matter how big or small the company that is hit may be, they’re going to lose serious money on a ransomware attack, without even considering the ransom demand. 

Ransomware is Expensive Beyond the Ransom

  • Companies impacted by ransomware lost an average of six working days.   
  • An estimated 37% of companies experienced downtime that lasted one week or more.  
  • One incident investigation costs an SMB an estimated $15k 

Insider threats include phishing. Explore cybercriminal tricks to stop phishing with our new book represented by a light blue comic panel of a phishing hook and old-fashioned comic book style in light blue on dark blue with facts about cybersecurity in 2020

Learn the Secret of How Cybercriminals Trick Users Into Falling for Phishing Messages! GET EBOOK>>


Help Clients Resist Ransomware  


MSPs and SMBs agree: ID Agent can help make sure that businesses of every size are ransomware ready. Take action now to build a strong defense against ransomware with the powerful combination of our award-winning solutions: BullPhish ID and Passly. 

Passly combines the functionality of multiple solutions into one affordable package, including: 

  • Multifactor authentication (MFA)  is a must-have for zero-trust security that stops 99% of password-based cybercrime,  
  • Single-sign on adds another layer of protection by minimizing the number of credentials each employee has.
  • Simple remote management makes it easy for IT teams to respond quickly in an emergency
  • Automated password resets eliminate tickets, saving time, money and stress. 

BullPhish ID is the streamlined, user-friendly solution to every training challenge, including: 

  • Choose from lessons on phishing, ransomware, compliance, data handling, password security and more in 7 languages.
  • A frequently updated library of plug-and-play phishing simulation kits that can be scheduled to run automatically. 
  • Lots of options for customization and white labeling for everything from training content to access portals. 
  • Simple, clear reporting that enables everyone to clearly see employee progress and measure the value of training. 

Make sure that your clients have powerful protection from threats like ransomware with the ID Agent digital risk protection platform including award-winning solutions Dark Web ID, BullPhish ID and Passly. 

Contact one of our solutions experts today for a personalized demo and get started on your ransomware defense. 


90% of MSPs have had clients hit with a ransomware attack in the last 12 months. Help your clients build stronger defenses with the insight in Ransomware Exposed! DOWNLOAD NOW>>



Oct 21: Phish & Chips EMEA Special REGISTER NOW>>

Oct 21-22 Robin Robins Roadshow: Newark REGISTER NOW>>

Oct 27: Top 5 Ways to #BeCyberSmart (APAC) REGISTER NOW>>

Oct 27: Modern Cyber Risk Management REGISTER NOW>>

Oct 27-28: ASCII Success Summit: Orlando REGISTER NOW>>

Oct 28: Kaseya Trick or Treat REGISTER NOW>>

Oct 28-29: Robin Robins Road Show: Chicago REGISTER NOW>>

Nov 02-03:Robin Robins Road Show: Las Vegas REGISTER NOW>>

Nov 02-03: ASCII Success Summit: Washington DC REGISTER NOW>>

Nov 4: Cyber Risks and Threats in 2021 REGISTER NOW>>

Nov 06 – 10: 20th Annual TAG Convention REGISTER NOW>>

Dec 07: Connect IT Local: Atlanta REGISTER NOW>>

Dec 08-09: ASCII Success Summit: Anaheim REGISTER NOW>>

Dec 09: Connect IT M&A Symposium: Miami REGISTER NOW>>


Help your clients stay off of cybercriminal hooks with the expert tips and strategies that we share to combat phishing in our webinar The Phish Files. LISTEN NOW>>



Are You Ready to Face Fresh Ransomware Threats?


Ransomware incidents are regular newsmakers. But it’s not just the big dogs who are facing increased cyberattack danger from ransomware threats. Did you know that 50% of ransomware attacks last year were actually aimed at small and medium businesses?

We’ve all read and heard about the enormous sums that cybercriminals are asking for as ransoms in their various extortion schemes. But ransomware attacks are incredibly expensive without even considering the ransom. Companies impacted by ransomware lose an average of six working days, and an estimated 37% of companies experienced downtime that lasted one week or more. 

No business can afford to shutter for a week. But many small and medium businesses are facing tough budget decisions this year, putting the squeeze on every department, including IT, and that can make it hard to shake out the cash to invest in new solutions. You need to find the right solutions, the kind that offers you strong protection against ransomware and a great value.

That’s not as hard as you may think. Protecting your business from ransomware threats starts with protecting your business from phishing attacks. Security awareness training that includes phishing resistance using a solution like BullPhish ID will help your business build cyber resilience, enabling it to resist more cyberattacks and keep on moving in adverse conditions.


ID Agent Partners: Feel free to re-use this blog post (in part or in its entirety) for your own social media and marketing efforts. Please send an email to [email protected] to let us know – we love to hear about how our content works for you!




We’d love to hear your story of security success with ID Agent. Contact our marketing/pr team to set up a meeting with our staff to tell the world about your experiences in our next case study! To learn more about how the ID Agent Digital Risk Protection Platform can secure your prosperity, book a personalized demo today.