Please fill in the form below to subscribe to our blog

The Week in Breach News: 10/27/21 – 11/02/21

November 03, 2021

Ransomware sours operations at dairy powerhouse Schreiber Foods, jeweler to the stars Graff is in the wrong kind of spotlight, an old gang with a new name hits the NRA, trouble at the Toronto Transit Commission and a look at the 9 biggest threats from ENISA’s Threat Landscape (ETL) report.

Learn how to defeat terrifying cybersecurity monsters to keep systems & data safe in a dark world! READ IT IF YOU DARE!>>

The National Rifle Association (NRA)

Exploit: Ransomware

National Rifle Association: Gun Rights Activist Group

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.417= Severe

Guess who’s back? Cybersecurity researchers believe that the notorious Evil Corp has rebranded itself as Grief, the group that has claimed responsibility for a probable ransomware attack at The National Rifle Association (NRA). Grief posted 13 files to its news website last Wednesday after they claimed to have hacked the NRA. The gang is threatening to release more of the files if they’re not paid, but no ransom demand was specified. NBC News reported that the files it saw were related to grants. The samples provided by the gang include blank grant proposal forms, a list of recent grant recipients, an email to a recent grant winner earlier this month, a W-9 form and the minutes from a September 24th NRA teleconference meeting.

Individual Impact: No consumer PII or financial data loss was disclosed in this breach as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business: Ransomware can be used to steal and publicize sensitive information that a company doesn’t want exposed.

ID Agent to the Rescue: Learn more about how ransomware is evolving, what we predict that you’ll see next and how to protect your clients in Ransomware Exposed. GET THIS EBOOK>> 


Exploit: Ransomware

PracticeMax: Medical Practice Management Services 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.822=Severe

A ransomware attack on medical practice management services firm PracticeMax may have exposed Protected Health Information. The company notified members of Village Health that they may have been impacted by a cyberattack in April and May of 2021. VillageHealth is a care coordination program for patients with chronic conditions run by DaVita Inc. and offered through health plans including Anthem and Humana. PracticeMax indicates the breach affected more than 4,400 of its members in legal filings, but a company statement warns that they cannot say for sure that any data was actually accessed or stolen. 

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.703=Severe

In breach notification letters being sent on behalf of DaVita, Humana and Anthem, PracticeMax says the incident affected PHI including members’ first and last name, date of birth, address, phone number, Social Security Number, member ID number and clinical data pertaining to services received through the VillageHealth program. 

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business Service providers that handle a lot of valuable data have been favored targets of ransomware groups looking to profit in the booming data markets.

ID Agent to the Rescue: Building cyber resilience helps insulate organizations from trouble like this. Learn more about why cyber resilience is the ticket to a safer future for your clients. GET THIS EBOOK>> 

United States – Schreiber Foods

Exploit: Ransomware

Schreiber Foods: Dairy Processor

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.442=Extreme

Wisconsin-based dairy powerhouse Schreiber Foods said its plants and distribution centers are back up and running after a ransomware attack ground operations to a halt over the weekend. The company announced that a “cyber event” had disrupted operations at its processing and distribution centers after critical systems were knocked or taken offline. Schreiber uses a variety of digital systems and computers to manage milk processing, so this event impacted the entire dairy supply chain in the US. This is the latest incident in a string of massive production-impacting cyberattacks against agricultural sector targets. The company is the largest milk processor in Wisconsin, and it has reportedly been hit with a $2.5 million ransom demand.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How It Could Affect Your Customers’ Business In September, the FBI released a notice warning companies in the food and agriculture sectors to watch out for ransomware attacks aiming to disrupt supply chains.

ID Agent to the Rescue:  See how to transform every employee into a security asset to become the real secret weapon that successful organizations deploy to fight cybercrime like ransomware! WATCH NOW>>

us government hack by suspected russsian cybercriminals represented by a hacker in a hoodie in silhouette against a russioan flag created in binary code

Go inside the world of hackers and see how it really works with these true tales of cybercrime undercover operations! WATCH NOW>>

Canada – Toronto Transit Commission (TTC)

Exploit: Hacking

Toronto Transit Commission (TTC): Government Entity 

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.615= Severe

The Toronto Transit Commission was the victim of a ransomware attack that it says began last Thursday night and expanded on Friday. Officials were quick to assure the public that the attack has not caused any significant disruption to transit service and the public and employees are not at risk. They specified that transit vehicles are continuing to service their routes, but apps and computer displays of route information are being affected. There’s no word on when those functions will be restored.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cyberattacks on infrastructure targets are common, and that means that organizations that run and serve them need to step up their security game.

ID Agent to the Rescue: Gamify cybersecurity and information safety to make it interesting. Our Security Awareness Champion’s Guide helps explain complex risks in a fun way! DOWNLOAD IT>>

Dive into how to reduce your client’s risk of phishing fast with the tips in The Phish Files. DOWNLOAD NOW>>

United Kingdom – Graff

Exploit: Ransomware

Graff: Jeweler

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.512= Severe

The Conti ransomware gang made headlines again with a successful ransomware attack against high-society jeweler Graff. The company counts clients like Donald Trump, David Beckham, Oprah Winfrey and other major-league clientele. Graff operates at the top end of the diamond jewelry market, with more than 60 retail stores worldwide. Reports say that the Conti group has already posted 69,000 confidential documents on its dark web leak site including client lists, contact data and other proprietary information. Ransom demands are reported to be in the millions of pounds.

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Firms like Graff not only have records on deep-pocketed clients, they also have records on transactions that those clients may want to have kept quiet.

ID Agent to the Rescue Over 80% of organizations felt the sting of cybercrime in 2020. See what cybercriminals are shopping for to better predict what will happen next in The Global Year in Breach 2021. READ IT>>

Poland – C.R.E.A.M. Finance 

Exploit: Cryptojacking (Misconfiguration)

C.R.E.A.M. Finance: Decentralized Lending Platform 

cybersecurity news gauge indicating extreme risk

Risk to Business: 1.595 = Extreme

For the third time this year, cybercriminals have hit lending platform C.R.E.A.M. Finance, stealing cryptocurrency. This time, thieves made off with $130 million worth of cryptocurrency assets. According to the experts, the attackers have likely exploited a vulnerability in the platform’s flash loan feature, then transferred the stolen funds to a wallet under their control before splitting them through other wallets.  This is the third successful heist from the platform this year. Crooks jacked $29 million in August 2021 and $37 million in February 2021. 

Individual Impact: No consumer PII or financial data exposure was disclosed in this incident as of press time.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Cybercriminals are always hungry for cash and crypto is the currency that they prefer, so stealing it will continue to be a popular option.

ID Agent to the Rescue That email looks legit, right? Cybersecurity horrors lurk around every corner, lying in wait for unwary organizations. Learn how to defeat them in our new eBook Monsters of Cybersecurity. DOWNLOAD IT NOW>>

Our partners typically realize ROI in 30 days or less. See why nearly 4,000 MSPs in 30 countries choose to grow with ID AGENT solutions and support. BECOME A PARTNER>>

Thailand – Centara Hotels & Resorts

Exploit: Ransomware

Centara Hotels & Resorts: Hotel Chain

cybersecurity news represented by agauge showing severe risk

Risk to Business: 1.637 = Severe

The Desorden ransomware group claims to have stolen over 400GB of files and databases containing information belonging to millions of hotel guests of Thailand’s Centara Hotels & Resorts. The hotel chain is part of Central Group, a conglomerate that also includes the Central Restaurants Group, which it hacked earlier this month. The hackers made it clear that this attack was in retaliation for the Central Group’s refusal to pay the ransom for the first attack after negotiating and promising payment. That incident would have provided a ransom payment of $900,000 before Central Group backed out of the deal on Tuesday, spurring the second attack.

cybersecurity news represented by agauge showing severe risk

Individual Risk: 1.818 = Severe

The company admitted that attackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. Whether or not passport data was included was not specified but it is commonly requested. The theft is said to have affected guests who stayed at the hotel chain between 2003 and 2021, including any guests that made advanced bookings up to December 2021.

Customers Impacted: Unknown

How it Could Affect Your Customers’ Business Big pools of information are catnip to ransomware gangs, especially highly desirable PII or credit card data.

ID Agent to the Rescue Keep your clients away from sticky situations like this with the tips, insight and threat knowledge that you’ll gain from our eBook Ransomware 101. DOWNLOAD IT>>

remote workers pose a cryptocurrency risk

Solve five of the most exhausting remote and hybrid security problems fast with this handy infographic! DOWNLOAD IT>>

1 – 1.5 = Extreme Risk

1.51 – 2.49 = Severe Risk

2.5 – 3 = Moderate Risk

Risk scores for The Week in Breach are calculated using a formula that considers a wide range of factors related to the assessed breach.

Learn to defend castles from cybercriminal invaders in our How to Build Your Cybersecurity Fortress webinar! WATCH NOW>>

Go Inside the Ink to Get the Inside Scoop on Cybercrime

Are you up to date on the latest news that can impact your business and your customers? Here’s a recap:

Kaseya Patch Tuesday: Patch notes & bug fixes for October 2021 are available: SEE PATCH INFO>> 

Risk Reduction is the Name of the Game & These Resources Can Help

New Webinar: Modern Cyber Risk Management

Watch Kirsten Bay, CEO of Cysurance, and Amelia Paro of ID Agent, hold a frank conversation about:

  • The myths around cyber insurance policies
  • The realities of today’s threat landscape
  • The critical role both cyber insurance and cybersecurity play in the survival of all businesses


Digital Risk Reduction Checklists

The Cybersecurity Monster Hunter’s Checklist – Don’t leave an opening for evil cybercriminals to slip through! DOWNLOAD IT>>

Cybersecurity Risk Protection Checklist – Make sure your customers are dotting the “i’s” and crossing the “t’s”! DOWNLOAD IT>>

Did You Miss…?  See what’s next at ID Agent in our Quarterly Product Update! WATCH NOW>>

Protection from cybercrime danger is easy when you deploy your secret weapon: security-savvy employees! WATCH WEBINAR>>

a network of business communications represented by icons like an envelope, a box, pair of headphones, etc in blue connected with white lines to a red icon of a hacker in a fedora.

ENISA Threat Landscape Report Outlines the Biggest Threats of 2021

These 9 Threats Pose the Biggest Danger to Your Customers

We’re getting deep into the season of year-end wrap-ups and a powerhouse new entry has just landed. The 9th edition of the ENISA Threat Landscape (ETL) report lays out the findings of their experts and observers after analyzing what they saw in 2021 – and it was definitely a wild ride. To no one’s surprise, the last 12 months have featured a chaotic threat atmosphere that left IT professionals exhausted and new cybercrime threats surging.

dark web economy represented by the words dark web in white on a black background blurred like a faint tv transmission

Are you ready to take back control of cyberattack risk from the villains on the dark web? This webinar shows you where to start. WATCH NOW>>

Prime Threats Have Shifted  

In a release announcing the debut of the ETL report last week, experts stated that “Ransomware ranks as a prime threat for the reporting period”. EU Agency for Cybersecurity Executive Director Juhan Lepassaar said in the statement that “Given the prominence of ransomware, having the right threat intelligence at hand will help the whole cybersecurity community to develop the techniques needed to best prevent and respond to such type of attacks. Such an approach can only rally around the necessity now emphasised by the European Council conclusions to reinforce the fight against cybercrime and ransomware more specifically.” 

The report also listed the nine most prominent threat groups that ENISA researchers cataloged in this reporting period, and there were few surprises. The chart was studded with stalwarts but there was significant movement in just where the major players landed. Ransomware took top place charging up from its thirteenth-place finish in 2020, followed by its progenitor malware which clocked in at number one in 2020 and number two this year. Cryptojacking also made a power move this year landing in third place, up from fifteenth in 2020. 

The 9 Top Threats 

  1. Ransomware 
  2. Malware 
  3. Cryptojacking 
  4. Email related threats 
  5. Threats against data 
  6. Threats against availability and integrity 
  7. Disinformation – misinformation 
  8. Non-malicious threats 
  9. Supply-chain attacks 

There were some newcomers on the list that are familiar foes, like new phishing variants. The brand-new category of disinformation-misinformation made its debut at number seven. That subject has been in the news a great deal over the course of the pandemic as cybercriminals exploited people’s worries with a record number of phishing emails and a spree of government and branded message spoofing. Disinformation/misinformation-related phishing is making the rounds again, spurred on by the circulation of dangerous fake medical information about the COVID-19 vaccine.  

Non-malicious threats and supply chain attacks also joined the fray in 2021 as top threats eight and nine respectively. Researchers pointed out the risk and sloppy security behaviors that many organizations faced from the sudden shift to remote work, noting that “in 2020 and 2021, we observe a spike in non-malicious incidents, as the COVID-19 pandemic became a multiplier for human errors and system misconfigurations, up to the point that most of the breaches in 2020 were caused by errors.” 

Several threats dropped from the list this year, although some appear to have been compressed into new categories. Web-based attacks, web application attacks, DDoS, identity theft, botnets, physical manipulation and cyberespionage are gone from the list even if they’re not quite gone from the IT threat landscape around the world.  It looks like a number of email-related threats were combined into one category and the same occurred with an assortment of threats to data

Are you ready to slay the Monsters of Cybersecurity? This checklist tells you what you’ll need to succeed! GET CHECKLIST>>

Ransomware is the King of the Castle 

Ransomware has been the top story in cybersecurity for the last few years as cybercriminals expand their efforts to land attacks against manufacturers, school districts, infrastructure, governments and a host of other targets. Consequentially, IT security professionals have been struggling to stay a step ahead (or sometimes just keep up) with the relentless pace of attacks. A new report highlights the challenges that security teams and businesses face today with ransomware, and experts say that it will probably get worse before it gets better. 

The report details the impact and activity of several different ransomware gangs, creating a clearer image of the big picture when it comes to ransomware in 2021. Researchers noted that the two biggest dogs in the ransomware landscape were Conti and REvil, noting that those ransomware groups dominated the market from a financial point of view as well as the total volume of infections that they studied.  Both groups have been pioneers in the fast-growing ransomware-as-a-service (RaaS) economy. As has become the standard practice, these groups created platforms through which their affiliates can efficiently orchestrate attacks and deliver profitable results. RaaS-type business models for ransomware organizations dominate the market in 2021. One side effect of that surge was to muddy the waters for researchers attempting to nail down the attribution of attacks to specific threat actors. 

We’re invested in your success! Learn about best-in-class marketing & sales support from Kaseya Powered Services. WATCH NOW>>

Cybercrminal Aren’t Picky About Ransom Amounts

Researchers also confirmed something that has been clear all year long: multiple extortion schemes are in vogue, and all of the successful ransomware gangs are doing it. The ETL report declared that multiple extortion schemes greatly increased during 2021. That style of attack was defined as “After initially stealing and encrypting sensitive data from organisations and threatening to release it publicly unless a payment is made, attackers also target the organisations’ customers and/or partners for ransom to maximise their profits”. Double extortion ransomware, the most popular type, was used in more than 50% of all ransomware attacks in 2020.   

That’s one reason why the average ransom amount doubled over the last year. A recent Tripwire report declared that the average ransom paid by organizations has increased by 82% over the already huge demands logged in 2020. The average demand is now a record $570,000 (£414,000), compared with just $170,000 (£123,000) in 2020. A recent record-breaking ransomware demand against Acer reportedly hit $50 million.  ENISA researchers agreed that ransoms have skyrocketed, observing that over just a few months of their tracking, the highest demand made in 2020 more than doubled in 2021. 

However, not everyone is swinging for the fences. Small ransoms are still popular with cybercriminals who will generally take anything that they can get. ENISA researchers pointed to two reasons why small ransoms haven’t gone out of style: they tend to be paid more easily and result in less public exposure for the threat actor. Public exposure has become a much greater concern for ransomware organizations, as illustrated by the epic falls of DarkSide and REvil after making headlines in major ransomware incidents. More incidents are also being reported, with a steady increase in ransomware incidents being reported throughout 2020 and a sharp increase in reports occurring in May and June 2021. 

dark web danger represented by a shadowy hacker using a hook to steal a password from a square flating over a laptop with other warnings in an animated style

What risk will you face next? Get a look at what to expect in The Global Year in Breach 2021. DOWNLOAD NOW>>

Ransomware Threat Breakdowns

A breakdown of the most successful gangs in 2021 showed that there’s a broad playing field even if a few outfits were dominant. Based on their own crowdsourced ransomware payment data, ENISA declared that the ransomware groups with the most financial gains in 2021 are: 

  • Conti ($12.7 million)  
  • REvil/Sodinokibi ($12 Million)  
  • DarkSide ($4.6 Million) 
  • MountLocker ($4.2 Million) 
  • Blackmatter ($4.0 Million)  
  • Egregor ($3.1 Million) 

 The ransomware groups with the most market share in 2021 Q1 are:  

  • REvil/Sodinokibi (14.2%),  
  • Conti V2 (10.2%),  
  • Lockbit (7.5%),  
  • Clop (7.1%), and  
  • Egregor (5.3%).  

The top gangs by market share in Q2 2021 are: 

  • Sodinokibi (16.5%)  
  • Conti V2 (4.4%),  
  • Avaddon (5.4%)  
  • Mespinoza (4.9%)  
  • Hello Kitty (4.5%) 

When it comes to how organizations become entangled ransomware, ENISA showcased two vectors for ransomware infections and an uptick in new variations of ransomware attacks but no change in the currency of cybercrime noting that “Compromise through phishing e-mails and brute-forcing on Remote Desktop Protocol (RDP) services remain the two most common infection vectors. The occurrence of triple extortion schemes also increased strongly during 2021 and cryptocurrency remains the most common pay-out method for threat actors.” 

This is even stronger evidence that every MSP’s entire clientele is at risk of a ransomware disaster. Size and industry are no bar to risk – more than 50% of ransomware attacks in 2020 were against SMBs with less than 100 employees. Every business needs to put strong protections in place and increase its cyber resilience to fight back against ransomware and other cyberattack threats. Unfortunately, one in three small businesses with 50 or fewer employees rely on free or consumer-grade cybersecurity tools for all of their cyberattack defense. That creates a blizzard of risk for them – and a big opportunity for MSPs

security awareness training cuts costs represented by a bright blue-white digitized dollar bill on a red, white and navy background of computer code

Dive into a stream of new revenue with The Tools and Techniques for MSPs to Close More New Clients. WATCH NOW>>

Give Your Clients a Powerful Defense Against Ransomware 

It’s a dangerous world out there for businesses. Ransomware gangs are hungry for fresh revenue in an expanding market. Building a strong defense against ransomware is critical for every organization, and ID Agent can help.   

Passly packs essential protection that protects your systems and data from intrusion by cybercriminals with a stolen or phished password including single sign-on (SSO), multifactor authentication (MFA), automated password resets and simple remote management at an affordable price.    

BullPhish ID delivers a smooth, painless training experience for trainers and trainees alike. Trainers can run premade simulations or customize their content to reflect their unique industry threats, including video lessons. Then deliver it all through a personalized portal that makes it easy for everyone.     

Dark Web ID can help your clients discover employees who may be tempted to sell their access credentials on the dark web to get all that cash. Monitoring 24/7/365 and fast alerts help companies stay a step ahead of malicious insiders.    

Contact the solutions experts at ID Agent today to learn more about how the ID Agent digital risk protection platform can enable you to secure your business and your customers against ransomware threats.     

90% of MSPs have had clients hit with a ransomware attack in the last 12 months. Help your clients build stronger defenses with the insight in Ransomware Exposed! DOWNLOAD NOW>>

Nov 4: WEBINAR: Cyber Risks and Threats in 2021 with Rachel Wilson REGISTER NOW>>

Nov 06 – 10: 20th Annual TAG Convention REGISTER NOW>>

Nov 10: WEBINAR: The Darkest Web: IT Security and the Best Ways to Lose a War with Ben Hammersley REGISTER NOW>>

Nov 16: WEBINAR: Cybersecurity Jeopardy REGISTER NOW>>

Nov 17: WEBINAR: Nano Session #2: Start Selling and Delivering Security Awareness Training

Dec 07: Connect IT Local: Atlanta REGISTER NOW>>

Dec 08-09: ASCII Success Summit: Anaheim REGISTER NOW>>

Dec 09: Connect IT M&A Symposium: Miami REGISTER NOW>>

password reuse danger can sink unwary businesses with poor security awareness. A cartoon image on black shows a blue shield with a lock

See how to grow your business with a new revenue stream in the time it takes to drink a cup of coffee. LEARN MORE>>

Are You Prepared to Face Today’s Prime Threat?

The 9th edition of The ENISA Threat Landscape (ETL) report is out, and it lays out the findings of their experts and observers after analyzing what they saw in 2021 including the biggest threats that they see businesses facing today. 

To no one’s surprise, ransomware topped the list, climbing up from thirteenth place last year. It was followed by its progenitor malware, falling from the top spot down to number two and cryptojacking which climbed up to number three in 2021 from fifteenth place in 2020.  

What does this mean for your business? That building a strong defense against ransomware and mitigating your ransomware risk is more important than it’s ever been before to the continued success of your business – after all, 60% of businesses that are hit by a cyberattack shutter within a year.  

Your business isn’t immune to this danger. No business is too small to become the next victim of a ransomware attack – 50% of ransomware attacks in the last 12 months have hit SMBs, and 55% of those ransomware attacks have hit businesses with fewer than 100 employees. ENISA researchers cautioned that small ransoms are popular with cybercriminals because they can get paid without troublesome press coverage. 

Be sure that you’ve got the right defenses in place, including a security awareness program like BullPhish ID that helps you defend against ransomware and other cyberattacks to ensure that that your business is ready for whatever cyberthreats you may face in the future.

Do you have comments? Requests? News tips? Compliments? Complaints 9or compliments)? We love to hear from our readers! Send a message to the editor.

ID Agent Partners: Feel free to reuse this post (in part or in its entirety) When you get a chance, email [email protected] to let us know how our content works for you!

let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!