February 13 – unlucky for some
On February 13, Bell Ambulance (Wisconsin) notified employees that it had suffered a “cybersecurity event” on its systems. Fast forward to March 2, and Medusa is claiming the attack with a $400,000 ransom. The group alleged it had stolen 220 GB of data.
Interestingly, as we note in our February roundup, Medusa has been behind the most attacks on healthcare organizations recently (three out of seven confirmed attacks in February alone). Out of the three, Bell Ambulance got off ‘lightly’ when it came to its ransom as SimonMed Imaging (US) faced a $1 million ransom while the UK’s HCRG Care Group was hit with one of $2 million (and the potential theft of a whopping 2.3 TB of data).
Paving the way for hefty ransom demands
Talking of big ransom demands… This week, Santa Ana construction company System Pavers confirmed its systems were impacted in a cyber attack in September 2024 and started to notify people of a data breach.
Medusa had previously posted the company to its data leak site in October 2024, demanding $1 million for the stolen data.
Extra! Extra! Read all about it!
Remember the vague SEC filing from Lee Enterprises, which used any possible word but “ransomware” to describe its, erm, ransomware attack? Well, the final nail in the coffin came on February 27, when Qilin posted the company to its data leak site.
Qilin claims to have stolen 350 GB of data–something Lee Enterprises is investigating as we speak.
Don't let your weakest link lock you into a lasting legacy
As accounting firm Legacy Professionals, LLP began notifying 191,000 people of a data breach following an attack via LockBit, it not only highlights the need for better employee security training, but also the need to make difficult staffing choices.
In a recent post on /r/sysadmin, user festiveboat007 highlighted the danger of the "weakest link" employee:
"A user at our company failed a phishing test and replied to the email, " When I click the link it says "Oops you've clicked on a simulated phishing test" please resend the link". The title says it all, I wish I was joking. Also after checking the reports, the user had failed 10 out of the past 12 phishing tests.
Your company's cybersecurity posture is only as strong as your weakest link. Far too often, that weak link is an employee who just doesn't seem to get it. Sooner or later, that employee will be the victim of a phishing attempt that compromises your entire organization and costs you millions.
That begs the question: What do you do?
More training is an option. But if that employee doesn't seem to improve, you may need to take more drastic measure, such as removing their access to sensitive systems, disallowing them the use of company-owned computer equipment, or even firing them.
That last one may seem harsh, but it's also a harsh reality of maintaining adequate cybersecurity practices. One employee is all it takes to ruin your day (or month, or year, or century). Sending an employee packing for being a security threat feels bad, but it's also the most logical action you can take when you have a weak link.
Until next week. Let’s keep that zero-day count hardened at zero!