On the morning of October 27, 2019, National Veterinary Associates (NVA) discovered that it had been attacked by ransomware. NVA immediately hired two outside security firms for investigation and remediation of this attack. Soon, the firms confirmed that NVA was attacked by Ryuk Ransomware. Ryuk ransomware is one of the most active ransomware strains nowadays.
The timing of the attack was perfect, threat actors waited for the organization to close to begin their attack. Because of the poor air quality caused by wildfires to the north, NVA’s headquarters in Los Angeles Country was closed on Friday, October 25, 2019. This long weekend was perfect for the threat actors to begin recon of the networks and then deploy the malware. Then, the Ryuk virus started to attack NVA on October 27, 2019, which is a Sunday. This virus infected around 400 locations of NVA.
According to the update sent to NVA hospitals on Nov.6:
“Because of the scale of the attack, the virus eventually found three smaller points of entry through accounts that were unaffiliated with NVA, but unfortunately opened within our network.”
National Veterinary Associates is a company based in California owning more than 700 veterinary hospitals and animal care facilities in the United States, Canada, Australia, and New Zealand. The ransomware attack happened at the end of October impacted on more than half of NVA’s properties as their patient records, payment systems, and practice management software are separated from many veterinary practices. It led to the unavailability of online bookings for pet owners and record access for some hospitals though, NVA’s hospitals are still open to animals in need of care.
According to the FBI Flash published in May, cybercriminals had hit more than 100 businesses around the globe with Ryuk ransomware since August 2018. By estimate, Ryuk ransomware has made over $3.7 million USD since its launch in August 2018. The cybercriminals using Ryuk pick their targets most likely according to not only these target’s high revenues and high profiles but also high possibilities that they will pay for keeping the business running.
Contact LIFARS Immediately if Your
Organization was Hit with a Data Breach
Credits:
https://krebsonsecurity.com/2019/11/ransomware-bites-400-veterinary-hospitals/
https://resources.infosecinstitute.com/what-you-should-know-about-ryuk-ransomware/#gref
