The notorious Royal Ransomware group has claimed the Lake Dallas Independent School District and the Clarke County Hospital, US, as victims. The Lake Dallas District cyber attack and the Clarke County Hospital cyber attack are the latest instances to join the long list of cyber attacks on public services.
The threat actor posted on their dark web forum, revealing that they had obtained gigabytes of personal information belonging to the students and staff of the school district.
They also claimed to have an array of passport information and hundreds of Social Security numbers which they plan to make available on Monday.
The Lake Dallas District Cyber Attack has put the personally identifiable information of students in one high school, one middle school, and three elementary schools at risk. Clarke County Hospital cyber attack has given the Royal ransomware group access to the details of about 120 employees and hundreds of patients.
Cyber attacks on public services have always been a preference for ransomware gangs, indicate our reporting over the past 12 months.
While there was no justification for the Clarke County Hospital cyber attack, the Royal Ransomware group pointed out the school district’s allegedly non-progressive cybersecurity measures as a reason for the Lake Dallas District cyber attack.
The Royal Ransomware group has also posted a statement on their dark web forum praising the district’s vibrant student population and an excellent array of programs but warning that the personal information of its staff and students should not be taken lightly.
The Cyber Express team has contacted the affected organizations for confirmation of the attack. However, at the time of publishing, a response has not been received from either the Lake Dallas Independent School District or the Clarke County Hospital.
Clarke County Hospital Cyber Attack: Cyber attacks on public services (Healthcare)
“When cyber criminals hit public bodies such as local authorities, town halls, this leads to data loss, costs in terms of restoring systems, costs related to the inactivity of staff who cannot continue their work and are out of work, etc,” said an assessment report by cybersecurity company Tehtris.
“All this is detrimental not only to the community itself but also to the administrations, regions and users.”
According to Check Point Research (CPR)’s assessment on the cyber attacks on public services, healthcare organizations faced 1,426 attacks per week in 2022, making them a common target for cybercriminals.
This marks a 60% increase from the previous year, and many of the year’s largest attacks were aimed at healthcare organizations.
The cost of a data breach for healthcare organizations has grown by 42% over the past two years, leading to high costs for the affected organizations. Healthcare continues to have the highest data breach cost among all industries, with an average of $10.10 million per incident, according to the Cost of a Data Breach Report.
While other critical infrastructure sectors experience these types of attacks, the nature of the healthcare industry’s mission poses unique challenges. For healthcare, cyber-attacks can have ramifications beyond financial loss and breach of privacy,” reported the Center for Internet Security.
Ransomware, for example, is a particularly egregious form of malware for hospitals, as the loss of patient data can put lives at risk.
Ransomware is a significant and expensive threat to healthcare organizations, with 1 out of every 42 healthcare organizations falling victim to a ransomware attack in the third quarter of 2022, said the Check Point Research report.
Easier entry and larger databases make cyber attacks on public services lucrative. The scale ramps up when it comes to civic bodies.
Lake Dallas District Cyber Attack: Cyber attacks on public services (School district)
Over the past 12 months, The Cyber Express has reported a significant rise in ransomware attacks on civic bodies. Common use of popular software and cloud services exacerbate the chances of cyber attacks on public services.
Take the case of the City of Toronto. It joined the long list of Clop ransomware’s victims including Hitachi Energy, Onex, Saks Fifth Avenue, and Rubrik. All of these attacks were executed by exploiting a zero-day vulnerability, CVE-2023-0669 — Fortra GoAnywhere MFT RCE Vulnerability.
The City of Toronto discovered the unauthorized access to its systems via a third-party vendor on March 20. The unauthorized access was limited to files that could not be processed through the vendor’s file transfer system, according to a city spokesperson.
The Clop ransomware group claimed to have accessed the systems of over 130 organizations through GoAnywhere, a provider of secure file transfer services. They exploited the vulnerability to move laterally through the network and launch ransomware attacks that encrypted data. The ransomware was also used to steal data from GoAnywhere MFT servers.