Ransomware Attack Hits DMV Contractor

Philip BaderCybersecurityLeave a Comment

Third-party contractors have often proven to be the weak link in an organization’s cybersecurity planning. If your business partners don’t take data security seriously, your own measures will ultimately be less effective. A recent report by IT services provider Datto found that among 1,400 managed service providers (MSPs) surveyed, 85% said ransomware was the most common threat facing small and medium-sized businesses.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has made third-party and managed service providers a key focus of its guidelines for protecting against ransomware attacks. CISA has also warned that advanced persistent threat actors have aggressively targeted MSPs in key sectors, including IT, healthcare, energy, manufacturing, and state and local government.

Such was the case last month when news broke that Seattle-based Automatic Funds Transfer Services (AFTS) had suffered a ransomware attack, since attributed to a group called Cuba Ransomware. AFTS provides payment processing and address verification services to cities and agencies in California and Washington state, including the Department of Motor Vehicles.

Millions of California Residents Affected

In a statement sent out on February 17, the California Department of Motor Vehicles said that as many as 38 million records could have been compromised in the attack on AFTS, which has provided contractor services since 2019. The statement added that all services to the DMV by AFTS had stopped and that law enforcement had immediately been notified. The breach could affect anyone who has registered a vehicle at the DMV in California within the last 20 months.

A follow-up report on the attack by Bleeping Computer found that several cities and other related agencies had also been affected by the AFTS ransomware attack. Cities in Washington including Kirkland, Lynnwood, Monroe, Redmond, and Seattle all issued notifications advising that personal information from utilities customers in those cities had been compromised. In addition, the Port of Everett and the Lakewood Water District in Washington each issued notifications of the potential breach of public information.

How the Breach Occurred

The Bleeping Computer report provided some specifics about that AFTS ransomware attack and the group identified as being responsible. The attack occurred on or around February 3, 2021, when cybercriminals known as Cuba Ransomware breached the company’s network, stealing network credentials and unencrypted files, and then deployed ransomware to encrypt all infected devices.

Cuba Ransomware, so named according to McAfee because its malware appends “.cuba” to all infected files, posted the stolen data for sale on a leak site. The group claimed on the leak site to have stolen “financial documents, correspondence with bank employees, account movements, balance sheets, and tax documents.” In the days following the announcement of the attack, the AFTS site was inaccessible because of “technical issues,” but it has since returned with a banner at the top announcing “Site undergoing renovations.”

Controlling Attack Vectors

Organizations can’t always control the cybersecurity practices of third-party vendors and their employees. But there are ways that risk can be mitigated. The Datto report found that the top three causes of successful ransomware attacks were phishing, lack of cybersecurity training, and weak passwords. Implementing changes in these areas can help prevent obvious avenues of attack.

Better cybersecurity training and improved digital hygiene practices are good first steps, but cybersecurity planning should not stop there. CISA recommends a multilayered approach that takes into consideration how your network is configured, who has access to critical data, and where your critical backup systems are located.

At SecureData, we take all these factors into consideration. Our comprehensive data security solutions begin with offline encrypted backup storage. Keeping business-critical data off your network can shield it from ransomware and malware attacks. Hardware-encrypted data storage devices, remote drive management and critical endpoint security via port-blocking software add critical layers of security against ransomware and other forms of malware infection.

For more than a decade, SecureData has driven innovation in encrypted data storage, remote management technology, and data recovery and digital forensics services. We provide cutting-edge solutions for protecting data from existing and emerging cybersecurity threats.

For a demonstration of our secure data storage products, or more information about creating an effective cybersecurity strategy, call one of our data security experts at 1-800-520-1677.