(416) 825-2120
info@veiliant.com
Free IT Assessment
  • About
  • Services
    • Fully Managed IT
    • Cloud Services
    • Software Development
    • Business Continuity
    • Cyber Security
    • Professional IT Consulting
  • Our Team
  • Blog
  • Contact
Remote Support

Canadian Nurses Association Hit by Cyber Attack

Posted on 31 May at 7:39 am

The Canadian Nurses Association says it has suffered a cybersecurity incident, but isn’t commenting on a report that the attack was ransomware.

“We can confirm having experienced an IT security incident on April 3, 2023 which impacted some of our systems,” Alexandre Bourassa, the association’s public affairs lead, said in an email to IT World Canada. “The incident did not impact our operations.”

He was responding to a query about  a tweet on Sunday by Brett Callow, British Columbia-based threat analyst for Emsisoft, who said the Snatch ransomware gang now lists the CNA as a victim. Bourassa was told about the tweet but didn’t directly answer whether the attack was ransomware.

The CNA represents 460,000 nurses in all categories — registered, nurse practitioners, licensed and registered practical nurses, and registered psychiatric nurses — across the country. Provincial and territorial nurses’ associations represent members in negotiations with their respective governments.

According to researchers at Sophos, the Snatch malware reboots an infected Windows computer into Safe Mode, where most security software doesn’t run. Then it encrypts the victims’ hard drives. Sophos believes the Snatch gang has been operating since 2018.

At the time of the 2019 Sophos report, the gang commonly penetrated enterprise networks by automated brute-force attacks against vulnerable, exposed services such as Windows RDP (remote desktop protocol). In one incident Sophos investigated, the attackers initially accessed the company’s internal network by brute-forcing the password to an administrator’s account on a Microsoft Azure server, then logged into the server using RDP.

The attackers installed surveillance software on about 200 machines, or roughly five per cent of the organization’s computers, Sophos found. After that, the attackers installed several malware executables, one of which appeared to be designed to give the attackers remote access to the machines without having to rely on the compromised Azure server. The attackers also installed a free Windows utility called Advanced Port Scanner to discover additional machines on the network they could target.

According to an April report by researchers at Gridinsoft, a Ukrainian antimalware provider, those behind Snatch usually don’t steal data before encrypting it.

Besides disabling the third-party antivirus software, the report says Snatch ransomware also suspends Windows Defender in a well-known way – through editing the Group Policies. To prevent any recovery attempts, it also removes the Volume Shadow Copies and the backups which were created with basic Windows functionality. This, the report notes, is a common ransomware tactic.

In his response to IT World Canada, Alexandre Bourassa of the CAN said the association immediately launched an investigation and hired leading third-party experts for assistance efforts. “As a precautionary measure,” he added, “we notified the appropriate law enforcement authorities. We are unable to provide further details while this investigation is ongoing.

“We are working closely with our industry-leading partners to implement enhanced security measures to protect our systems, and to prevent this type of incident in the future.”

Previous Post
QBot Malware Abuses Windows WordPad EXE to Infect Devices
Next Post
Microsoft 365 Phishing Attacks Use Encrypted RPMSG Messages

Recent Posts

  • Google Extends Security Update Support for Chromebooks to 10 Years September 17, 2023
  • MGM Casino’s ESXi Servers Allegedly Encrypted in Ransomware Attack September 16, 2023
  • Caesars Entertainment Confirms Ransom Payment, Customer Data Theft September 15, 2023
  • Fake Cisco Webex Google Ads Abuse Tracking Templates to Push Malware September 14, 2023
  • Microsoft Teams Down: Ongoing Outage Behind Message Failures, Delays September 13, 2023

Categories

  • Cybersecurity (198)
  • Machine Learning (1)
  • News (115)
  • Robotic Process Automation (4)

Partners and Affiliates

Manufacturers matter. We partner with industry leaders that focus on business technology solutions. Let us help you find the right fit for your organization. Our partners offer great support, education, and benefits that we pass down to our clients.

 

About Us

Veiliant Inc. is a Managed Service Provider that offers many flexible services. We strive to meet the growing demand for computer support services needed for business success.

Veiliant has a proactive approach to help create innovative solutions devised  with your business goals in mind.

Our Services

  • Fully Managed IT
  • Cloud Services
  • Software Development
  • Business Continuity
  • Professional IT Consulting
  • Cyber Security

Related Links

  • FAQ
  • Privacy Policy

Contact Information

5155 Spectrum Way, Unit 1, Mississauga, ON, L4W 5A1
(416) 825-2120

Customer Support

  • Remote Support
  • Free IT Assessment

© 2023 Veiliant Inc. All rights reserved.