A database on a third party computer server comprised of over 19.5 million Californians voter records was exposed to the public internet before being held for ransom by hackers.
The information, which was obtained from the state for reporting purposes by Newspaper organization, the Sacramento Bee, exposed includes voter’s names, addresses, birth dates, and political affiliation. While this does not constitute as PII by the state, this information is more than enough to aid cybercriminals in convincing phishing campaigns.
The Bee was storing the data in a MongoDB database that was left crucially exposed for a fortnight after a vendor performed routine maintenance and the firewall did not come back online. Simple as that. Hackers spotted the error, encrypted the data, and demanded a Bitcoin payment to unlock it.
The Bee ended up deleting the encrypted data instead of paying the ransom demand.
Even worse, a different database containing names, home addresses, email addresses, and phone numbers of 52,873 Sacramento Bee subscribers was compromised exactly the same way.
The Bee learned of the incident on January 29 when a developer noticed that a database wouldn’t upload properly to a server maintained by a third party hosting service. The developer then found a note from a hacker demanding a Bitcoin ransom payment in exchange for the data.
Unfortunately, this isn’t the first time California voters have had their vote details held for ransom. Security firm Kromtech reported a similar incident back in December 2017, but hackers in that scenario stole the database and left a ransom note in its place.
Ransomware attacks will continue to escalate if organizations disregard basic security rules and operate with misconfigured Mongo DBs and AWS S3 buckets.
Help is at Hand: The NNT Ransomware Mitigation Kit
NNT, in conjunction with The Center for Internet Security (CIS), provides a comprehensive suite of system hardening templates based on absolute best practices.
These can be leveraged to ensure all of your systems (workstations included) retain the most appropriate checks designed to harden your environment and protect from Ransomware.
NNT’s is an accredited CIS member and as such we are able to automate and control the provision of all relevant hardening standards including your Microsoft Applications. Within minutes, a full vulnerability assessment can be performed against your user workstation platforms and the applications being used. Full remediation guidance is provided to make corrective action a straightforward task.
NNT can also provide a Ransomware Mitigation Kit, comprising the necessary automated vulnerability checks and also the Group Policy/Puppet templates to automatically fix any weaknesses identified.
Best of all, these layers of defense against RansomWare are also backed up with the fastest-available, real-time system integrity and change control detection technology to further ensure that, if the unthinkable happens and you do fall victim to an attack, any suspicious changes or activity is immediately brought to your attention before major damage can be perpetrated.
Read this article on InfoSecurity Magazine