Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
The Canadian Nurses Association (CNA) has acknowledged a data breach after a hacker group released their information. CNA, representing nearly 500,000 nurses across Canada, disclosed that on April 3, it experienced a security incident affecting certain systems but not its overall operations.
They swiftly initiated an investigation, enlisted third-party experts, and informed law enforcement as a precautionary measure.
We have since completed our investigation into the incident and any members impacted by this incident are being notified accordingly. We are engaging with our members and working closely with our industry-leading partners to implement enhanced security measures to protect our systems, and to prevent this type of incident in the future.
CNA’s Announcement (Source)
Snatch and Nokoyawa Claimed Responsibility for the Attack
In May, two different ransomware groups, Snatch and Nokoyawa, initially claimed responsibility for the attack. However, on September 1, the Snatch group, which transitioned to data exfiltration and extortion without ransomware, said it leaked 37 GB of CNA’s data.
There has been some confusion surrounding the group’s identity, with a Telegram channel bearing the same name appearing in July.
In an interview, the group clarified that they did not employ ransomware during the CNA attack but provided conflicting information regarding their affiliation with the ransomware group.
Although they later stated that they were distinct from the ransomware gang with the same name, it was noted that both groups used the same URL for their data leak sites.
South Africa’s Defense Department, Also on Snatch’s List
Additionally, Snatch claimed responsibility for an attack on South Africa’s defense department, disclosing sensitive documents related to the country’s military and senior leaders.
Despite several requests for comment, government spokespeople previously denied the hack but later confirmed an investigation into the incident.
The South African National Defense Force stated that their systems were not hacked and suggested that the breach was the result of criminal syndicates operating in cyberspace, aided by leaked information from the department.
They reiterated their commitment to safeguarding classified information and ensuring the security of state data. However, Snatch has claimed responsibility for stealing a significant amount of data, explains The Record, and some of the leaked information has been verified by various news outlets.
Measures Against Ransomware
To protect against ransomware, enterprises can take the following measures:
- Monitor the network for large-scale data exfiltration attempts.
- Implement DNS filtering to prevent communication with C&C servers and data exfiltration.
- Never, ever skip a patch. Automated patch management is the best option for businesses with hundreds of endpoints to secure.
- To prevent unauthorized encryption attempts, implement an anti-ransomware encryption solution.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube, for more cybersecurity news and topics.
Madalina, a seasoned digital content creator at Heimdal®, blends her passion for cybersecurity with an 8-year background in PR & CSR consultancy. Skilled in making complex cyber topics accessible, she bridges the gap between cyber experts and the wider audience with finesse.
