A Washington, D.C.-area event-management firm and a Canadian wireless technology provider are dealing with separate ransomware incidents — a reminder of a digital scourge that costs U.S. businesses many millions of dollars a year.
The incidents come as the Department of Homeland Security has undertaken a new initiative, backed by $25 million in additional funding, to combat a steady stream of ransomware attacks.
Ransomware attackers encrypted the systems of the events firm, Spargo Inc., on March 14, according to a notification sent by the Armed Forces Communications and Electronics Association (AFCEA), a Spargo client. Law enforcement personnel are investigating the incident, which may have exposed the phone numbers and physical and email addresses of some people who have attended AFCEA events, according to the notification.
AFCEA hosts popular government and industry events that U.S. military officers regularly attend. The ransomware incident does not appear to have involved more sensitive information such as financial data or Social Security numbers, according to AFCEA.
“As a result of the cyberattack, the majority of our servers and files were encrypted, and our backups were unusable,” Spargo said in a statement. “Utilizing a third-party investigation firm, we obtained a decryption key from the attackers and the decryption of our system is ongoing.”
Spargo, which boasts over $100 million in “exhibit and sponsorship” revenue annually, said that the Sodinokibi ransomware was involved in the incident. That strain of ransomware emerged in 2019 and featured in a days-long disruption of currency exchange Travelex beginning that December.
Separately, Sierra Wireless, which makes modems and other communications gear, said Tuesday that a ransomware attack had forced the firm to halt production at its manufacturing plants. The incident is causing Sierra Wireless to revise its financial outlook for the first quarter of 2021, the firm said in a statement. The breach appears to be limited to the firm’s internal systems, which Sierra Wireless said it was working to restore.
Sierra Wireless reported $87.6 million in revenue from connected “internet-of-things” devices in the fourth quarter of 2020.
Ransomware victims accounted for 2,747 complaints filed to the FBI’s cybercrime center in 2020, totaling $29.1 million in adjusted losses. But that is likely a fraction of the actual impact as some organizations don’t report ransomware incidents.
Brandon Wales, the acting head of DHS’s Cybersecurity and Infrastructure Security Agency, said Monday that the economics of ransomware still favor the attacker. “We have not cracked the code,” Wales said. “The ransomware problem has not gone away and we need new thinking on it.”
UPDATE, 04:07 p.m. EDT: This story has been updated with a statement from Spargo Inc.