Rhode Island Experiences a Genuine Ransomware Attack, Disregarding the Use of Drones
Rhode Island Experiences a Genuine Ransomware Attack, Disregarding the Use of Drones
Update, Dec. 17, 2024: Originally published on Dec. 16, this story now includes a statement from a security expert discussing potential strategies used in the ransomware attack.
Disregard the ongoing fuss about supposed drone sightings, the State of Rhode Island has more significant security concerns, as confirmed by Governor McKee over the weekend. Here's what we know.
Rhode Island Ransomware Attack—What We Know So Far
A cyber breach has been acknowledged by Rhode Island's Governor, Dan McKee, which led to the temporary shutdown of the state's online social services portal, RIBridges, to deal with the ransomware threat.
No later than Dec. 14, Governor McKee issued a declaration stating that a "major security threat" was underway, as reported by Deloitte, RIBridges' system vendor. The probability for a cybercriminal to have gained access to personal data was high, according to Deloitte. A proactive response was ordered, allowing the State and Deloitte to work on addressing the threat and restoring system access as soon as possible.
Security updates will be provided by the State, while potential victims have been warned to remain cautious. The attack was initially detected on Dec. 5, with federal law enforcement and Rhode Island State Police being informed. After confirming the presence of malicious code on Dec. 13 and receiving directives to shut down RIBridges, Deloitte complied with the request.
Who Is Affected by the Rhode Island Ransomware Attack?
According to the Governor's statement, "individuals who have received or applied for health coverage and/or health and human services programs or benefits" may be impacted. This includes those with:
- Medicaid
- Supplemental Nutrition Assistance Program
- Temporary Assistance for Needy Families
- Child Care Assistance Program
- Health coverage purchased through HealthSource RI
- Rhode Island Works
- Long-Term Services and Supports
- General Public Assistance Program
What Data Has Been Compromised in the Rhode Island Ransomware Attack?
Although the severity of the data compromise won't be fully understood until the investigation concludes, the statement warned that personal data such as names, addresses, dates of birth, and Social Security numbers, in addition to banking information, may have been involved.
Affected Rhode Island households will receive a letter in the mail, containing instructions on how to access free credit monitoring services. A dedicated call center is now available from 9 a.m. to 9 p.m. EDT on 833-918-6603.
Meanwhile, users are advised to remain vigilant and monitor accounts for any unauthorized activity.
"This infiltration is from a sophisticated criminal organization that performs ransomware as a service," Jim Routh, former chief information security officer at AMEX and the current chief trust officer at cybersecurity company Saviynt, commented, "They exfiltrate data from core applications before encrypting it. They boost their chance of getting an extortion payment by leaking data from core systems publicly. These tactics are specially designed to push the victim enterprise to pay the ransom."
Despite the attention given to occasional drone sightings, the State of Rhode Island faces a more pressing infosecurity issue, as acknowledged by Governor McKee. This issue stemmed from a ransomware attack on Rhode Island's online social services portal, RIBridges, which resulted in a temporary shutdown.
Governor McKee issued a declaration on December 14, addressing a major security threat linked to the ransomware attack, with Deloitte, RIBridges' system vendor, confirming a high probability of cybercriminals gaining access to personal data. As a precautionary measure, the State and Deloitte worked to address the threat and restore system access promptly.
In response to the infosecurity event, Rhode Island households potentially affected by the data breach, which may include names, addresses, dates of birth, Social Security numbers, and banking information, will receive instructions for free credit monitoring services. It is crucial for affected individuals to stay vigilant and monitor their accounts for any unauthorized activity.