[BreachExchange] Still No Solution: Ransomware Attack Against Wolverine Solutions Group

Destry Winant destry at riskbasedsecurity.com
Tue Apr 2 09:22:12 EDT 2019


https://hackercombat.com/still-no-solution-ransomware-attack-against-wolverine-solutions-group/

Dana Nessel, the Michigan Atty. General has issued a warning to
residents that 600,000 residents of Michigan needs to monitor their
bank accounts due to the Wolverine Solution Group’s possible data
breach due to ransomware infection that occured last Sep 2018. The
official is highly recommending people who received a notification
letter confirming that their personally identifiable information was
included in the data breached to sign-up for monitoring services to
further safeguard themselves from possible identity theft.

“Data breaches can be devastating to the affected individuals. It’s
important this office provide affected customers with any and all
available resources to help limit the effects of this – or any –
breach. And today, we’re doing just that,” explained Nessel.

The warning has been seconded by Anita Fox, Director of the Department
of Insurance and Financial Services (DIFS). “Wolverine is offering two
levels of identity protection to individuals affected by the breach.
If you receive a letter from the company, we urge you to read it
carefully and consider enrolling in the free credit monitoring
service,” added Fox.

An official notice of breach has been released by Wolverine Solution
Group, which details the events of the breach, with their latest
updated dated Feb 27, 2019. The company was infected by a malicious
ransomware, which they fought hard against, resisting paying for the
ransom.

“A team of forensic experts arrived on October 3, 2018 to begin the
decryption and restoration process. All impacted files needed to be
carefully “cleaned” of any virus remnants prior to their review by
forensic investigators. Most critical programs requiring decryption
were restored by October 25, 2018, and WSG’s critical operations were
running by November 5, 2018. However, the forensic team continued its
decryption efforts on the impacted files to determine the type of
information that was affected, the identities of our Healthcare
Clients, and the specific individuals involved,” explained in their
official blog.

The forensic investigation continued until early February, to a point
that the company discovered the names of the affected Healthcare
institutions where the data belonged to prior to the infection.
Wolverine Solutions Group claims that all people that had their data
encrypted were already accounted for, and they should have received a
formal letter from them informing about the incident.

“WSG is taking steps to guard against identity theft or fraud. We
arranged for affected individuals to have AllClear ID protect their
identity. The following identity protection services start on the date
of the individual receiving a notice letter and can be used at any
time during the next 12 months. AllClear Identity Repair: This service
is automatically available to you with no enrollment required. If a
problem arises, simply call 855-861-4034 and a dedicated investigator
will help recover financial losses and restore your credit. And
AllClear Fraud Alerts with Credit Monitoring: This service offers the
ability to set, renew, and remove 90-day fraud alerts on your credit
file to help protect you from credit fraud. In addition, it provides
credit monitoring services, a once annual credit score and credit
report, and a $1 million identity theft insurance policy,” concluded
Wolverine Solutions Group


More information about the BreachExchange mailing list