[BreachExchange] Canadian Internet Registration Authority Hit with Ransomware Attack on Car Parking System

Destry Winant destry at riskbasedsecurity.com
Tue Apr 2 09:24:59 EDT 2019


https://gbhackers.com/cira-hit-ransomware-attack-on-car-packing-system/

Canadian Internet Registration Authority (CIRA) car parking system
hacked and infected with ransomware that allows everyone to have a
free park.

CIRA is an Internet domain registration authority that manages more
than 2.8 million .ca domain, the Internetcountry codetop-level domain
(ccTLD) for Canada.

Unknown Cybercriminals compromise the car parking system in CIRA
office that managed by other company, and it allows everyone to park
their vehicle without scan their parking pass.

“A closer look revealed the true source of the problem, not a power
failure, mechanical issue or system crash—the automated parking system
had been hit with ransomware.”

In this case, attackers compromise the database that used to manage
this card parking system where dozens of employee credit cards are
possibly saved.

Further analysis reveal that the ransomware is Darma which is usally
infect the computers via RDP connections by search the system that
running with RDP online.

Attackers targeting RDP Protocol that running on the port 3389 and
perform brute force attack to gain the administrative credentials and
later the obtain to perform various malicious activities within the
system.

According to CIRA, Stored card details will undoubtedly reclaim all
the time we will save over the coming days in not having to scan our
parking passes.

CIRA said, “We have no way of knowing what cybersecurity measures
parking company has in place, but as we saw in our CIRA Cybersecurity
Survey, 37 percent of businesses don’t have anti-malware protection
installed and 71 percent did not have a formal patching policy.”


More information about the BreachExchange mailing list