CorVel A Victim Of Ransomware Attack
By Lonce Lamonte - July 27, 2019
This week’s virus attack against CorVel Corporation has now been described as a ransomware attack using the Ryuk virus.
This information came from an anonymous informant, as the company is still not talking to outsiders, including the media. No statement has been put out addressed to any individual or entity outside of CorVel. This writer’s inquiry to a Melissa Storan, who was given as a media contact, using her email address has produced no response.
According to the tipster, management confirmed the attack was companywide across the nation. As of Friday afternoon, the three CorVel offices in Texas had no access to anything. It was believed by this informant, that it was that way in every office.
Thus, adjustercom’s previous report that the virus attack, which had not yet been identified as ransomware, was confined to California, appears to have been incorrect. It appears now that CorVel’s computer systems were shut down nationwide to its approximately 80 offices across the continental U.S.
According to the tipster source, CorVel management said the Ryuk virus was caught before it was active. It was found during system upgrades. But this management story has not made sense, because in that case of the virus being caught before going active, the IT technicians should have just been able to remove it. However, the CorVel professionals seem to be completely replacing servers, so that indicates they were locked out.
Perhaps the Ryuk virus locked them out when they tried to remove it, but it sounds more like it activated and then the system got completely compromised. Thus, it’s not expected, according to the source, that the overall system will be back up on Monday. That is, unless they are doing it with completely different servers.
With completely different servers, CorVel will lose emails and other claim data when it’s back up. Apparently, with that method, there would be a lot of work to repeat once the systems are restored.
This confidential, secret report states that all offices nationwide were affected the same. This contradicts the report from Thursday, July 25th, stating some systems were back up with the exception of the email and CareMC, the bill review system.
The source did not know if a specific amount was requested as a ransom to restore the system. Usually, a ransomware attack demands a ransom typically in bitcoin payment in return for the electronic key.
Sometimes, ransomware lock-outs last two weeks, or a little shorter or even longer. Possibly, by setting a time-period limit, this limits the perpetrator’s liability should the individual(s) responsible get caught.
Most likely “system-nappers” believe they are going to receive their ransom demand within a two week period. Companies the size of CorVel are apt to lose millions of dollars if their systems are down for two weeks. This could put any company victim in a vulnerable position to just go ahead and pay the ransom.
CorVel is in a position to sustain enormous damages. Empathy is an appropriate reaction.
lonce@adjustercom.com, Lonce Lamonte, journalist; copyright adjustercom, all rights reserved
adjustercom freelance writer Jorge Alexandria contributed to this article. riskletter@mail.com
| 
__May11th2017.gif)
.gif)