10 Mistakes Companies Make in Their Ransomware Responses

Dark Reading

Hit by ransomware? These missteps can take a bad scenario and make it even worse

Ransomware Gangs and the Name Game Distraction

Krebs on Security

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. Another ransomware family tied to Evil Corp.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Double-Encrypting Ransomware

Schneier on Security

In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. Uncategorized encryption extortion malware ransomwareThis seems to be a new tactic : Emsisoft has identified two distinct tactics.

Ransomware Profitability

Schneier on Security

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Ransomware is now an established worldwide business. Uncategorized crime cryptocurrency ransomware

Ransomware Is Getting Ugly

Schneier on Security

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The Colonial Pipeline is another current high-profile ransomware victim. Uncategorized cryptocurrency cybercrime doxing police ransomware

Ransomware Defense: Top 5 Things to do Right Now

Threatpost

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14.

Disrupting Ransomware by Disrupting Bitcoin

Schneier on Security

Ransomware isn’t new; the idea dates back to 1986 with the “Brain” computer virus. This is where the suggestion to ban cryptocurrencies as a way to “solve” ransomware comes from.

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. “Ransomware has gathered a critical mass of nonsense, b t, hype, and fuss around it.

A Death Due to Ransomware

Schneier on Security

The Wall Street Journal is reporting on a baby’s death at an Alabama hospital in 2019, which they argue was a direct result of the ransomware attack the hospital was undergoing. If proven in court, the case will mark the first confirmed death from a ransomware attack.

Healthcare Ransomware Attacks Persist

Security Boulevard

Ransomware attacks launched against healthcare providers are on the rise as 2021 draws to a close. The HHS Office for Civil Rights’ HIPAA Breach Reporting Tool points to several high-impact ransomware attacks related to the healthcare industry.

Ransomware Detection Through Threat Hunting

Security Boulevard

Ransomware is the most destructive kind of cyber attack due to the massive financial losses it inflicts on organisations worldwide. For this reason, experts have always advocated that threat hunting-led ransomware detection and prevention must be rigorously and actively […].

Ransomware Shuts Down US Pipeline

Schneier on Security

This is a major story : a probably Russian cybercrime group called DarkSide shut down the Colonial Pipeline in a ransomware attack. This is the new and improved ransomware attack: the hackers stole nearly 100 gig of data, and are threatening to publish it.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. The DarkSide ransomware note.

2021 Ransomware Attack Report

Security Boulevard

The 2021 ransomware attack report summarizes these findings and highlights the key trends as we enter 2022. The post 2021 Ransomware Attack Report appeared first on Security Boulevard. Security Bloggers Network Ransomware

Can Ransomware Infect Cloud Storage?

ZoneAlarm

The latter is … The post Can Ransomware Infect Cloud Storage? Cloud Security Ransomware cloud Cyber Attack ransomwareOver the last few years, many businesses and individuals have opted to move their data to cloud storage.

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ransomware-as-a-service gang actually includes a solicitation for insiders in the desktop wallpaper left behind on systems encrypted with the malware.

Ransomware Attacks against Water Treatment Plants

Schneier on Security

According to a report from CISA last week, there were three ransomware attacks against water treatment plants last year. WWS Sector cyber intrusions from 2019 to early 2021 include: In August 2021, malicious cyber actors used Ghost variant ransomware against a California-based WWS facility.

Ransomware Whack-a-Mole

Security Boulevard

It’s commonly used to describe cybersecurity and the ransomware news this week illustrates why Whack-a-Mole is an appropriate metaphor. The post Ransomware Whack-a-Mole appeared first on Security Boulevard. Pretty much everyone is familiar with the carnival game Whack-a-Mole.

Insurance and Ransomware

Schneier on Security

As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. However, the most pressing challenge currently facing the industry is ransomware. Uncategorized academic papers cybercrime cybersecurity insurance mitigation ransomware reports

Ransomware by the Numbers – An Impact Overview

Security Boulevard

The number of global ransomware attacks is on the rise. According to Threatpost , the global volume of ransomware operations reached 304.7 The post Ransomware by the Numbers – An Impact Overview appeared first on Security Boulevard.

Negotiating with Ransomware Gangs

Schneier on Security

Thus, the decision whether to pay or ignore a ransomware demand, seems less of a legal, and more of a practical, determination ­ almost like a cost-benefit analysis. When confronted with a ransomware attack, the options all seem bleak. Uncategorized ransomware risk assessment

Ransomware news headlines trending on Google

CyberSecurity Insiders

First, is the news related to Medical Review Institute of America (MRIoA), an Utah based health service provider that was hit by a ransomware attack on November 9th of last year. The name of the hacking group that induced the ransomware wasn’t made public.

Death Kitty Ransomware and BlackMatter Ransomware details

CyberSecurity Insiders

Death Kitty Ransomware that targeted South African Port Transnet has disrupted the networks, forcing the company to declare Force Majeure at Container Terminals and Cargo shifting, forcing the staff to switch to manual paper and pen work.

Ransomware attack on Impresa Portugal

CyberSecurity Insiders

Portugal-based media company Impresa has hit the news headlines for becoming a victim to a ransomware attack. And sources state that the publishing company was hit by a ransomware group named Lapsus$. Not much is known about Lapsus$ ransomware group.

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

Ransomware Attack on Red Cross

CyberSecurity Insiders

An official conformation on the ransomware group that targeted the internationally reputed organization and incident details are awaited. The post Ransomware Attack on Red Cross appeared first on Cybersecurity Insiders. Ransomware Red Cross

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

Ransomware Now Leaking Stolen Documents

Schneier on Security

Originally, ransomware didn't involve any data theft. Now ransomware is increasingly involving both encryption and exfiltration. Recently, the aerospace company Visser Precision was hit by the DoppelPaymer ransomware. blackmail dataloss doxing encryption ransomware

Documented Death from a Ransomware Attack

Schneier on Security

A Dusseldorf woman died when a ransomware attack against a hospital forced her to be taken to a different hospital in another city. UK hospitals had to redirect patients during the 2017 WannaCry ransomware attack , but there were no documented fatalities from that event.

A National response to Ransomware Attacks

CyberSecurity Insiders

Ransomware attacks are leading to national & international responses felt Mandiant CEO Kevin Mandia. And a good instance to prove his point was the seizure of servers operating for REvil ransomware group that offered ransomware as a service to the world from Russia.

Ransomware: 8 Things That You Must Know

Joseph Steinberg

While ransomware may seem like a straightforward concept, people who are otherwise highly-knowledgeable seem to cite erroneous information about ransomware on a regular basis. As such, I would like to point out 8 essential points about ransomware.

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. R1 RCM Inc.

Defending Against Modern Ransomware Tactics

Security Boulevard

Ransomware gangs are continuing to evolve new tactics and techniques, and organizations need to be better prepared to defend against them in 2022. The post Defending Against Modern Ransomware Tactics appeared first on Security Boulevard.

Details of the REvil Ransomware Attack

Schneier on Security

ArsTechnica has a good story on the REvil ransomware attack of last weekend, with technical details: This weekend’s attack was carried out with almost surgical precision. Uncategorized cyberattack malware ransomware Russia supply chain vulnerabilities zero-day

At Request of U.S., Russia Rounds Up 14 REvil Ransomware Affiliates

Krebs on Security

The Russian government said today it arrested 14 people accused of working for “ REvil ,” a particularly aggressive ransomware group that has extorted hundreds of millions of dollars from victim organizations.

DarkSide Ransomware 101

Heimadal Security

Ransomware could be considered the most prevalent threat in this cybersecurity landscape. As hackers discover new ways to profit from ransomware assaults, the frequency of these attacks is increasing. The post DarkSide Ransomware 101 appeared first on Heimdal Security Blog.

Ragnar Locker Ransomware strikes a cybersecurity firm

CyberSecurity Insiders

Ragnar Locker Ransomware, notorious hacking group that spreads file encrypting malware to large-scale organizations, has hit a security firm this time and stole data to prove it’s worth. The post Ragnar Locker Ransomware strikes a cybersecurity firm appeared first on Cybersecurity Insiders.

REvil ransomware crew allegedly busted in Russia, says FSB

Naked Security

The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew. Ransomware FSB ransomware revil russia

Ransomware news trending on Google

CyberSecurity Insiders

Big news, the Biden administration is offering a $10m reward for those offering any valid information on the DarkSide Ransomware Group that shut down fuel supply of Colonial Pipeline until a ransom was paid. The post Ransomware news trending on Google appeared first on Cybersecurity Insiders.

Cl0p Ransomware Gang Tries to Topple the House of Cards

Security Boulevard

When I wrote the introduction for our recent report Organizations at Risk: Ransomware Attackers Don’t Take Holidays , I described current factors and trends with the potential to disrupt the upcoming holiday season. .

Shutterfly hit by Conti Ransomware

CyberSecurity Insiders

Shutterfly, a California based company that is into photo sharing business, was reportedly hit by Conti Ransomware early this month. It is unclear whether the Conti Ransomware Group has demanded a ransom or not. Ransomware Shutterfly