9 Ransomware Enablers - and Tactics for Combating Them

Data Breach Today

Patch Management and Locking Down Remote Desktop Protocol Remain Essential Defenses Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks.

Ransomware Gangs and the Name Game Distraction

Krebs on Security

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. Another ransomware family tied to Evil Corp.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

10 Mistakes Companies Make in Their Ransomware Responses

Dark Reading

Hit by ransomware? These missteps can take a bad scenario and make it even worse

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. “Ransomware has gathered a critical mass of nonsense, b t, hype, and fuss around it.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. The DarkSide ransomware note.

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ransomware-as-a-service gang actually includes a solicitation for insiders in the desktop wallpaper left behind on systems encrypted with the malware.

New Business Model: White Labeling of Ransomware

Data Breach Today

Trend Micro: Operators Rebrand "Supplier" Ransomware Before Deployment Researchers at cybersecurity firm Trend Micro have observed the adoption of a new franchise-based business model by ransomware operators that moves away from the traditional ransomware-as-a-service model.

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

StrRAT Masquerades as Ransomware

Data Breach Today

Microsoft Says Spam Campaign Uses Updated Variant Microsoft is warning about a spam campaign that uses an updated variant of Java-based StrRAT malware that steals confidential data while disguising itself as a ransomware infection even though it does not actually encrypt data

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Ransomware Gangs Are Not Infallible

Data Breach Today

The latest ISMG Security Report features the fallibility of ransomware gangs and why victims should always seek help from a reputable response firm, law enforcement or other qualified expert.

7 Emerging Ransomware Groups Practicing Double Extortion

Data Breach Today

Fresh Ransomware-as-a-Service Operations Seek Affiliates for Extorting New Victims After a string of high-profile hits, many of the largest and most notorious ransomware operations recently disappeared.

Ransomware Roundup: Avaddon Exits; Clop Suspects Arrested

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the Avaddon ransomware gang's retirement and the crackdown on the Clop ransomware gang in Ukraine. Also featured: Bitcoin as ally in the ransomware battle; strengthening U.S.

White House Urges Businesses: Improve Ransomware Defenses

Data Breach Today

Biden Orders Federal Ransomware Task Force to Coordinate Federal Investigations The White House has written to business leaders, urging them to prioritize having robust ransomware defenses in place.

Ransomware Defense: Top 5 Things to do Right Now

Threatpost

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. R1 RCM Inc.

Ransomware: Average Ransom Payment Drops to $137,000

Data Breach Today

Fewer Victims Paying Attackers Simply to Delete Stolen Data, Coveware Reports Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware.

ISMG Editors’ Panel: Ransomware Update

Data Breach Today

Also: Update on NIST 'Zero Trust' Initiative In the latest weekly update, three editors at Information Security Media Group discuss important cybersecurity issues, including the latest ransomware trends, plus an update on NIST's "zero trust" initiative

Insurer Tokio Marine Hit by Ransomware

Data Breach Today

Firm Says Singapore Unit Was Targeted Tokio Marine, a Japan-based property and casualty insurer, says its Tokio Marine Insurance Singapore unit was hit by a ransomware attack this week

ISMG Editors: Solving the Ransomware Problem Together

Data Breach Today

FIN12 Ransomware Attacks Aggressively Targeting Healthcare

Data Breach Today

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

Data Breaches Tied to Ransomware: Look Harder

Data Breach Today

Australia Regulator Says Such Breaches Are Likely Underreported Australia's data regulator says organizations hit by ransomware may be underreporting data breaches because they haven't thoroughly figured out if data was taken.

AvosLocker Ransomware Gang Recruiting Affiliates, Partners

Data Breach Today

Malwarebytes: Gang Seeking 'Pentesters' and 'Access Brokers' A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Ransomware BleepingComputer Diebold Nixdorf Emsisoft Fabian Wosar Lawrence Abrams ProLock ransomware

The Ransomware Files, Episode 1: The School District

Data Breach Today

This is the first episode of The Ransomware Files, a podcast miniseries focused on stories of resilience in the fight against ransomware.

Interpol Calls For New Ransomware Mitigation Strategy

Data Breach Today

The Agency Will Elevate the Role of National Central Bureaus to Fight Cybercrimes Interpol has announced that it will boost the role of country-specific National Central Bureaus to fight ransomware and other cybercrimes.

Is REvil Ransomware Operation Returning as 'BlackMatter'?

Data Breach Today

Expert: More Likely, an Affiliate Has Repurposed REvil's Crypto-Locking Malware Has the REvil ransomware operation come storming back?

Colonial Pipeline Starts Recovery from Ransomware

Data Breach Today

Report: DarkSide Ransomware Gang Infected Fuel Supplier Colonial Pipeline Company has restored smaller pipelines that ship fuels to the U.S. East Coast after a ransomware incident, but its larger ones are still offline as it assesses safety.

BlackMatter Group Debuts Linux-Targeting Ransomware

Data Breach Today

VMware ESXi Servers Targeted by Crypto-Locking Malware, MalwareHunterTeam Warns The new BlackMatter Russian-speaking ransomware-as-a-service group, which announced its launch last month, has created a Linux version of its malware designed to target VmWare's ESXi servers hosting virtual machines, according to MalwareHunterTeam.

Analysis: Top Ransomware Gangs Targeting Healthcare Sector

Data Breach Today

Globally Ransomware attacks are continuing to threaten the U.S. HHS Says Several Factors Making Healthcare a Favorite Target in U.S.,

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Ransomware ransomware

Accenture Hit by Apparent Ransomware Attack

Data Breach Today

The ransomware gang LockBit took credit for the attack LockBit Takes Credit for the Incident on Its Darknet Website The consultancy Accenture, which offers cybersecurity services, confirmed Wednesday it had been hit by a cyber incident.

Analysis of NoCry ransomware: A variant of the Judge ransomware

Security Affairs

Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. SecurityAffairs – hacking, NoCry ransomware).

Ransomware: Average Ransom Payment Stays Steady at $140,000

Data Breach Today

Big Game Hunting Is Out and 'Mid Game Hunting' Is In, Coveware Warns When a business, government agency or other organization hit by ransomware opted to pay a ransom to its attacker in Q3, the average payment was $140,000, reports ransomware incident response firm Coveware.

Analysis: The Persistent Ransomware Threat

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the persistent threat of ransomware. Also featured: Sorting out breaches tied to Accellion’s File Transfer Appliance; an update on fraud trends in 2021

Insights on Mitigating Ransomware Risks

Data Breach Today

Janine Darling, the founder and CEO of STASH Global, discusses the pervasive and persistent problem of ransomware and how to mitigate the risks

Risk 206

Ransomware Changes: DoppelPaymer Rebrands; Babuk Evolves

Data Breach Today

New 'Pay or Grief' CryptoLocking Malware Is DoppelPaymer in Disguise, Experts Say The ransomware landscape changes constantly as groups disappear, change approaches or rebrand.

Pysa Ransomware Gang Targets Linux

Data Breach Today

Malware Designed To Attack Linux Hosts With ChaChi Backdoor The Pysa ransomware gang has created a new Linux version of its malware designed to target Linux hosts with the ChaChi backdoor, using its Windows counterpart's characteristics, according to a new report