9 Ransomware Enablers - and Tactics for Combating Them

Data Breach Today

Patch Management and Locking Down Remote Desktop Protocol Remain Essential Defenses Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks.

Ransomware Gangs and the Name Game Distraction

Krebs on Security

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. Another ransomware family tied to Evil Corp.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Conti Ransomware Group Diaries, Part I: Evasion

Krebs on Security

A Ukrainian security researcher this week leaked several years of internal chat logs and other sensitive data tied to Conti , an aggressive and ruthless Russian cybercrime group that focuses on deploying its ransomware to companies with more than $100 million in annual revenue.

Battling Ransomware in Healthcare

Data Breach Today

Errol Weiss Says Industry Lacks Resources to Improve Cybersecurity The healthcare industry continues to be targeted by ransomware gangs, but there are efforts underway to help improve the health sector's information security resiliency.

How Preparation and Strategy Can Be Used to Fight and Defeat Any Ransomware Attack

Speaker: Karl Camilleri, Cloud Services Product Manager at phoenixNAP

Through a detailed analysis of major attacks and their consequences, Karl Camilleri, Cloud Services Product Manager at phoenixNAP, will discuss the state of ransomware and future predictions, as well as provide best practices for attack prevention and recovery.

Inside Ireland’s Public Healthcare Ransomware Scare

Krebs on Security

The consulting firm PricewaterhouseCoopers recently published lessons learned from the disruptive and costly ransomware attack in May 2021 on Ireland’s public health system. PWC’s timeline of the days leading up to the deployment of Conti ransomware on May 14.

10 Mistakes Companies Make in Their Ransomware Responses

Dark Reading

Hit by ransomware? These missteps can take a bad scenario and make it even worse

Who Wrote the ALPHV/BlackCat Ransomware Strain?

Krebs on Security

In December 2021, researchers discovered a new ransomware-as-a-service named ALPHV (a.k.a. “ BlackCat “), considered to be the first professional cybercrime group to create and use a ransomware strain written in the Rust programming language.

Conti’s Ransomware Toll on the Healthcare Industry

Krebs on Security

Conti — one of the most ruthless and successful Russian ransomware groups — publicly declared during the height of the COVID-19 pandemic that it would refrain from targeting healthcare providers.

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. “Ransomware has gathered a critical mass of nonsense, b t, hype, and fuss around it.

Ransomware Prevention and Recovery

Learn how to protect your business data from the most disruptive malware currently in existence. This whitepaper will help you avoid becoming the victim of a data breach and ensure business continuity.

Battling Ransomware in Health Care

Data Breach Today

Errol Weiss Says Industry Lacks Resources to Improve Cybersecurity The health care industry continues to be targeted by ransomware gangs, but there are efforts underway to help improve the health sector's information security resiliency.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. The DarkSide ransomware note.

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Conti Ransomware Group Diaries, Part IV: Cryptocrime

Krebs on Security

Three stories here last week pored over several years’ worth of internal chat records stolen from the Conti ransomware group, the most profitable ransomware gang in operation today. penned a two-part analysis on why smart contracts will make ransomware more profitable.

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. ransomware-as-a-service gang actually includes a solicitation for insiders in the desktop wallpaper left behind on systems encrypted with the malware.

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

Ransomware Attack Disrupts Greek Postal Services

Data Breach Today

Organization's Data Center Isolated to Contain Targeted Ransomware Attack Greek postal service Hellenic Post says a ransomware incident has forced it to pull a majority of its operations offline.

Can't Fight That REvil Ransomware Feeling Anymore?

Data Breach Today

Criminals' Beloved Ransomware Brands Seem to Have a Life of Their Own Does it ever feel like you can't fight that REvil/Sodinokibi ransomware feeling anymore?

Cause for Concern? Ransomware Strains Trace to North Korea

Data Breach Today

Attackers Appear to Be Testing the Profit-Making Potential of Crypto-Locking Malware If you were a nation with legions of hackers at your disposal, seeking to sidestep crippling international sanctions, would you look to ransomware to fund your regime?

Ransomware Defense Plans: Don't Stockpile Cryptocurrency

Data Breach Today

Guidance Has Changed on Socking Away Bitcoins 'Just in Case' to Pay a Ransom Don't stockpile cryptocurrency in case your organization falls victim to ransomware-wielding attackers and opts to pay a ransom.

Community College Suspends Classes Over Ransomware Attack

Data Breach Today

5 Kellogg Community Colleges - and Nearly 8,400 Students - Affected All five campuses of the Kellogg Community College, or KCC, have suspended classes until further notice as the result of a ransomware attack, according to its website.

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. R1 RCM Inc.

New Business Model: White Labeling of Ransomware

Data Breach Today

Trend Micro: Operators Rebrand "Supplier" Ransomware Before Deployment Researchers at cybersecurity firm Trend Micro have observed the adoption of a new franchise-based business model by ransomware operators that moves away from the traditional ransomware-as-a-service model.

FBI Issues Alert on Hive Ransomware

Data Breach Today

Uptick in Hive Ransomware Activity Spotted The US Federal Bureau of Investigation has issued a warning about Hive ransomware after the group took down Memorial Health System last week.

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Ransomware BleepingComputer Diebold Nixdorf Emsisoft Fabian Wosar Lawrence Abrams ProLock ransomware

Conti Ransomware Targets Costa Rican Government Entities

Data Breach Today

After Demand of $10 Million Ransom Is Not Met, Conti Begins Leaking Data The Conti ransomware group has been targeting the U.S. and its allies since the beginning of the Russia-Ukraine war.

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Ransomware ransomware

StrRAT Masquerades as Ransomware

Data Breach Today

Microsoft Says Spam Campaign Uses Updated Variant Microsoft is warning about a spam campaign that uses an updated variant of Java-based StrRAT malware that steals confidential data while disguising itself as a ransomware infection even though it does not actually encrypt data

Cybercrime: Ransomware Attacks Surging Once Again

Data Breach Today

Lockbit, Conti, Hive and Alphv/BlackCat Tied to Greatest Number of Known Victims Ransomware attacks have come storming back after experiencing their typical end-of-the year decline.

Ransomware Roundup: Avaddon Exits; Clop Suspects Arrested

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the Avaddon ransomware gang's retirement and the crackdown on the Clop ransomware gang in Ukraine. Also featured: Bitcoin as ally in the ransomware battle; strengthening U.S.

The Ransomware Files, Episode 7: Ryuk's Rampage

Data Breach Today

Rockford Public Schools in Rockford, Illinois, was hit by Ryuk ransomware days after the school year started in September 2019. The attack encrypted more than 6 million files, wrecked applications and locked up servers.

Decrypting Hive Ransomware Data

Schneier on Security

Nice piece of research : Abstract: Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. In this paper, we analyzed Hive ransomware, which appeared in June 2021.

7 Emerging Ransomware Groups Practicing Double Extortion

Data Breach Today

Fresh Ransomware-as-a-Service Operations Seek Affiliates for Extorting New Victims After a string of high-profile hits, many of the largest and most notorious ransomware operations recently disappeared.

Ransomware Payments: Just 46% of Victims Now Pay a Ransom

Data Breach Today

NRA Finally Confirms Ransomware Attack From 2021

Data Breach Today

National Rifle Association States reportedly fell victim to a ransomware attack in October 2021. The NRA did not acknowledge the attack at the time, but a recent FEC filing explaining a financial discrepancy has forced it to confirm the ransomware attack and detail its impact

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog.

Ransomware Defense: Top 5 Things to do Right Now

Threatpost

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.