10 Mistakes Companies Make in Their Ransomware Responses

Dark Reading

Hit by ransomware? These missteps can take a bad scenario and make it even worse

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. “Ransomware has gathered a critical mass of nonsense, b t, hype, and fuss around it.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. The DarkSide ransomware note.

Ransomware Defense: Top 5 Things to do Right Now

Threatpost

Matt Bromiley, senior consultant with Mandiant Managed Defense, discusses the top tricks and tips for protecting enterprise environments from ransomware.

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Ransomware BleepingComputer Diebold Nixdorf Emsisoft Fabian Wosar Lawrence Abrams ProLock ransomware

Alert for Ransomware Attack Victims: Here's How to Respond

Data Breach Today

As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery

Analysis of NoCry ransomware: A variant of the Judge ransomware

Security Affairs

Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. SecurityAffairs – hacking, NoCry ransomware).

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

How 'Mespinoza' Ransomware Group Hits Targets

Data Breach Today

Palo Alto Networks Report Describes Tactics of Group Leveraging Open-Source Tools The gang behind the ransomware strain known as Mespinoza, aka PYSA, is targeting manufacturers, schools and others, mainly in the U.S.

REvil Ransomware Gang Starts Auctioning Victim Data

Krebs on Security

The criminal group behind the REvil ransomware enterprise has begun auctioning off sensitive data stolen from companies hit by its malicious software. A partial screenshot from the REvil ransomware group’s Dark Web blog.

Double-Encrypting Ransomware

Schneier on Security

In the first, hackers encrypt data with ransomware A and then re-encrypt that data with ransomware B. Uncategorized encryption extortion malware ransomwareThis seems to be a new tactic : Emsisoft has identified two distinct tactics.

Ransomware Is Getting Ugly

Schneier on Security

Modern ransomware has two dimensions: pay to get your data back, and pay not to have your data dumped on the Internet. The Colonial Pipeline is another current high-profile ransomware victim. Uncategorized cryptocurrency cybercrime doxing police ransomware

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Ransomware ransomware

Colonial Pipeline Starts Recovery from Ransomware

Data Breach Today

Report: DarkSide Ransomware Gang Infected Fuel Supplier Colonial Pipeline Company has restored smaller pipelines that ship fuels to the U.S. East Coast after a ransomware incident, but its larger ones are still offline as it assesses safety.

White House Urges Businesses: Improve Ransomware Defenses

Data Breach Today

Biden Orders Federal Ransomware Task Force to Coordinate Federal Investigations The White House has written to business leaders, urging them to prioritize having robust ransomware defenses in place.

White House Presses Russia on JBS Ransomware

Data Breach Today

Experts Say Ransomware Hasn't Slowed Down Since Colonial Pipeline The White House says on Tuesday it has contacted Russia regarding the ransomware attack against JBS SA, the multinational meat producer.

Houston Rockets Investigate Ransomware Attack

Data Breach Today

Babuk Ransomware Gang Reportedly Posted Exfiltrated Team Data The NBA's Houston Rockets reported on Wednesday that the organization was recently hit with a ransomware attack for which the Babuk cyber gang has taken responsibility.

Arrest, Seizures Tied to Netwalker Ransomware

Krebs on Security

and Bulgarian authorities this week seized the darkweb site used by the NetWalker ransomware cybercrime group to publish data stolen from its victims. The victim shaming site maintained by the NetWalker ransomware group, after being seized by authorities this week.

REvil's Ransomware Success Formula: Constant Innovation

Data Breach Today

Affiliate-Driven Approach and Regular Malware Refinements Are Key, Experts Say REvil, aka Sodinokibi, is one of today's most notorious - and profitable - ransomware operations, driven by highly skilled affiliates who share profits with the operators.

Europe’s Largest Private Hospital Operator Fresenius Hit by Ransomware

Krebs on Security

Fresenius , Europe’s largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.

Ransomware Roundup: Avaddon Exits; Clop Suspects Arrested

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the Avaddon ransomware gang's retirement and the crackdown on the Clop ransomware gang in Ukraine. Also featured: Bitcoin as ally in the ransomware battle; strengthening U.S.

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. firmware in an imminent ransomware campaign using stolen credentials.” SecurityAffairs – hacking, HelloKitty ransomware).

DarkSide's Pipeline Ransomware Hit: Strictly Business?

Data Breach Today

Affiliate-Driven Ransomware-as-a-Service Operations Keep Generating Big Profits "It's not personal. It's strictly business."

How Conti Ransomware Works

Data Breach Today

Researchers Analyze the Severe Threat the Malware Poses Conti ransomware, which emerged eight months ago, poses a severe threat, according to Cybereason's Nocturnus Team, which offers an in-depth analysis of how the malware works

Ransomware Profitability

Schneier on Security

Analyzing cryptocurrency data, a research group has estimated a lower-bound on 2020 ransomware revenue: $350 million, four times more than in 2019. Ransomware is now an established worldwide business. Uncategorized crime cryptocurrency ransomware

Interpol Calls For New Ransomware Mitigation Strategy

Data Breach Today

The Agency Will Elevate the Role of National Central Bureaus to Fight Cybercrimes Interpol has announced that it will boost the role of country-specific National Central Bureaus to fight ransomware and other cybercrimes.

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack

Krebs on Security

The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents. Ransomware ransomware Tyler Technologies tylertech.com

Ryuk Ransomware Updated With 'Worm-Like Capabilities'

Data Breach Today

Prolific Ransomware Can 'Spread Automatically' Inside Networks, CERT-FR Warns Prolific Ryuk ransomware has a new trick up its sleeve. "A

Biden Faces Russian Ransomware Curtailment Challenge

Data Breach Today

But experts say disrupting ransomware will take more than diplomacy or even using offensive cyber operations to target criminal infrastructure

StrRAT Masquerades as Ransomware

Data Breach Today

Microsoft Says Spam Campaign Uses Updated Variant Microsoft is warning about a spam campaign that uses an updated variant of Java-based StrRAT malware that steals confidential data while disguising itself as a ransomware infection even though it does not actually encrypt data

Blackbaud Ransomware Victim Count Climbing

Data Breach Today

Health Data Breach Tally Shows Impact of Vendor Breach The May ransomware attack on cloud-based fundraising database management vendor Blackbaud continues to rack up victims in the healthcare sector.

Constant Ransomware Business Refinements Boosting Profits

Data Breach Today

Former Head of GCHQ Highlights Need for Getting Basics Right, Plus Government Action Ransomware-wielding criminals continue to find innovative new ways to extort victims, develop technically and sidestep skills shortages by delivering ransomware as a service, said Robert Hannigan, the former head of U.K.

Payroll/HR Giant PrismHR Hit by Ransomware?

Krebs on Security

PrismHR , a company that sells technology used by other firms to help more than 80,000 small businesses manage payroll, benefits, and human resources, has suffered what appears to be an ongoing ransomware attack that is disrupting many of its services.

Insights on Mitigating Ransomware Risks

Data Breach Today

Janine Darling, the founder and CEO of STASH Global, discusses the pervasive and persistent problem of ransomware and how to mitigate the risks

Risk 151

Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam

Krebs on Security

Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. ” Ransomware Cryptolocker Eversheds Sutherland Evgeniy Mikhailovich Bogachev Evil Corp.

Ransomware + Exfiltration + Leaks = Data Breach

Data Breach Today

Data-Leaking Extortionists' Revised Playbook Goes Way Beyond Ransomware Ransomware-wielding attackers continue to pummel organizations.

Expert Analysis: The Battle Against Ransomware

Data Breach Today

This edition of the ISMG Security Report features three segments on battling ransomware.

Analysis: Changing Nature of Ransomware Attacks

Data Breach Today

This edition of the ISMG Security Report features an analysis of comments from the former head of Britain's GCHQ intelligence agency, Robert Hannigan, on the changing nature of ransomware attacks.