9 Ransomware Enablers - and Tactics for Combating Them

Data Breach Today

Patch Management and Locking Down Remote Desktop Protocol Remain Essential Defenses Ransomware operations continue to thrive thanks to a vibrant cybercrime-as-a-service ecosystem designed to support all manner of online attacks.

Ransomware Gangs and the Name Game Distraction

Krebs on Security

It’s nice when ransomware gangs have their bitcoin stolen, malware servers shut down, or are otherwise forced to disband. Indeed, some of the most destructive and costly ransomware groups are now in their third incarnation. Another ransomware family tied to Evil Corp.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Wanted: Disgruntled Employees to Deploy Ransomware

Krebs on Security

Criminal hackers will try almost anything to get inside a profitable enterprise and secure a million-dollar payday from a ransomware infection. Image: Abnormal Security. Image: Abnormal Security. ransomware

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized

Krebs on Security

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. “Ransomware has gathered a critical mass of nonsense, b t, hype, and fuss around it.

Customer Care Giant TTEC Hit By Ransomware

Krebs on Security

TTEC , [ NASDAQ: TTEC ], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned.

A Closer Look at the DarkSide Ransomware Gang

Krebs on Security

The FBI confirmed this week that a relatively new ransomware group known as DarkSide is responsible for an attack that caused Colonial Pipeline to shut down 5,550 miles of pipe , stranding countless barrels of gasoline, diesel and jet fuel on the Gulf Coast. The DarkSide ransomware note.

What is Cyber Security Awareness and Why is it Important?

IT Governance

For all the talk of criminal hacking, ransomware infections and the technologies to prevent them, the key to protecting your organisation is cyber security awareness training. The importance of cyber security staff awareness. Cyber security awareness best practices.

Tamil Nadu Ransomware Attack Raises Resiliency Questions

Data Breach Today

Security Experts on Vulnerabilities, Prevention Steps for State Governments The ransomware attack on Tamil Nadu's Public Department puts the spotlight on the preparedness to identify and stave off attacks.

Task Force Seeks to Disrupt Ransomware Payments

Krebs on Security

Some of the world’s top tech firms are backing a new industry task force focused on disrupting cybercriminal ransomware gangs by limiting their ability to get paid, and targeting the individuals and finances of the organized thieves behind these crimes.

Ransomware Roundup: Avaddon Exits; Clop Suspects Arrested

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the Avaddon ransomware gang's retirement and the crackdown on the Clop ransomware gang in Ukraine. Also featured: Bitcoin as ally in the ransomware battle; strengthening U.S.

Revil ransomware operators are targeting new victims

Security Affairs

Recently we observed that part of the REvil ransomware infrastructure was up and running again, now we can confirm that they hit new victims. On September 7, the servers of the REvil ransomware gang were back online after around two months since their shutdown.

ISMG Editors’ Panel: Ransomware Update

Data Breach Today

Also: Update on NIST 'Zero Trust' Initiative In the latest weekly update, three editors at Information Security Media Group discuss important cybersecurity issues, including the latest ransomware trends, plus an update on NIST's "zero trust" initiative

Analysis: Securing RDP to Prevent Ransomware Attacks

Data Breach Today

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments

AvosLocker Ransomware Gang Recruiting Affiliates, Partners

Data Breach Today

Malwarebytes: Gang Seeking 'Pentesters' and 'Access Brokers' A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes

Conti Ransomware Attacks Surging, US Government Warns

Data Breach Today

Advisory Urges Multifactor Authentication, Network Segmentation, Patching and More The pace of Conti ransomware attacks has been increasing, with more than 400 organizations globally having fallen victim, warns a joint cybersecurity advisory from the U.S.

BlackMatter ransomware gang hit Technology giant Olympus

Security Affairs

Technology giant Olympus announced it was the victim of a ransomware attack and is currently investigating the extent of the incident. Olympus issued a statement to announce that its European, Middle East and Africa computer network was hit by a ransomware attack.

BlackMatter ransomware also targets VMware ESXi servers

Security Affairs

The BlackMatter ransomware gang has implemented a Linux encryptor to targets VMware ESXi virtual machine platform. Lile other ransomware operations, BlackMatter also set up its leak sitewhere it will publish data exfiltrated from the victims before encrypting their system.

Ransomware Group Turns to Facebook Ads

Krebs on Security

It’s bad enough that many ransomware gangs now have blogs where they publish data stolen from companies that refuse to make an extortion payment. Now, one crime group has started using hacked Facebook accounts to run ads publicly pressuring their ransomware victims into paying up.

Medical Debt Collection Firm R1 RCM Hit in Ransomware Attack

Krebs on Security

NASDAQ:RCM ], one of the nation’s largest medical debt collection companies, has been hit in a ransomware attack. R1 RCM acknowledged taking down its systems in response to a ransomware attack, but otherwise declined to comment for this story. R1 RCM Inc.

Analysis of NoCry ransomware: A variant of the Judge ransomware

Security Affairs

Researchers at Tesorion released a decryptor for Judge ransomware that also decrypts files encrypted by the NoCry ransomware. In January this year, we published a blog post on our analysis of the Judge ransomware. SecurityAffairs – hacking, NoCry ransomware).

Ukrainian Police Nab Six Tied to CLOP Ransomware

Krebs on Security

Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group , a cybercriminal gang said to have extorted more than half a billion dollars from victims.

Ransomware Updates: Conti Attacks Rise, New Players Surface

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of how the U.S. government has been tracking an increase in the pace of attacks tied to Conti ransomware. Also featured are what "protection" means today and building a new cybersecurity operating model

Expert Analysis: The Battle Against Ransomware

Data Breach Today

This edition of the ISMG Security Report features three segments on battling ransomware.

Emsisoft releases free SynAck ransomware decryptor

Security Affairs

Emsisoft researchers have released a decryptor for the SynAck Ransomware that could allow victims of the gang to decrypt their files for free. Emsisoft has released a free decryptor for SynAck Ransomware that can allow victims of the gang to decrypt their encrypted files. <gwmw

Hades Ransomware Has Targeted 7 Large Companies

Data Breach Today

Accenture Security: Attackers Focus on Those With Over $1 Billion in Revenue At least seven companies with annual revenue of over $1 billion have been hit so far this year by Hades ransomware, according to an Accenture Security report

Analysis: Changing Nature of Ransomware Attacks

Data Breach Today

This edition of the ISMG Security Report features an analysis of comments from the former head of Britain's GCHQ intelligence agency, Robert Hannigan, on the changing nature of ransomware attacks.

Analysis: The Persistent Ransomware Threat

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the persistent threat of ransomware. Also featured: Sorting out breaches tied to Accellion’s File Transfer Appliance; an update on fraud trends in 2021

HelloKitty ransomware gang targets vulnerable SonicWall devices

Security Affairs

BleepingComputer became aware that the recent wave of attacks targeting vulnerable SonicWall devices was carried out by HelloKitty ransomware operators. Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) families.

Ransomware Hit ATM Giant Diebold Nixdorf

Krebs on Security

Diebold Nixdorf , a major provider of automatic teller machines (ATMs) and payment technology to banks and retailers, recently suffered a ransomware attack that disrupted some operations. Diebold Nixdorf takes the security of our systems and customer service very seriously.

Good News: REvil Ransomware Victims Get Free Decryptor

Data Breach Today

Many Files Crypto-Locked Before July 13 Unlockable via Free Bitdefender Decryptor Score one for the good guys in the fight against ransomware: Anyone who fell victim to REvil, aka Sodinokibi, crypto-locking malware before July 13 can now decrypt their files for free, thanks to a decryptor released by security firm Bitdefender.

Repurposed REvil Ransomware Used in Attacks

Data Breach Today

Secureworks: New Group Apparently Waging Attacks Using Same Code A newly identified threat group is using a repurposed version of REvil ransomware to wage attacks, according to security company Secureworks’ Counter Threat Unit

Security Firm Prosegur Hit By Ryuk Ransomware

Data Breach Today

Incident May Have Disrupted Networked Security Cameras Global security company Prosegur has blamed Ryuk ransomware for a service disruption that started Wednesday, which may have hampered networked alarms.

Analysis: Oh, the Lies Ransomware Operators Tell

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of how ransomware attackers share about their inclinations, motivations and tactics.

Analysis: Why Ransomware Is No. 1 Cyberthreat

Data Breach Today

This edition of the ISMG Security Report features a discussion about why the head of Britain's National Cyber Security Center says the No. 1 cyber risk is not nation-state attackers but ransomware-wielding criminals.

Analysis: Keeping Track of Ransomware Gangs

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the disappearance of ransomware-as-a-service groups, such as REvil and Darkside, and how that impacts the wider cybercrime ecosystem. Also featured: ransomware recovery tips; regulating cyber surveillance tools

Ransomware Gangs Don’t Need PR Help

Krebs on Security

We’ve seen an ugly trend recently of tech news stories and cybersecurity firms trumpeting claims of ransomware attacks on companies large and small, apparently based on little more than the say-so of the ransomware gangs themselves. Ransomware ransomware

Neuberger: Ransomware Requires International Response

Data Breach Today

Revil ransomware gang hit Spanish telecom giant MasMovil

Security Affairs

Revil ransomware gang hit Spanish telecom giant MasMovil and claims to have stolen sensitive data from the group. MasMovil is one of the largest Spanish telecom operators, last week the group was hit by the REvil ransomware gang that claims to have stolen sensitive data from the company. “We

Alerts: Avaddon Ransomware Attacks Increasing

Data Breach Today

FBI and Australian Officials Describe the Threat Attackers are using Avaddon ransomware to target diverse organizations in the U.S., Australia and elsewhere, according to the FBI and the Australian Cyber Security Center.

Australian Cyber Security Centre warns of a surge of LockBit 2.0 ransomware attacks

Security Affairs

The Australian Cyber Security Centre (ACSC) warns of a surge of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. The Australian Cyber Security Centre (ACSC) warns of an escalation in LockBit 2.0 ransomware.