ransomware (120)

9562798489?profile=RESIZE_400xIn the Real Estate business, the most sought after properties have location, location and location as their attraction. Thinking as a criminal what is on their “Wish List?” How do they rate the ideal ransomware target? Cyber threat investigators calim the following attributes add up to the best targets: revenue, size, geography and level of access help determine sale price for access. The most sought-after type of victim for ransomware-wielding attackers is a large, U.S. based business with at l

9554622473?profile=RESIZE_400xOur friends at several cyber media outlets are reporting that the operators behind the REvil ransomware-as-a-service (RaaS) is back.  In a surprise return, REvil reappeared after a two-month break following the widely publicized attack on technology services provider Kaseya on 4 July 2021.  In fact, Red Sky Alliance analysts observed its return this past week.

Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have reappeared online, wit

9551617685?profile=RESIZE_180x180Did you ever wonder how a can of green beans gets to the shelf of your supermarket?  Well, from planting the seeds, harvesting the crop, canning the beans, and pushing them to market – is all called the ‘Food Supply Chain.’  Now cyber-attackers are targeting our food supply chain and the Jolly Green Giant ain’t so happy.

The US Federal Bureau of Investigation (FBI) has issued a new alert on 06 September 2021 warning companies in the food and agricultural sector that they are increasingly at risk

9551483086?profile=RESIZE_400xA new twist on an old con; remember the Nigerian Princes who wanted to share their fortune with you - if only you would only send them your bank account number?  A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in Bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.

"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then the

9542922678?profile=RESIZE_400xRansomware-as-a-Service Operations Seek Affiliates for Extorting New Victims.  After a number of high-profile hits during 2021, some of the largest and most notorious ransomware operations disappeared. Beginning in May 2021, ransomware attacks by Russian-language groups Conti against Ireland's health service, DarkSide against U.S.-based Colonial Pipeline, and REvil against meat processing giant JBS and remote management software firm Kaseya led the Biden administration to try to better disrupt t

9518436491?profile=RESIZE_400xUS Government Cyber Warning Summary:

Immediate Actions You Can Take Now to Protect Against Ransomware

  • Make an offline backup of your data.
  • Do not click on suspicious links.
  • If you use RDP, secure and monitor it.
  • Update your OS and software.
  • Use strong passwords.
  • Use multi-factor authentication.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on US holidays and we

9481423482?profile=RESIZE_400xRansomware actors have taken a page from the playbooks of tech support scammers of yore by guiding victims to download malware using persuasion over the phone. The technique was first spotted in February, according to Palo Alto Networks' Unit 41 research unit. But Microsoft is issuing a fresh warning about the campaigns, contending they're much more dangerous than it first realized. Microsoft calls the campaign "BazaCall."

See:  https://redskyalliance.org/xindustry/ransomware-demand-answer-line-

9465793865?profile=RESIZE_400xA new twist on an old con; remember all the Nigerian Princes who wanted to share their fortune with you, if only you would only send them your bank account number?  Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.

"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then th

9438050454?profile=RESIZE_400xU.S. crime-fighting agencies testified in front of Congress during the last week of July 2021, and the hearing had a chilling title: "America Under Cyber Siege: Preventing and Responding to Ransomware Attacks"

Since January 2021, ransomware attacks have disrupted critical infrastructure, the food supply, IT management, healthcare, education, transportation, and many other sectors of the economy.For the most part, criminal and nation-state actors continue to launch attacks with little fear of fac

9422771294?profile=RESIZE_400xWhat happens when your expert consultant team that has been advising your organization about what you need to do to protect your firm from cyber threats becomes “front page news?” The consultancy Accenture, which offers cybersecurity services, confirmed Wednesday it had been hit by a cyber incident. The ransomware gang LockBit took credit for the attack.  Dublin, Ireland-based Accenture declined to give details on when the incident occurred, its duration or the attack type.

See for more informat

9422660492?profile=RESIZE_400xEvery few months, enterprising cyber criminals are offering new services to enable cybercrimes, thefts and paid ransoms.  These new “services” make crime easier for lower skilled criminals and increase profits for all members of the ransomware supply chain. TM: General Mills

Cyber threat actors who want to take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks.  On average, such access is so

9408552270?profile=RESIZE_400xOn 5 August 2021 a threat actor using the handle m1Geelka, made a post on the Russian XSS cybercriminal forum.  In the post, they claim to have leaked the manuals and instructions used by the Conti ransomware group whom with they were previously associated.  These posts provide valuable insight into Conti operations.  While the group is highly likely to change its exposed infrastructure and their tactics, techniques, and procedures (TTP’s), network defenders are now able to research this informa

9404982272?profile=RESIZE_400xSupply chain networks have for some time been driven by technology over the years and have evolved accordingly.  The same technologies that make supply chains faster and more effective also threaten their cybersecurity. Supply chains have vulnerabilities along touchpoints with manufacturers, suppliers, and other service providers.

With constant global cyber threats, it is vital that companies involved in the supply chain understand risks and how to respond to them.  So, what is the best way to p

9315119659?profile=RESIZE_400xRecently, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiati

9297250058?profile=RESIZE_400xIn the past several weeks, South Africa has experience violent riots in response to the arrest of its former president.[1]  The unrest is having serious repercussions for the country's mining sector. The outbursts, located in the province of KwaZulu Natal, are hampering the activity of local mines, but also that of Durban and Richards Bay port terminals.  On 22 July, a cyber-​​attack has directly disrupted the operation of South Africa’s busiest container terminal.  It’s the largest on the Afric

9289110685?profile=RESIZE_400xPalo Alto Networks, Unit 42 has provided great research on the Mespinoza criminal cyber group.  As cyber extortion flourishes, ransomware gangs are constantly changing tactics and business models to increase the chances that victims will pay increasingly large ransoms.  As these criminal organizations become more sophisticated, they are increasingly taking on the appearance of professional enterprises.  One good example is Mespinoza ransomware, which is run by a prolific group with a penchant fo

9272802297?profile=RESIZE_400xHackers have recently tampered with critical infrastructure entities in the US.  This includes the Colonial Pipeline incident that affected the supply of gas and the JBS Foods hack that affected operations of the meat-packing giant.  Neither of these ransomware attacks had any severe, real-world consequences.  Some people could not put gas in their cars for a few days, or the price of meat might have gone up in some areas, but no lives were immediately threatened.

But what if the hackers decided

9208836301?profile=RESIZE_400xLast weekend did not start out so nice.  The hacking group behind what media is calling ‘colossal ransomware attack’ has demanded $70m (£50.5m) paid in Bitcoin in return for a "universal decryptor" that it says will unlock the files of all victims.  The Russian associated REvil group is saying its malware, which initially targeted US IT firm Kaseya, has hit one million "systems." 

This number has not been totally verified and the exact total of victims is unknown.  Yet, victims include 500 Swedi

9180993488?profile=RESIZE_400xThe average cost of a ransomware attack in 2020 was approximately $761,000.  The average cost of remediating a ransomware attack has more than doubled in the last 12 months.  Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of approximately $761,000 in 2020 to approximately $1.85 million in 2021.[1] 

The importance of cybersecurity is no secret to anyone who uses a computer or an iPhone.  Senior executives at businesses of all sizes u

9145176696?profile=RESIZE_180x180The US and its NATO allies endorsed a new cybersecurity defense policy during President Biden's visit this week with member states in Brussels, according to the official summit communique.  NATO members agreed that the organization's Article 5 provision which states that an attack on one member nation is an attack on all could now be applied to cyber threats.  But NATO would make any decisions to invoke Article 5 in response to a cyber incident on a "case-by-case basis," the communique notes.  A