ransomware (27)

7941157687?profile=RESIZE_400x

The back-to-school season has already been stressful for schools and families. Now a spate of ransomware attacks targeting K-12 schools has made it even more challenging.  In May 2020, the FBI warned schools about the increasing risk of ransomware attacks during the pandemic. The agency warned that cyber actors would likely increase targeting of K-12 schools as an "opportunistic target" as more institutions shift from in-person learning to online classes and teachers and staff rely on remote ac

7930856299?profile=RESIZE_400xWhat will happen if the November 2020 election results are tampered, blocked or disappear?  Both parties will cry foul and blame the other party.  Will the voters every really know the final results and how long could it possibly take for both national parties to agree upon an outcome?  The blame may need to be placed with the hackers and ransomware criminals who have been attacking governments, businesses, and organizations with no let-up in sight.  State and local governments and their agencie

7867521488?profile=RESIZE_400xRansomware is here to stay.  Recent alerts from the Cybersecurity and Infrastructure Security Agency (CISA) report that there is no end in sight.  There are many versions of ransomware in use and group and nations behind the extortion attempts.  These cyber actors are motivated by money.  Ransomware can be described simply as a type of malware from crypto virology that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid.  While some simple ransomware

7757722684?profile=RESIZE_400xA recent survey result of 3,200 people in 524 organizations that suffered data breaches is a bit of a mixed bag.  Ponemon's, "Cost of a Data Breach Report 2020" (commissioned by IBM), reveals that despite an apparent decline in the average cost of a data breach from $3.92 million in 2019 to $3.86 million this year the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.  Ponemon's analysis of

7541747475?profile=RESIZE_400xCarnival Corporation & PLC is the largest cruise line operator in the world.  In 2019, Carnival pulled in a record revenue of $20.8 billion.  Even with the troubles of 2020, this makes them a significant target for attackers looking to earn a profit. On 15 August 2020, Carnival Corp & PLC detected a ransomware attack that encrypted a portion of one brand’s IT systems.  Attackers not only encrypted the data, but also downloaded certain files indicating some data was stolen. In their SEC filings,

7541041283?profile=RESIZE_400xSmall and Medium (SMB) sized businesses are facing a growing number of ransomware threats as the programs needed to launch such attacks become more widespread and easier to use.  Also known as the “fast food franchise of cybercrime,” Ransomware-as-a-Service (RaaS) enables even low-level and inexperienced hackers to purchase a ready-made solution for attacking small and medium-sized businesses.[1]

The malicious group named Dharma as one of the most popular offerings around, explaining it provides

7517751492?profile=RESIZE_400xNew samples of the Ekans ransomware have revealed how today's cyber attackers are using a variety of methods to compromise key industrial companies.  Researchers from our friends at FortiGuard Labs have uncovered two samples of the Ekans ransomware strain that offer some additional insight into how the crypto-locking malware targets industrial control systems.[1] 

Ekans, which is also referred to as Snake[2], was first identified in February 2020 and early reports indicated that it had been desi

7330777658?profile=RESIZE_400xMaze ransomware is a complex piece of malware that uses some tricks to frustrate analysis right from the beginning. The malware starts preparing some functions that appear to save memory addresses in global variables to use later in dynamic calls though it does not actually use these functions later. The operators of the Maze ransomware have published tens of GB of internal data from the networks of enterprise business giants LG and Xerox following two failed extortion attempts.

The hackers leake

6932015855?profile=RESIZE_400xA new strain of ransomware has arisen in Canada, targeting Android users, and locking up personal photos and videos. Named CryCryptor by cyber threat investigators, it has initially been spotted pretending to be the official COVID-19 tracing app provided by Health Canada.  It is propagating via two different bogus websites that pretend to be official.   According to ESET researchers, one called tracershield[dot]ca.  Like other ransomware families, it encrypts targeted files.  But, instead of sim

6930685270?profile=RESIZE_400xOn June 23, 2020, the US Federal Bureau of Investigation sent out a security alert to K-12 schools about the increase in ransomware attacks during the coronavirus (COVID-19) pandemic, especially about ransomware gangs that abuse remote desktop connections to break into school systems.

The alert, called a Private Industry Notification, or PIN, tells schools that "cyber actors are likely to increase targeting of K-12 schools during the COVID-19 pandemic because they represent an opportunistic targe

6642624069?profile=RESIZE_400xRansomware-as-a-Service (RaaS) is increasing around the world due to the ease of use, and the increasing success that attackers are having in their cyber-attacks. Recently, researchers have observed an increase in the use of a specific piece of malware known as Thanos ransomware.  This malware is unique in that it is the first to advertise the use of the RIPlace tactic.  This tactic allows attackers to evade detection by altering files without being detected by common Anti-Virus engines such as

6641863457?profile=RESIZE_400xRansomware is unfortunately is the new normal for businesses of all segments and sizes and this malware is multiplying quickly.  More than two-dozen US organizations were attacked in recent days by a known threat group attempting to deploy a dangerous new strain of ransomware called WastedLocker.

Had the attacks succeeded, they could have resulted in millions of dollars in damages to the organizations and potentially had a major impact on supply chains in the US, Symantec said in a report on 26

6440209290?profile=RESIZE_400xThere will be no let-up in ransomware attacks, as it has proven to such a profitable business model of cybercriminals.  The cybersecurity landscape is evolving, and many businesses do not understand how to keep their defenses ahead of the attackers.  While major corporations can spend as much as $1 billion a year, many small companies may not have the budget to hire a cybersecurity vendor to help them keep up with all the technology available needed to deter hackers.  The loss of just a few thou

6244931697?profile=RESIZE_400x2020, a year that will be remembered for many reasons.  Stories will be told to children and grandchildren of when we all had to wear face masks, stand 6 feet apart, there were no sports, and where people were not permitted to hug or shake hands.  Then there was the next economic collapse and subsequent worldwide insurrection.  For those who hunt cybercriminals and attempt to expose criminal and state-sponsored hacking operations and techniques, the blurring of the lines between what constitutes

6014420079?profile=RESIZE_400xMaze Ransomware hackers, previously known in the hacker community as “ChaCha Ransomware,” was discovered on 29 May 2020 by Jerome Segura, a malware intelligence officer.  The main goal of ransomware is to encrypt all files in an infected system and subsequently demand a ransom to recover the files.  The threat actor who took credit for compromising an insurance giant , seems to continue its attacking spree with full intensity.  It is currently targeting the aerospace sector, specifically mainten

5887188088?profile=RESIZE_400xLike any profitable business model, ransomware gangs continue to innovate and increase their business.  Recently, reports have emerged of a collaboration between the Maze and Lockbit gangs, as well as the REvil, aka Sodinokibi, operators not leaking stolen data for free when victims do not pay, but instead auctioning it off to the highest bidder.

Here are some of the latest ransomware trends noted by cyber analysts: IR-20-164-002_Ransomware Trends.pdf

5769575663?profile=RESIZE_400xAs cyberattacks rise, so does the call by business leaders and shareholders to be ready to respond to a cyber incident.  Cyber insurance and a solid Incident Response plan are two critical components to make your company resilient.

Cyber attorney Shawn Tuma says one of these things is likely to influence the other, which surprises many organizations and may surprise you.  Tuma is Co-Chair of the Data Privacy and Cybersecurity Practice at law firm Spencer Fane, www.spencerfane.com.

Tuma explains

4787284265?profile=RESIZE_400xSeveral private cyber security research firms, along with the US Department of Justice, Federal Bureau of Investigation (FBI) are sharing an important warning report on a new ransomware campaign.  As of March 2020, authorities received notification that the ransomware variant ProLock had infected multiple organizations in the US to include healthcare organizations, government entities, financial institutions, and retail organizations.  ProLock was previously released as ‘PwndLock ransomware’ in

4472992398?profile=RESIZE_400xEven the largest companies can become victims of ransomware attacks by targeting supply chain members. A third-party ransomware attack has documents from Boeing, Lockheed Martin, SpaceX, and Tesla published for the world to see. These "high end" ransomware demands are now being called "nuclear" ransomware.  

The attack hit Visser, a manufacturing and design contractor for several prominent aerospace and defense companies. Here is how things unfolded, according to The Register: "The data was pilf

4304188497?profile=RESIZE_710xOur Friends at the FBI issued a cyber bulletin on 04 01 2020.  This was no April Fool's Joke, but a serious cyber warning on the Sodinokibi Ransomware (pic: tgsoft.it), also known as REvil, Bluebackground, or Sodin.  Red Sky Alliance / Wapack Labs was already researching this ransomware.  Last week, Jesse Burke our Chief of Special Operations, provided a brief on Sodinokibi Ransomware.  Look to your right (Did you miss the March Cyber Intelligence Briefing (CIB). Topics: Coronavirus Lures and Bu