ransomware (136)

9872531073?profile=RESIZE_400xIt is never easy to negotiate with criminals, especially in the cyber-world we live in.  Organizations that fall victim to a ransomware attack should never let the cyber criminals know they have cyber insurance, because if the attackers know that their victim holds an insurance policy, they are more likely to outright demand the ransom payment in full.  Criminals are smart and cunning.

Cybersecurity researchers recently examined over 700 negotiations between ransomware attackers and ransomware v

9868929669?profile=RESIZE_400xIn today’s business world, mergers and acquisitions are commonplace as businesses combine, acquire, and enter various partnerships.  Mergers and Acquisitions (M&A) are filled with often very complicated and complex processes to merge business processes, management, and a whole slew of other aspects of combining two businesses into a single logical entity.  There have been cyber-attacks on companies during M&As, yet there is a growing concern with M&A activities and cyber security.

The use of alt

9868168285?profile=RESIZE_400xThere seems to be a pattern in data breach and other cyber-attack cases.  After a data breach, a company often turns to its insurer for coverage.  Some companies have specialized cyber insurance and sometimes it does not.  Yet, even if businesses have paid for what they believe to be comprehensive cyber security risk insurance, the insurer may refuse to pay the claim.  Insurers often have many reasons for refusing coverage such as a failure to notify in a timely fashion, failure to mitigate cost

9840514871?profile=RESIZE_400xActivity Summary - Week Ending on 24 November 2021:

  • Red Sky Alliance identified 26,071 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 2,849 new IP addresses participating in various Botnets
  • DigitalOcean in the Cross-Hairs Again
  • Magniber Ransomware
  • Ransomware Still #1
  • Attack Framework - Left to Right
  • Core to the Edge
  • Iran Cyber Bullies & Mahan Airlines
  • Asia Financial Targets
  • CBDC
  • Environmentalists Sharing the Brave New World

Link to full report: IR-21-328-001_weekl

9822278874?profile=RESIZE_400xCybersecurity threats, risks and challenges are often different depending on various international locations.  Cyber-attack targets vary based on local resources and means to exploit vulnerabilities.  Cyber criminals and nation-state attackers zero in on specific nations, companies and organizations for varying incentives.   Additionally, the COVID-19 pandemic amplified and intensified cybersecurity threats.  Since 2019, attackers have launch remote work-enabled attacks or social engineering att

9785763486?profile=RESIZE_400xRansomware has been a cyber security issue for the past several years and somewhat hits its peak - with the Colonial Pipeline ransomware attack.  Ransomware is defined as a form of malicious software that is designed to restrict users from accessing their computers or files stored on computers until they pay a ransom to cybercriminals.

Ransomware typically operates via the cryptovirology methods or using cryptography (encryption) to design powerful malicious software.  The software then uses sym

9785334474?profile=RESIZE_400xRobinhood was known for “Stealing from the Rich, and Giving to the Poor.”  Not so in the last two years.  For the second time Robinhood Markets Inc. has been attacked by cyber criminals.  Robinhood said personal information of about 7 million people, which is approximately a third of its customers, was compromised in a data breach last week.  The bad actors then demanded a ransom payment.  The intruder obtained email addresses of about 5 million people as well as full names for a separate group

9780417858?profile=RESIZE_400xDuring October 2021, the cyber sector celebrated the 18th year of the Cybersecurity Awareness Month, which was previously known as National Cybersecurity Awareness Month.  Under the slogan “Do Your Part #BeCyberSmart”, the Cybersecurity and Infrastructure Security Agency (CISA) together with the National Cyber Security Alliance (NCSA) each year encourage individuals and organizations to own their role in protecting cyberspace by emphasizing personal accountability and the importance of taking pr

9753300853?profile=RESIZE_400xCyber threat actors must hate children this year.  Ferrara Candy the company that makes Nerds, Laffy Taffy, Now and Laters, SweetTarts, Jaw Busters, Nips, Runts and Gobstoppers announced that it was hit with a ransomware attack just weeks before it prepares for one of its biggest holidays, Halloween. The Illinois-based company released a statement that on 09 October 2021, they "disrupted a ransomware attack" that encrypted some of their systems. 

"Upon discovery, we immediately responded to secu

9738888867?profile=RESIZE_400xWhen a business, government agency or any other organization gets hit by ransomware and opts to pay a ransom to its attacker in exchange for a decryption key or some other promise, on average it pays $140,000.  This is the average amount disclosed by ransomware incident response firm Coveware, based on thousands of incidents it investigated from July through August 2021.

In a new report detailing Q3 trends, Coveware says that the average ransom payment remained largely steady, compared to Q2, wh

9738659095?profile=RESIZE_400xUkrainian authorities have detain a criminal gang who laundered funds for Russian hacking groups.  Ukraine’s national police detained suspects on 25 October 2021, for stealing funds from cryptocurrency wallets and laundering profits for cybercrime organizations.   

The arrests took place as part of a joint investigation with US authorities, the Ukrainian National Police (NPU) said in a press release.  An undisclosed number of suspects were detained following house searchers across the country.


9718723684?profile=RESIZE_400xThe White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations, not including Russia or China. This gathering aims to improve global network resilience, address illicit cryptocurrency use, and elevate both law enforcement collaboration and diplomatic efforts. 

In a pre-event press call on 12 October 2021, a senior administration official said, "In this first round of discussions, we did not invite the Russian

9725291476?profile=RESIZE_400xThis joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware.  Since July 2021, BlackMatter ransomware has targeted multiple US critical infrastructure entities, including two US Food and Agriculture Sector organizations.  This advisory provides information on cyber actor tactics, techniques, and procedures (TTPs) ob

9712251854?profile=RESIZE_400xSeveral cyber-attacks were prevented by Israel’s Health Ministry’s Cyber Security Center over this past weekend, the Health Ministry reported on 17 October.  Some 627 cyberattacks per organization were observed in Israel’s health sector – 72% more than the average on previous weekends, Check Point said.  These attacks are more than in any other sector, where there was an average of 267 attacks per organization and no significant increase, the cyber security firm noted.[1]

Barzilai Medical Center

9690728900?profile=RESIZE_400xThe US head of the US National Security Agency (NSA), Cyber Command says the US will continue to battle ransomware for many years into the future. Some of the highest-ranking cybersecurity officials in the US government discussed the pervasive threat of ransomware on 05 October 2021, comparing it to an issue of national security with the ability to inflict measurable damage on major world powers.

Speaking at security firm Mandiant's Cyber Defense Summit, the deputy national security adviser for

9657763476?profile=RESIZE_400xActivity Summary - Week Ending 8 October 2021:

  • Red Sky Alliance identified 45,583 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 1,245 new IP addresses participating in various botnets
  • Researchers observed 10 unique email accounts compromised with keyloggers
  • Ranion is a Ransom-as-a-Service
  • Ransomware Operations are Short-Lived
  • Cyber-Attack turns Fatal
  • Indiana hospital and Ransomware
  • Protecting the Healthcare Sector
  • What’s a Slacktivist?
  • The Anthropocene Period


9562798489?profile=RESIZE_400xIn the Real Estate business, the most sought after properties have location, location and location as their attraction. Thinking as a criminal what is on their “Wish List?” How do they rate the ideal ransomware target? Cyber threat investigators calim the following attributes add up to the best targets: revenue, size, geography and level of access help determine sale price for access. The most sought-after type of victim for ransomware-wielding attackers is a large, U.S. based business with at l

9554622473?profile=RESIZE_400xOur friends at several cyber media outlets are reporting that the operators behind the REvil ransomware-as-a-service (RaaS) is back.  In a surprise return, REvil reappeared after a two-month break following the widely publicized attack on technology services provider Kaseya on 4 July 2021.  In fact, Red Sky Alliance analysts observed its return this past week.

Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have reappeared online, wit

9551617685?profile=RESIZE_180x180Did you ever wonder how a can of green beans gets to the shelf of your supermarket?  Well, from planting the seeds, harvesting the crop, canning the beans, and pushing them to market – is all called the ‘Food Supply Chain.’  Now cyber-attackers are targeting our food supply chain and the Jolly Green Giant ain’t so happy.

The US Federal Bureau of Investigation (FBI) has issued a new alert on 06 September 2021 warning companies in the food and agricultural sector that they are increasingly at risk

9551483086?profile=RESIZE_400xA new twist on an old con; remember the Nigerian Princes who wanted to share their fortune with you - if only you would only send them your bank account number?  A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in Bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.

"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then the