X-Industry

The White House National Security Council this week kicked off its international counter-ransomware event with participation from more than 30 nations, not including Russia or China. This gathering aims to improve global network resilience, address illicit cryptocurrency use, and elevate both law enforcement collaboration and diplomatic efforts. 

In a pre-event press call on 12 October 2021, a senior administration official said, "In this first round of discussions, we did not invite the Russian

This joint Cybersecurity Advisory was developed by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) to provide information on BlackMatter ransomware.  Since July 2021, BlackMatter ransomware has targeted multiple US critical infrastructure entities, including two US Food and Agriculture Sector organizations.  This advisory provides information on cyber actor tactics, techniques, and procedures (TTPs) ob

Several cyber-attacks were prevented by Israel’s Health Ministry’s Cyber Security Center over this past weekend, the Health Ministry reported on 17 October.  Some 627 cyberattacks per organization were observed in Israel’s health sector – 72% more than the average on previous weekends, Check Point said.  These attacks are more than in any other sector, where there was an average of 267 attacks per organization and no significant increase, the cyber security firm noted.[1]

Barzilai Medical Center

The US head of the US National Security Agency (NSA), Cyber Command says the US will continue to battle ransomware for many years into the future. Some of the highest-ranking cybersecurity officials in the US government discussed the pervasive threat of ransomware on 05 October 2021, comparing it to an issue of national security with the ability to inflict measurable damage on major world powers.

Speaking at security firm Mandiant's Cyber Defense Summit, the deputy national security adviser for

Activity Summary - Week Ending 8 October 2021:

• Red Sky Alliance identified 45,583 connections from new IP’s checking in with our Sinkholes
• Analysts identified 1,245 new IP addresses participating in various botnets
• Researchers observed 10 unique email accounts compromised with keyloggers
• Ranion is a Ransom-as-a-Service
• Ransomware Operations are Short-Lived
• Cyber-Attack turns Fatal
• Indiana hospital and Ransomware
• Protecting the Healthcare Sector
• What’s a Slacktivist?
• The Anthropocene Period

Lin

In the Real Estate business, the most sought after properties have location, location and location as their attraction. Thinking as a criminal what is on their “Wish List?” How do they rate the ideal ransomware target? Cyber threat investigators calim the following attributes add up to the best targets: revenue, size, geography and level of access help determine sale price for access. The most sought-after type of victim for ransomware-wielding attackers is a large, U.S. based business with at l

Our friends at several cyber media outlets are reporting that the operators behind the REvil ransomware-as-a-service (RaaS) is back.  In a surprise return, REvil reappeared after a two-month break following the widely publicized attack on technology services provider Kaseya on 4 July 2021.  In fact, Red Sky Alliance analysts observed its return this past week.

Two of the dark web portals, including the gang's Happy Blog data leak site and its payment/negotiation site, have reappeared online, wit

Did you ever wonder how a can of green beans gets to the shelf of your supermarket?  Well, from planting the seeds, harvesting the crop, canning the beans, and pushing them to market – is all called the ‘Food Supply Chain.’  Now cyber-attackers are targeting our food supply chain and the Jolly Green Giant ain’t so happy.

The US Federal Bureau of Investigation (FBI) has issued a new alert on 06 September 2021 warning companies in the food and agricultural sector that they are increasingly at risk

A new twist on an old con; remember the Nigerian Princes who wanted to share their fortune with you - if only you would only send them your bank account number?  A Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in Bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.

"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then the

Ransomware-as-a-Service Operations Seek Affiliates for Extorting New Victims.  After a number of high-profile hits during 2021, some of the largest and most notorious ransomware operations disappeared. Beginning in May 2021, ransomware attacks by Russian-language groups Conti against Ireland's health service, DarkSide against U.S.-based Colonial Pipeline, and REvil against meat processing giant JBS and remote management software firm Kaseya led the Biden administration to try to better disrupt t

US Government Cyber Warning Summary:

Immediate Actions You Can Take Now to Protect Against Ransomware

• Make an offline backup of your data.
• Do not click on suspicious links.
• If you use RDP, secure and monitor it.
• Update your OS and software.
• Use strong passwords.
• Use multi-factor authentication.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have observed an increase in highly impactful ransomware attacks occurring on US holidays and we

Ransomware actors have taken a page from the playbooks of tech support scammers of yore by guiding victims to download malware using persuasion over the phone. The technique was first spotted in February, according to Palo Alto Networks' Unit 41 research unit. But Microsoft is issuing a fresh warning about the campaigns, contending they're much more dangerous than it first realized. Microsoft calls the campaign "BazaCall."

See:  https://redskyalliance.org/xindustry/ransomware-demand-answer-line-

A new twist on an old con; remember all the Nigerian Princes who wanted to share their fortune with you, if only you would only send them your bank account number?  Nigerian threat actor has been observed attempting to recruit employees by offering them to pay $1 million in bitcoins to deploy Black Kingdom ransomware on companies' networks as part of an insider threat scheme.

"The sender tells the employee that if they're able to deploy ransomware on a company computer or Windows server, then th

U.S. crime-fighting agencies testified in front of Congress during the last week of July 2021, and the hearing had a chilling title: "America Under Cyber Siege: Preventing and Responding to Ransomware Attacks"

Since January 2021, ransomware attacks have disrupted critical infrastructure, the food supply, IT management, healthcare, education, transportation, and many other sectors of the economy.For the most part, criminal and nation-state actors continue to launch attacks with little fear of fac

What happens when your expert consultant team that has been advising your organization about what you need to do to protect your firm from cyber threats becomes “front page news?” The consultancy Accenture, which offers cybersecurity services, confirmed Wednesday it had been hit by a cyber incident. The ransomware gang LockBit took credit for the attack.  Dublin, Ireland-based Accenture declined to give details on when the incident occurred, its duration or the attack type.

See for more informat

Every few months, enterprising cyber criminals are offering new services to enable cybercrimes, thefts and paid ransoms.  These new “services” make crime easier for lower skilled criminals and increase profits for all members of the ransomware supply chain. TM: General Mills

Cyber threat actors who want to take down bigger targets more easily and quickly, ransomware gangs are increasingly tapping initial access brokers, who sell ready access to high-value networks.  On average, such access is so

On 5 August 2021 a threat actor using the handle m1Geelka, made a post on the Russian XSS cybercriminal forum.  In the post, they claim to have leaked the manuals and instructions used by the Conti ransomware group whom with they were previously associated.  These posts provide valuable insight into Conti operations.  While the group is highly likely to change its exposed infrastructure and their tactics, techniques, and procedures (TTP’s), network defenders are now able to research this informa

Supply chain networks have for some time been driven by technology over the years and have evolved accordingly.  The same technologies that make supply chains faster and more effective also threaten their cybersecurity. Supply chains have vulnerabilities along touchpoints with manufacturers, suppliers, and other service providers.

With constant global cyber threats, it is vital that companies involved in the supply chain understand risks and how to respond to them.  So, what is the best way to p

Recently, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiati

In the past several weeks, South Africa has experience violent riots in response to the arrest of its former president.[1]  The unrest is having serious repercussions for the country's mining sector. The outbursts, located in the province of KwaZulu Natal, are hampering the activity of local mines, but also that of Durban and Richards Bay port terminals.  On 22 July, a cyber-​​attack has directly disrupted the operation of South Africa’s busiest container terminal.  It’s the largest on the Afric