ransomware (167)

9315119659?profile=RESIZE_400xRecently, ransomware criminals claimed as trophies at least three North American insurance brokerages that offer policies to help others survive the very network-paralyzing, data-pilfering extortion attacks they themselves apparently suffered.

Cybercriminals who hack into corporate and government networks to steal sensitive data for extortion routinely try to learn how much cyber insurance coverage the victims have. Knowing what victims can afford to pay can give them an edge in ransom negotiati

9297250058?profile=RESIZE_400xIn the past several weeks, South Africa has experience violent riots in response to the arrest of its former president.[1]  The unrest is having serious repercussions for the country's mining sector. The outbursts, located in the province of KwaZulu Natal, are hampering the activity of local mines, but also that of Durban and Richards Bay port terminals.  On 22 July, a cyber-​​attack has directly disrupted the operation of South Africa’s busiest container terminal.  It’s the largest on the Afric

9289110685?profile=RESIZE_400xPalo Alto Networks, Unit 42 has provided great research on the Mespinoza criminal cyber group.  As cyber extortion flourishes, ransomware gangs are constantly changing tactics and business models to increase the chances that victims will pay increasingly large ransoms.  As these criminal organizations become more sophisticated, they are increasingly taking on the appearance of professional enterprises.  One good example is Mespinoza ransomware, which is run by a prolific group with a penchant fo

9272802297?profile=RESIZE_400xHackers have recently tampered with critical infrastructure entities in the US.  This includes the Colonial Pipeline incident that affected the supply of gas and the JBS Foods hack that affected operations of the meat-packing giant.  Neither of these ransomware attacks had any severe, real-world consequences.  Some people could not put gas in their cars for a few days, or the price of meat might have gone up in some areas, but no lives were immediately threatened.

But what if the hackers decided

9208836301?profile=RESIZE_400xLast weekend did not start out so nice.  The hacking group behind what media is calling ‘colossal ransomware attack’ has demanded $70m (£50.5m) paid in Bitcoin in return for a "universal decryptor" that it says will unlock the files of all victims.  The Russian associated REvil group is saying its malware, which initially targeted US IT firm Kaseya, has hit one million "systems." 

This number has not been totally verified and the exact total of victims is unknown.  Yet, victims include 500 Swedi

9180993488?profile=RESIZE_400xThe average cost of a ransomware attack in 2020 was approximately $761,000.  The average cost of remediating a ransomware attack has more than doubled in the last 12 months.  Remediation costs, including business downtime, lost orders, operational costs, and more, grew from an average of approximately $761,000 in 2020 to approximately $1.85 million in 2021.[1] 

The importance of cybersecurity is no secret to anyone who uses a computer or an iPhone.  Senior executives at businesses of all sizes u

9145176696?profile=RESIZE_180x180The US and its NATO allies endorsed a new cybersecurity defense policy during President Biden's visit this week with member states in Brussels, according to the official summit communique.  NATO members agreed that the organization's Article 5 provision which states that an attack on one member nation is an attack on all could now be applied to cyber threats.  But NATO would make any decisions to invoke Article 5 in response to a cyber incident on a "case-by-case basis," the communique notes.  A

9139088298?profile=RESIZE_400xIt is clearly proven on a daily/hourly basis that cyber-attacks will not slow down; with ransomware leading the hacker’s choice of malware techniques.  So, who really loses in these attacks?  In most cases, the business and corporate owners.  A million dollar ransom of frozen networks, even if negotiated down, will put many companies on their heels, if not out of business. 

A pair of recent lawsuits have been filed on behalf of former and current Scripps Health (Scripps) patients, who allege the

9125342468?profile=RESIZE_400xThe White House continues to make multiple moves to try and better combat the increasing damage being done by ransomware-wielding attackers.  "The number and size of ransomware incidents have increased significantly, and strengthening our nation's resilience from cyberattacks in both the private and public-sector is a top priority" for President Joe Biden, says a memo issued by the White House to U.S. corporate executives and business leaders on Wednesday, urging them to ensure they are followin

9111779083?profile=RESIZE_400xLaw enforcement is on a roll.  Europol members recently arrested numerous people in connection with a US law enforcement sting; last week Mexico arrested hacktivist Commander X; and now police in Ukraine reported earlier this week they arrested members of a major ransomware gang.  The arrests mark the first time a law enforcement agency has announced a mass arrest of a prolific hacker group that had extorted Americans by either encrypting an organization's files or threatening to leak them to th

9107675697?profile=RESIZE_400xAs more cities see their police departments targeted with ransomware attacks, some analysts are voicing concerns that the attacks, which could lead to inaccessible systems and potentially compromised evidence, could impede criminal prosecutions.   

Among the latest developments, the police department in the City of Azusa, Arizona, recently reported that it had been hit by ransomware in March 2021, resulting in the compromise of personally identifiable information (pii), including Social Security

9089052477?profile=RESIZE_400xThe decision to pay the ransom demanded by the cybercriminal group was to avoid any further issues or potential problems for its customers, according to the company’s CEO.  JBS Foods paid the equivalent of $11 million in ransom after a cyber-attack that forced the company to shut down some operations in the United States and Australia over the Memorial Day weekend.

The company made the payment to cybercriminals to ensure the protection of its data and mitigate any further damage to its customers

9073810482?profile=RESIZE_400xA few days after the Colonial Pipeline was attacked, a former law enforcement source close to the company told Red Sky Alliance that law enforcement officials used a cyber type ‘dye pack’ to track the Bitcoin Colonial ransom payment.  A traditional dye pack is used in banks to be used during a bank robbery.  The robbers take the cash bundle with the dye pack and within minutes, the dye pack ignites and paints the robber with a dye, so responding police can identify the fleeing felon.  The federa

9068051683?profile=RESIZE_400xCyber threat analysts have stated that 50% to 70% of all ransomware attacks in the U.S. are targeting small and medium-sized businesses, costing the victims an estimated total of $350 million in the last year, Secretary of Homeland Security Alejandro Mayorkas said Wednesday in a speech to the U.S. Chamber of Commerce.  "The losses from ransomware are staggering. And the pace at which those losses are being realized is equally staggering," Mayorkas said, noting this is why DHS has made battling r

9034048680?profile=RESIZE_400xActivity Summary - Week Ending 4 June 2021:

  • Analysts identified 1,420 new IP addresses participating in various Botnets
  • Red Sky Alliance identified 39,711 connections from new unique IP Addresses
  • Analysts observed 14 unique email accounts compromised with Keyloggers
  • BazaLoader
  • WastedLoader
  • Kimsuky, Velvet Chollima, Black Banshee, or Thallium spreading AppleSeed Backdoor
  • JBS Ransomware
  • Farming Equipment Vulnerabilities
  • Produce supplier denied Insurance claim with a fraudulent $1.4 Million Wire T

9029694273?profile=RESIZE_400xThe old trick of using a Trojan horse to deceive is still in vogue and using cyber as the lure.  A massive phishing campaign is distributing what looks like ransomware but is in fact trojan malware that creates a backdoor into Windows systems to steal usernames, passwords, and other information from victims.  Detailed by cybersecurity researchers at Microsoft, the latest version of the Java-based STRRAT malware is being sent out via a large email campaign, which uses compromised email accounts t

8989665473?profile=RESIZE_400xThe infamous cybercrime organization known as Evil Corp may be running cyberespionage operations on behalf of a Russian intelligence agency, security consulting company Truesec reports.  Active since at least 2009 and also referred to as TA505, the hacking group is known for the use of the Dridex banking Trojan, but also for ransomware families such as Locky, Bart, Jaff, and BitPaymer, along with the more recent WastedLocker and Hades.

Evil Corp is allegedly run by Russian nationals Maksim Yakub

8963279294?profile=RESIZE_400xIn the US, the Federal Bureau of Investigation (FBI) issued an alert on 20 May regarding “Conti,” a highly disruptive ransomware variant.  Cyber-attacks associated with Conti and the previously published Darkside ransomware variant are believed to be emanating from criminal networks operating from a non-cooperative foreign jurisdiction.  The FBI says it identified at least 16 Conti ransomware attacks targeting US health care and first responder networks, including law enforcement agencies, emerg