DISC InfoSec blog

Ransomware-as-a-service (RaaS) crews are actively looking for affiliates to split profits obtained in outsourced ransomware attacks targeting high profile public and private organizations. The more well-known ransomware gangs run private affiliate programs where affiliates can submit applications and resumes to apply for membership. For affiliates that are accepted into the program, the ransomware developers receive […]

A relative newcomer in the “malware-as-a-service” scene is starting to attract the big-money ransomware criminals. Source: Buer Loader “malware-as-a-service” joins Emotet for ransomware delivery Understanding malware as a service MaaS Chaos. Is Malware-as-a-Service Growing? In the legitimate business world, there’s something known as Software-as-a-Service, or SaaS. Here’s a definition: A software licensing-and-delivery model in which […]

The Springfield Public Schools district in Massachusetts has become the victim of a ransomware attack that has caused the closure of schools while they investigate the cyberattack. Source: Massachusetts school district shut down by ransomware attack FBI warning schools to create a ransomware attack plan

No patients were affected, but the incident was another reminder of the risks in the increasingly common assaults on healthcare computer networks. A Philadelphia company that sells software used in hundreds of clinical trials, including the crash effort to develop tests, treatments and a vaccine for the coronavirus, was hit by a ransomware attack that […]

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations. The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook… […]

Better yet – do the basics and your systems won’t get encrypted in the first place Source: Don’t pay the ransom, mate. Don’t even fix a price, say Australia’s cyber security bods The infoseccers strongly advised against paying the criminals: Paying a ransom does not guarantee decryption of data. Open source reporting indicates several instances […]

Equinix, one of the world’s largest providers of colocation data centers and Internet connection announced it was hit by Netwalker Ransomware. Source: Colocation data centers giant Equinix data hit by Netwalker Ransomware Equinix data center giant hit by Netwalker Ransomware, $4.5M ransom Equinix Ransomware Attack Hits Company’s Internal Systems Equinix Statement on Security Incident Download […]

Why are small and medium-sized businesses a target for ransomware-wielding gangs and what can they do to protect themselves against cyber-extortion? According to a recent report by the Ponemon Institute, the biggest challenge faced by SMBs is a shortage of personnel to deal with cyber-risks, attacks, and vulnerabilities, while the second greatest problem revolves around […]

New samples of the ransomware reveal the techniques used to attack critical ICS systems. Source: This is how EKANS ransomware is targeting industrial control systems | ZDNet More on EKANS, the ransomware with an ICS kicker. Shipping company customer-facing IT disrupted Download a Security Risk Assessment Steps paper! Subscribe to DISC InfoSec blog by Email […]

Ransom notes signed by ‘Cl0ud SecuritY’ hacker group are being found on old LenovoEMC NAS devices. Source: A hacker gang is wiping Lenovo NAS devices and asking for ransoms | ZDNet Dealing with a Ransomware Attack: A full guide A Beginner’s Guide to Protecting and Recovering from Ransomware Attacks Download a Security Risk Assessment Steps […]

Maersk is the world’s largest integrated shipping and container logistics company. I was massively privileged (no pun intended) to be their Identity & Access Management (IAM) Subject Matter Expert (SME), and later IAM Service Owner. Along with tens (if not hundreds) of others, I played a role in the recovery and cybersecurity response to the […]

An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model. Source: Iranian developer advertised BlackRouter Ransom-as-a-Service