Archive for the ‘Ransomware’ Category

Night Sky ransomware operators exploit Log4Shell to target hack VMware Horizon servers

The Night Sky ransomware operation started exploiting the Log4Shell flaw ( CVE-2021-44228 ) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. The gang has also set up a leak site on […]

Leave a Comment

AvosLocker ransomware gang releases a free decryptor after an affiliate hit US gov agency

The AvosLocker ransomware operation provided a free decryptor after they encrypted the systems of a US government agency. According to BleepingComputer, the gang hit a police department but fearing the reaction of US law enforcement opted to release a free decryptor to the government entity.  The incident is casual, one of the affiliates of the […]

Leave a Comment

Anti-Ransomware Checklist

Ransomware Protection Playbook https://www.facebook.com/DISCInfoSec/shop/ https://www.amazon.com/shop/discinfosec

Leave a Comment

ALPHV BlackCat – This year’s most sophisticated ransomware

Ransomware Protection Playbook

Leave a Comment

A ransomware reality check for CISOs

The dilemmas organizations must deal with are dizzying: To pay a ransom or not? Will cyber insurance provide adequate shelter? What’s the role of government? Are new mandates and penalties on the horizon? How are adversaries evolving their tactics? To make sense of it all, let’s first focus on the adversaries and their playbook. Cyber […]

Leave a Comment

FIN7 cybercrime gang creates fake cybersecurity firm to recruit pentesters for ransomware attacks

The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities. FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, […]

Leave a Comment

FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations

FBI, CISA, NSA have published a joint advisory about the operation of the BlackMatter ransomware gang and provides defense recommendations. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have published an advisory that provides details about the BlackMatter ransomware operations and defense recommendations. This advisory provides […]

Leave a Comment

U.S. Treasury Offers Crypto Guidance Amid Ransomware Surge

US Treasury says there was $590M in suspicious ransomware activity in H1 2021, exceeding the entire amount in 2020, when $416M was reported  —  Suspicious activity reports related to ransomware jumped significantly in 2021, according to the U.S. Treasury Department’s Financial Crimes Enforcement Network. There was $590 million in suspicious activity related to ransomware in […]

Leave a Comment

Three more ransomware attacks hit Water and Wastewater systems in 2021

A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year. This is the first time that these attacks […]

Leave a Comment

How to Mitigate the Top 4 Ransomware Vectors

The ransomware economy is booming. Ransomware gangs are so successful that if cybercriminals were companies, some would be considered “unicorns.” Organized crime syndicates have taken over this highly lucrative extortion racket and are now running the ransomware economy at an industrial scale. The U.S. is reportedly hit by seven ransomware attacks every hour, with ransomware demands expected to hit […]

Leave a Comment

Treasury Sanctions SUEX Exchange for Laundering Ransoms

The Biden administration fired another shot in its battle against ransomware Tuesday as the U.S. Treasury Department took steps to disrupt the financial infrastructure behind ransoms, designating for sanctions the SUEX OTC, S.R.O. virtual currency exchange for laundering ransom payments. By designating SUEX, the Treasury Department’s Office of Foreign Assets Control (OFAC) is blocking the exchange’s property […]

Leave a Comment

Feds Warn of Ransomware Attacks Ahead of Labor Day

Feds Warn of Ransomware Attacks Ahead of Labor Day Though lots of people might be taking some time off over the Labor Day weekend, threat actors likely won’t — which means organizations should remain particularly vigilante about the potential for ransomware attacks, the federal government has warned. Citing historical precedence, the FBI and CISA put out […]

Leave a Comment

Three reasons why ransomware recovery requires packet data

Given that, companies also need to carefully consider their ability to respond and recover from a ransomware incident. While the key component of recovery is maintaining and testing backups of critical data, one aspect of recovery that’s often overlooked is having access to the stored packet data from the lead-up and ransomware attack itself. High-quality […]

Leave a Comment

Ransomware and cyber insurance: What are the risks?

For these and other reasons, organizations are increasingly opting for cyber insurance coverage and paying higher premiums year after year. According to the U.S. Government Accountability Office, the number of companies opting for cybersecurity coverage grew from 26% in 2016 to 47% in 2020, and most saw breach insurance premiums increase by up to 30%. Given […]

Leave a Comment

Why ransomware is such a threat to critical infrastructure

Industrial Cybersecurity: Efficiently secure critical infrastructure systems

Leave a Comment

Conti ransomware affiliate goes rogue, leaks “gang data”

If you like a touch of irony in your cybersecurity news, then this has been the week for it. Yesterday, we wrote about an exploitable security hole… …inside a hacking tool that helps you exploit security holes. Today, we’re writing about a ransomware-related data breach that leaked organisational information… …from inside a ransomware group. And if […]

Leave a Comment

Navigating the complexity of ransomware negotiations

Ransom negotiation protocol checklist First and foremost, before communications can begin, you need to determine if legal engagement with the threat actor is possible. How? An OFAC (Office of Foreign Assets Control) check must be run to see whether any data (i.e., IP addresses, language, system access, etc.) or metadata is associated with an entity that has […]

Leave a Comment

Ransomware: What REALLY happens if you pay the crooks?

Governments and law enforcement hate it when ransomware victims pay the blackmail demands that almost always follow a ransomware attack, and you can understand why, given that today’s payments fund tomorrow’s cybercriminality. Of course, no one needs to be told that. Paying up hurts in any number of ways, whether you feel that hurt in your […]

Leave a Comment

The 5 biggest ransomware pay-outs of all time

Just a few years ago, you may never have heard of ransomware. Nowadays, it’s a ÂŁ10 billion-a-year industry and considered one of the biggest threats facing organizations, schools and essential services. Dozens of ransomware cases are reported each month, with companies locked out of their files and facing extortionate demands. The current going rate for decryption keys is […]

Leave a Comment

Ransomware attribution: Missing the true perpetrator?

Admittedly, this does lead to doomsday scenarios offered up by authors on the multitude of platforms sharing doomsday scenarios, with weak attribution included to suit their own narrative. While commentary on the impact of such a scenario is generally to be welcomed, the focus of attribution remains. Recent events have introduced the world at large […]

Leave a Comment