The Night Sky ransomware operation started exploiting the Log4Shell flaw ( CVE-2021-44228 ) in the Log4j library to gain access to VMware Horizon systems. The ransomware gang started its operations on December 27, 2021, and has already hacked the corporate networks of two organizations from Bangladesh and Japan respectively. The gang has also set up a leak site on […]

The AvosLocker ransomware operation provided a free decryptor after they encrypted the systems of a US government agency. According to BleepingComputer, the gang hit a police department but fearing the reaction of US law enforcement opted to release a free decryptor to the government entity.  The incident is casual, one of the affiliates of the […]

Ransomware Protection Playbook https://www.facebook.com/DISCInfoSec/shop/ https://www.amazon.com/shop/discinfosec

Ransomware Protection Playbook

The dilemmas organizations must deal with are dizzying: To pay a ransom or not? Will cyber insurance provide adequate shelter? What’s the role of government? Are new mandates and penalties on the horizon? How are adversaries evolving their tactics? To make sense of it all, let’s first focus on the adversaries and their playbook. Cyber […]

The FIN7 hacking group is attempting to enter in the ransomware business and is doing it with an interesting technique. The gang space creates fake cybersecurity companies that hire experts requesting them to carry out pen testing attacks under the guise of pentesting activities. FIN7 is a Russian criminal group that has been active since mid-2015, it focuses on restaurants, […]

FBI, CISA, NSA have published a joint advisory about the operation of the BlackMatter ransomware gang and provides defense recommendations. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have published an advisory that provides details about the BlackMatter ransomware operations and defense recommendations. This advisory provides […]

US Treasury says there was $590M in suspicious ransomware activity in H1 2021, exceeding the entire amount in 2020, when $416M was reported  —  Suspicious activity reports related to ransomware jumped significantly in 2021, according to the U.S. Treasury Department’s Financial Crimes Enforcement Network. There was $590 million in suspicious activity related to ransomware in […]

A joint cybersecurity advisory published by US agencies revealed that three ransomware attacks on wastewater systems this year. A joint cybersecurity advisory published today by the FBI, NSA, CISA, and the EPA revealed three more attacks launched by Ransomware gangs against US water and wastewater treatment facilities (WWS) this year. This is the first time that these attacks […]

The ransomware economy is booming. Ransomware gangs are so successful that if cybercriminals were companies, some would be considered “unicorns.” Organized crime syndicates have taken over this highly lucrative extortion racket and are now running the ransomware economy at an industrial scale. The U.S. is reportedly hit by seven ransomware attacks every hour, with ransomware demands expected to hit […]

The Biden administration fired another shot in its battle against ransomware Tuesday as the U.S. Treasury Department took steps to disrupt the financial infrastructure behind ransoms, designating for sanctions the SUEX OTC, S.R.O. virtual currency exchange for laundering ransom payments. By designating SUEX, the Treasury Department’s Office of Foreign Assets Control (OFAC) is blocking the exchange’s property […]

Feds Warn of Ransomware Attacks Ahead of Labor Day Though lots of people might be taking some time off over the Labor Day weekend, threat actors likely won’t — which means organizations should remain particularly vigilante about the potential for ransomware attacks, the federal government has warned. Citing historical precedence, the FBI and CISA put out […]

Given that, companies also need to carefully consider their ability to respond and recover from a ransomware incident. While the key component of recovery is maintaining and testing backups of critical data, one aspect of recovery that’s often overlooked is having access to the stored packet data from the lead-up and ransomware attack itself. High-quality […]

For these and other reasons, organizations are increasingly opting for cyber insurance coverage and paying higher premiums year after year. According to the U.S. Government Accountability Office, the number of companies opting for cybersecurity coverage grew from 26% in 2016 to 47% in 2020, and most saw breach insurance premiums increase by up to 30%. Given […]

Industrial Cybersecurity: Efficiently secure critical infrastructure systems

If you like a touch of irony in your cybersecurity news, then this has been the week for it. Yesterday, we wrote about an exploitable security hole… …inside a hacking tool that helps you exploit security holes. Today, we’re writing about a ransomware-related data breach that leaked organisational information… …from inside a ransomware group. And if […]

Ransom negotiation protocol checklist First and foremost, before communications can begin, you need to determine if legal engagement with the threat actor is possible. How? An OFAC (Office of Foreign Assets Control) check must be run to see whether any data (i.e., IP addresses, language, system access, etc.) or metadata is associated with an entity that has […]

Governments and law enforcement hate it when ransomware victims pay the blackmail demands that almost always follow a ransomware attack, and you can understand why, given that today’s payments fund tomorrow’s cybercriminality. Of course, no one needs to be told that. Paying up hurts in any number of ways, whether you feel that hurt in your […]

Just a few years ago, you may never have heard of ransomware. Nowadays, it’s a £10 billion-a-year industry and considered one of the biggest threats facing organizations, schools and essential services. Dozens of ransomware cases are reported each month, with companies locked out of their files and facing extortionate demands. The current going rate for decryption keys is […]

Admittedly, this does lead to doomsday scenarios offered up by authors on the multitude of platforms sharing doomsday scenarios, with weak attribution included to suit their own narrative. While commentary on the impact of such a scenario is generally to be welcomed, the focus of attribution remains. Recent events have introduced the world at large […]