Posts Tagged ‘Ransomware Protection Playbook’

This company paid a ransom demand. Hackers leaked its data anyway

It’s always recommended that ransomware victims don’t give in to ransom demands – and this real-life case demonstrates why. A victim of a ransomware attack paid to restore access to their network – but the cyber criminals didn’t hold up their end of the deal.  The real-life incident, as detailed by cybersecurity researchers at Barracuda Networks, […]

Leave a Comment

Clop Ransomware Gang Breaches Water Utility, Just Not the Right One

South Staffordshire in the UK has acknowledged it was targeted in a cyberattack, but Clop ransomware appears to be shaking down the wrong water company. South Staffordshire plc, a UK water-supply company, has acknowledged it was the victim of a cyberattack. Around the same time, the Clop ransomware group started threatening Thames Water that it would […]

Leave a Comment

CISA Announces Joint Ransomware Task Force

Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly announced the formation of a joint ransomware task force, plans for which were originally outlined in the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). Easterly announced the news at an Institute for Security and Technology (IST) event on May 20 in Washington, D.C., […]

Leave a Comment

Hacker leaked a new version of Conti ransomware source code on Twitter

A Ukrainian security researcher has leaked more source code from the Conti ransomware operation to protest the gang’s position on the conflict. Hacker leaked a new version of the Conti ransomware source code on Twitter as retaliation of the gang’s support to Russia The attack against the Conti ransomware and the data leak is retaliation […]

Leave a Comment

Iranian Broadcaster IRIB hit by wiper malware

Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), was hit by a wiper malware in late January 2022. An investigation into the attack that hit the Islamic Republic of Iran Broadcasting (IRIB) in late January, revealed the involvement of a disruptive wiper malware along with other custom-made backdoors, and scripts and configuration files […]

Leave a Comment

Spyware, ransomware and Nation-state hacking: Q&A from a recent interview

I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? In the last decade, we have observed a progressive weaponization […]

Leave a Comment

Deadbolt ransomware hits more than 3,600 QNAP NAS devices

More than 3,600 network-attached storage (NAS) devices from Taiwanese company QNAP have been infected and had their data encrypted by a new strain of ransomware named Deadbolt. Devices attacked by the Deadbolt gang are easy to recognize because the login screen is typically replaced with a ransom note, and local files are encrypted and renamed […]

Leave a Comment

Anti-Ransomware Checklist

Ransomware Protection Playbook https://www.facebook.com/DISCInfoSec/shop/ https://www.amazon.com/shop/discinfosec

Leave a Comment

ALPHV BlackCat – This year’s most sophisticated ransomware

Ransomware Protection Playbook

Leave a Comment

A ransomware reality check for CISOs

The dilemmas organizations must deal with are dizzying: To pay a ransom or not? Will cyber insurance provide adequate shelter? What’s the role of government? Are new mandates and penalties on the horizon? How are adversaries evolving their tactics? To make sense of it all, let’s first focus on the adversaries and their playbook. Cyber […]

Leave a Comment

How to Mitigate the Top 4 Ransomware Vectors

The ransomware economy is booming. Ransomware gangs are so successful that if cybercriminals were companies, some would be considered “unicorns.” Organized crime syndicates have taken over this highly lucrative extortion racket and are now running the ransomware economy at an industrial scale. The U.S. is reportedly hit by seven ransomware attacks every hour, with ransomware demands expected to hit […]

Leave a Comment

Three reasons why ransomware recovery requires packet data

Given that, companies also need to carefully consider their ability to respond and recover from a ransomware incident. While the key component of recovery is maintaining and testing backups of critical data, one aspect of recovery that’s often overlooked is having access to the stored packet data from the lead-up and ransomware attack itself. High-quality […]

Leave a Comment

Navigating the complexity of ransomware negotiations

Ransom negotiation protocol checklist First and foremost, before communications can begin, you need to determine if legal engagement with the threat actor is possible. How? An OFAC (Office of Foreign Assets Control) check must be run to see whether any data (i.e., IP addresses, language, system access, etc.) or metadata is associated with an entity that has […]

Leave a Comment

Ransomware: What REALLY happens if you pay the crooks?

Governments and law enforcement hate it when ransomware victims pay the blackmail demands that almost always follow a ransomware attack, and you can understand why, given that today’s payments fund tomorrow’s cybercriminality. Of course, no one needs to be told that. Paying up hurts in any number of ways, whether you feel that hurt in your […]

Leave a Comment