Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Pictured: Fabian Wosar, CTO of Emsisoft, who says that due to threats he receives thanks to his ransomware-disruption efforts, he tries to keep photographs of himself from circulating.

Alert for Ransomware Attack Victims: Here's How to Respond

Mathew J. Schwartz • July 23, 2021

As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery.

Business Continuity Management / Disaster Recovery

Constant Ransomware Business Refinements Boosting Profits

Latest

Fraud Management & Cybercrime

Saudi Aramco Traces Data Leak to Attack on Supplier

Scott Ferguson • July 22, 2021

Saudi Aramco, one of the world's largest oil and natural gas firms, has confirmed that company data was leaked after one of its suppliers was breached. Extortionists are reportedly demanding a $50 million ransom - payable in monero cryptocurrency - for a promise to delete the stolen data.

Fraud Management & Cybercrime

Has REvil Disbanded? White House Says It Doesn't Know

Mathew J. Schwartz • July 22, 2021

What's up with REvil? Questions have been mounting since the notorious ransomware operation went quiet on July 13, not long after unleashing a mega-attack via remote management software vendor Kaseya's software. The Biden administration has welcomed REvil's online shutdown but says it doesn't know the cause.

Fraud Management & Cybercrime

Incident Response: Why Persistence Is Vital

Anna Delaney • July 21, 2021

Marcus Christian, a former executive assistant U.S. attorney, implores businesses to not immediately abandon their incident response plans once it appears a suspected incident is resolved.

Cyberwarfare / Nation-State Attacks

Can the US Curb China's Cyber Ambitions?

Scott Ferguson • July 20, 2021

Many security experts and analysts are applauding the U.S. for calling out China's cyber behavior, especially after the White House had focused so much attention on Russia's cyber activities. But some are calling for bolder action.

Business Continuity Management / Disaster Recovery

TSA Issues Cybersecurity Requirements for Pipelines

Dan Gunderman • July 20, 2021

The U.S. Transportation Security Administration issued a directive Tuesday requiring owners and operators of oil and natural gas pipelines to implement several cybersecurity controls. Earlier, the TSA had issued new incident reporting requirements for these companies.

Cyberwarfare / Nation-State Attacks

US: Chinese Government Waged Microsoft Exchange Attacks

Scott Ferguson • July 19, 2021

The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations. This group is also accused of carrying out ransomware and other cyber operations.

Critical Infrastructure Security

DOD and DHS Need More Collaboration on Cybersecurity Issues

Scott Ferguson • July 16, 2021

A greater level of cooperation is needed between the DOD and DHS to ensure that U.S. critical infrastructure is protected against various cyberthreats, according to an inspector general's report. The SolarWinds attack showed the need for more coordination between the two departments.

3rd Party Risk Management

ISMG Editors’ Panel: Challenges for New CISA Leader

Anna Delaney • July 16, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the challenges ahead for the new director of the U.S. Cybersecurity and Infrastructure Security Agency and vendor security risk management in the healthcare sector.

3rd Party Risk Management

Analysis: Changing Nature of Ransomware Attacks

Anna Delaney • July 16, 2021

This edition of the ISMG Security Report features an analysis of comments from the former head of Britain's GCHQ intelligence agency, Robert Hannigan, on the changing nature of ransomware attacks. Also featured: Disrupting the ransomware-as-a-service business model; supply chain security management tips.

Endpoint Security

SonicWall Urges Patching of Devices to Ward Off Ransomware

Prajeet Nair • July 15, 2021

SonicWall is urging users of its Secure Mobile Access 100 series and its Secure Remote Access products running unpatched and end-of-life 8.x firmware to immediately apply patches or disconnect the devices because a ransomware campaign using stolen credentials is targeting the them.

Breach Notification

Dermatology Clinic Chain Breach Affects 2.4 Million

Marianne Kolbasuk McGee • July 14, 2021

Forefront Dermatology S.C, a Wisconsin-based dermatology practice with affiliated offices in 21 states plus Washington, D.C., is notifying 2.4 million patients, employees and clinicians of a recent hacking incident. The attack apparently involved a ransomware strain known as "Cuba."

Breach Notification

Guess Confirms Ransomware Attack and Data Breach

Mathew J. Schwartz • July 13, 2021

Clothing retailer Guess suffered a ransomware attack and data breach earlier this year that exposed personal information - including Social Security numbers, driver's license and passport numbers, and financial details - for an unspecified number of individuals.