Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Image: Enzo Biochem

Lab Testing Firm Says Ransomware Breach Affects 2.5 Million

Marianne Kolbasuk McGee • June 1, 2023

A Long Island, New York-based life sciences company has reported to the U.S. Securities and Exchange Commission that clinical test information of nearly 2.5 million individuals was compromised in a ransomware attack in April involving data exfiltration.

Fraud Management & Cybercrime

CommonSpirit Ups Cost Estimate on Its 2022 Ransomware Breach

Latest

Fraud Management & Cybercrime

Breach Roundup: Amazon Settles US FTC Investigations

Prajeet Nair • June 1, 2023

This week: Amazon settled privacy and cybersecurity investigations with the U.S. FTC, SAS received a $3 million extortion demand and apparently Ukrainian hacktivists penetrated Russia's Skolkovo Foundation. Plus, breaches at Onix Group and Toyota and a warning about Salesforce "ghost sites."

Artificial Intelligence & Machine Learning

Cisco Buys Armorblox to Bring Generative AI to Its Portfolio

Michael Novinson • May 31, 2023

Cisco plans to make its third tuck-in cybersecurity acquisition of 2023 to protect email, cloud office applications and enterprise communications through natural language understanding. Cisco will take advantage of Armorblox's predictive and generative AI to help customers bolster their security.

Standards, Regulations & Compliance

Where Hospitals Are Still More Cyber Reactive Than Proactive

Marianne Kolbasuk McGee • May 30, 2023

Many hospitals are still more reactive than proactive in terms of embracing recommended best practices that can advance their cybersecurity maturity level, said Steve Low, president of KLAS Research, and Ed Gaudet, CEO of consulting firm Censinet, who discuss findings of a recent benchmarking study.

Breach Notification

Dental Health Insurer Hack Affects Nearly 9 Million

Prajeet Nair • May 27, 2023

An insurance provider that services many state Medicaid agencies and the Children's Health Insurance Program told regulators that hackers compromised the personal and protected health information of nearly 9 million patients in an incident discovered in March.

Cybercrime

Latitude Financial Attack Costs Company Up to AU$105 Million

Mihir Bagwe • May 26, 2023

Australian consumer lender Latitude Financial Services anticipates its spring cybersecurity incident will cost it up to AU$105 million, which includes a five-week period during which debt collection systems were severely affected by the attack.

Cybercrime

State-Aligned Actors Targeting SMBs Globally

Prajeet Nair • May 24, 2023

State-aligned hackers are increasingly targeting small and medium-sized businesses worldwide, as SMBs are more likely to be under-protected against cybersecurity threats such as phishing campaigns, according to a new report by cybersecurity firm Proofpoint.

Blockchain & Cryptocurrency

EU Adopts Comprehensive Crypto Regulation

Akshaya Asokan • May 16, 2023

The European Union on Tuesday formally adopted the world's first comprehensive regulatory regime for the cryptocurrency industry in a measure supporters say will tame volatility illustrated by high-profile crashes such as FTX. The proposal, known as MiCA, will go into effect progressively.

Data Loss Prevention (DLP)

IBM Buys Polar Security to Find and Protect Cloud, SaaS Data

Michael Novinson • May 16, 2023

IBM has bought a startup founded by a longtime security leader in the Israeli Prime Minister's Office to ensure personal identifiable information isn't left unprotected. The deal will ensure sensitive data isn't exposed in public cloud data stores or SaaS apps like Slack, SharePoint or Office 365.

Managed Security Service Provider (MSSP)

Huntress Raises $60M to Bring Managed Protection to Identity

Michael Novinson • May 16, 2023

Huntress has completed a Series C round to expand beyond the endpoint protection market and bring managed security to identity and cloud. Hackers are increasingly going after employee accounts at SMBs and using the compromised identity to move into other systems via SSO, CEO Kyle Hanslovan said.

Government

Why Democracy Is a Critical Asset Against Cyberthreats

Rahul Neel Mani • May 16, 2023

Yigal Unna, former DG, National Cyber Directorate, Israel, emphasized the importance of continued collaboration between defenders and the formation of a Global Cyber Cabinet consisting of more than 20 national CISOs from leading countries working to dismantle cybercrime syndicates.

Multi-factor & Risk-based Authentication

Profiles in Leadership: JT Jacoby

Michael Novinson • May 10, 2023

The International Rescue Committee has identified new processes and ways to safeguard information in the midst of rapid digital transformation, according to CISO JT Jacoby. The IRC went from having multi-factor authentication deployed on just 1,500 devices in November to more than 10,000 today.

Finance & Banking

Profiles in Leadership: Vlad Brodsky

Michael Novinson • May 10, 2023

OTC Markets Group in recent years has gone from having almost sector-specific cybersecurity regulations to highly robust ones, said CISO Vlad Brodsky. Since 2016, the New York-based financial market has been subject to stringent policies and procedures to ensure OTC's cybersecurity and resiliency.