Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

LabCorp Still Recovering From Ransomware Attack

Marianne Kolbasuk McGee • July 20, 2018

Medical testing laboratory firm LabCorp is still working to fully recover systems functionality nearly a week after a cyberattack that the company now claims involved "a new variant" of ransomware. What can other organizations do to avoid becoming the next victim?

Fraud Management & Cybercrime

Crabby Ransomware Nests in Compromised Websites

Latest

Fraud Management & Cybercrime

Mumbai Hospital Hit by Ransomware Attack

Suparna Goswami • July 20, 2018

The Mahatma Gandhi Mission Hospital in Mumbai was the victim of ransomware attack, with hackers demanding a ransom paid through bitcoins. Why is the healthcare sector a prime target for attackers?

Breach Preparedness

Why Attackers Keep Winning at 'Patch or Perish'

Mathew J. Schwartz • July 5, 2018

Patch management problem: Organizations must identify and fix all new vulnerabilities in their software and hardware as quickly as possible. Unfortunately, on average, attackers keep exploiting flaws faster than they're being patched, says Tenable's Gavin Millard.

Fraud Management & Cybercrime

EHR Vendor Mistake Impacts 150,000 U.K. Patients

Marianne Kolbasuk McGee • July 5, 2018

A coding mistake by an electronic health records vendor has resulted in a data breach impacting thousands of United Kingdom patients. But the incident also serves as a reminder to healthcare entities in the U.S. and elsewhere about the variety of data privacy and security risks vendors can pose.

Endpoint Security

The Need to Look Beyond Endpoint Security

Varun Haran • July 3, 2018

With endpoint security, the fundamental concept was always to detect and prevent. Mature security strategies today are increasingly looking at response and remediation as well to complete the cycle, says Shrenik Bhayani of Kaspersky Lab.

Cyberwarfare / Nation-state attacks

Visual Journal: Infosecurity Europe 2018

Mathew J. Schwartz • June 14, 2018

When June arrives in the United Kingdom, that means it's time for the annual Infosecurity Europe conference in London. Here are visual highlights from this year's event, which featured 240 sessions, 400 exhibitors and an estimated 19,500 attendees.

Artificial Intelligence & Machine Learning

Analysis: Swiping Cryptocurrencies Through a Back Door

Nick Holland • June 8, 2018

Leading the latest edition of the ISMG Security Report: Our exclusive report on an Australian criminal investigation into a company that apparently swiped cryptocurrency using a software backdoor. Also, cutting through the hype on artificial intelligence and machine learning.

Cybercrime

Nonstop Breaches Fuel Spike in Synthetic Identity Fraud

Mathew J. Schwartz • May 18, 2018

Leading the latest edition of the ISMG Security Report: Years of massive data breaches have fueled an increase in synthetic identity fraud, in which fraudsters combine real and bogus details to create more effective fake identities. Plus, has "The Dark Overlord" hacking group finally met its match?

Anti-Malware

Texas Hospital CEOs: Cybersecurity Is No. 1 Worry

Marianne Kolbasuk McGee • May 7, 2018

At a recent meeting of hospital CEOs in Texas, the leaders said the issue that keeps them awake at night is cybersecurity, says Fernando Martinez of the Texas Hospital Association, who explains why.

Breach Preparedness

Recent Ransomware Incidents Serve Up Lessons

Marianne Kolbasuk McGee • April 26, 2018

Two recent security incidents involving ransomware attacks on vendors serve as the latest reminders of the risks business associates pose to healthcare organizations. What steps should entities take to mitigate those risks?

Device Identification

Protect Your Business With an Endpoint Management Solution

• July 18, 2018

As organizations are seeing higher numbers of people working remotely, including parts of their IT team, the need for stronger endpoint management is even more important. Automating routine tasks can also be great for business as it drives key business growth by increasing productivity through the automation of of...

Endpoint Security

Server Security: The Need for Deep Learning and Anti-Exploit

Information Security Media Group • July 17, 2018

Traditional server security controls were not built for ransomware, cryptojacking and other modern attacks. Paul Murray of Sophos discusses deep learning, anti-exploit technology and other key elements of the new wave of server defenses.

Fraud Management & Cybercrime

Security: Ounce of Prevention Still Worth a Pound of Cure

Mathew J. Schwartz • June 20, 2018

As the prevalence and scale of data breaches continues to increase - with attacks such as WannaCry and NotPetya having compromised entire business sectors - organizations must focus much more on preventing attacks, says Check Point's Gad Naveh.