Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Image: Shutterstock

Breach Roundup: Lumen, QNAP, NCB and Toyota Italy

Mihir Bagwe • March 30, 2023

In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.

Fraud Management & Cybercrime

MKS Instruments Ransomware Attack Results in $200M Sales Hit

Latest

Cloud Security

Evolving AlienFox Malware Steals Cloud Services Credentials

Prajeet Nair • March 31, 2023

Hackers have used a modular toolkit called "AlienFox'" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.

RSA Conference

'Stronger Together' - Preview of RSA Conference 2023

Tom Field • March 28, 2023

"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.

Finance & Banking

First Citizens CEO: We'll Preserve Strong SVB Bond With VCs

Michael Novinson • March 27, 2023

Silicon Valley Bank's new owner plans to double down on business with venture capital and private equity firms and the portfolio companies they serve. VC and PE-focused business accounts form the largest segment of the combined $143 billion loan portfolio of First Citizens and Silicon Valley Bank.

Fraud Management & Cybercrime

Ransomware Groups Seek Fresh Tactics Following Hive Takedown

Mathew J. Schwartz • March 27, 2023

Stung by the FBI's infiltration and takedown of the Hive ransomware group, other ransomware operators have been retooling their approaches to make their attacks more effective and operations tougher to disrupt, says Yelisey Bohuslavskiy, chief research officer at threat intelligence firm Red Sense.

Finance & Banking

First Citizens-SVB Deal Gives Startups, VCs More Certainty

Michael Novinson • March 27, 2023

Cybersecurity startups that for decades turned to Silicon Valley Bank in a pinch will now find themselves working with a 125-year-old, North Carolina-based institution. First Citizens Bank has bought all Silicon Valley Bank deposits and loans from the FDIC, which rescued the bank after its collapse.

3rd Party Risk Management

Clop GoAnywhere Attacks Have Now Hit 130 Organizations

Prajeet Nair • March 25, 2023

So far, the Clop ransomware group campaign using a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT, has compromised networks used by 130 different organizations. The gang has so far taken responsibility for over 50 hacks.

Cyberwarfare / Nation-State Attacks

US Sends Cyber Team to Aid Albania's Cyber Defenses

Mihir Bagwe • March 24, 2023

The United States sent its top cyber offensive team to NATO ally Albania to help secure the nation's critical infrastructure networks. The Cyber National Mission Force helped find cyberthreats and vulnerabilities on networks likely targeted last year by Iranian threat actors.

Incident & Breach Response

Corelight Pursues IR Partnerships, Smaller Enterprise Deals

Michael Novinson • March 24, 2023

Corelight has cemented partnerships with incident response firms and extended its capabilities from large enterprises to midsized enterprises to further the reach of its technology. Corelight allows its product to be used by CrowdStrike's incident response team during network-based investigations.

Cyberwarfare / Nation-State Attacks

ISMG Editors: What's Next in Russia's Cyber War?

Anna Delaney • March 24, 2023

In the latest weekly update, ISMG editors discuss how Russia's invasion of Ukraine upended the cybercrime ecosystem, a lawsuit against a U.S. cardiovascular clinic that seeks a long list of security improvements, and the latest endpoint protection technology trends in the Gartner Magic Quadrant.

Cybercrime

BreachForums Closes Amid Worries Over Law Enforcement Access

Prajeet Nair • March 21, 2023

Days after federal agents arrested the alleged administrator of criminal underground forum BreachForums, the new admin who took over announced that he is shutting down the site. User "Baphomet" said he spotted a suspicious server logon early Sunday afternoon.

Cybercrime

How Russia's Ukraine War Disrupted the Cybercrime Ecosystem

Mathew J. Schwartz • March 20, 2023

Russia's invasion of Ukraine in 2022 threw Russia's cybercrime ecosystem into a state of upheaval that still exists to this day. "We identified disruptions to literally every single form of commodified cybercrime," said Alexander Leslie, associate threat intelligence analyst at Recorded Future.

3rd Party Risk Management

Hitachi Energy Latest Victim of Clop GoAnywhere Attacks

Prajeet Nair • March 18, 2023

Hitachi Energy joined the ranks of victims hit by the Clop ransomware group, which has exploited a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT. Clop claimed responsibility for the hack, which compromised networks used by 130 different organizations.