Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Russian-language cybercrime forum MagBo sells access to hacked websites for as little as 50 cents. (Source: Flashpoint)

Cybercrime Markets Sell Access to Hacked Sites, Databases

Mathew J. Schwartz • September 21, 2018

One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.

Business Continuity Management / Disaster Recovery

WannaCry Outbreak Hits Chipmaker, Could Cost $170 Million

Latest

Cybercrime

Why Cybercrime Remains Impossible to Eradicate

Mathew J. Schwartz • September 18, 2018

More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.

Cybercrime as-a-service

Atlanta's Reported Ransomware Bill: Up to $17 Million

Mathew J. Schwartz • August 6, 2018

The cost of the city of Atlanta's mitigation and subsequent IT overhaul following a massive SamSam ransomware infection in March could reach $17 million, of which $6 million has already been budgeted for new devices, security enhancements as well as upgrades, according to news reports.

Breach Preparedness

Health Data Breach Tally: Lots of Hacks, Fewer Victims

Marianne Kolbasuk McGee • July 23, 2018

Hacker attacks are still dominating the data breaches added to the official federal tally so far this year. But compared to the mega-breaches of past years, this year's biggest hacks have been relatively small. Some security experts offer theories for why that's the case.

Fraud Management & Cybercrime

Mumbai Hospital Hit by Ransomware Attack

Suparna Goswami • July 20, 2018

The Mahatma Gandhi Mission Hospital in Mumbai was the victim of ransomware attack, with hackers demanding a ransom paid through bitcoins. Why is the healthcare sector a prime target for attackers?

Breach Preparedness

Why Attackers Keep Winning at 'Patch or Perish'

Mathew J. Schwartz • July 5, 2018

Patch management problem: Organizations must identify and fix all new vulnerabilities in their software and hardware as quickly as possible. Unfortunately, on average, attackers keep exploiting flaws faster than they're being patched, says Tenable's Gavin Millard.

3rd Party Risk Management

EHR Vendor Mistake Impacts 150,000 U.K. Patients

Marianne Kolbasuk McGee • July 5, 2018

A coding mistake by an electronic health records vendor has resulted in a data breach impacting thousands of United Kingdom patients. But the incident also serves as a reminder to healthcare entities in the U.S. and elsewhere about the variety of data privacy and security risks vendors can pose.

Endpoint Security

The Need to Look Beyond Endpoint Security

Varun Haran • July 3, 2018

With endpoint security, the fundamental concept was always to detect and prevent. Mature security strategies today are increasingly looking at response and remediation as well to complete the cycle, says Shrenik Bhayani of Kaspersky Lab.

Next-Generation Technologies & Secure Development

A Fresh Look at Outsourcing

Information Security Media Group • September 20, 2018

The biggest security budget in the business cannot save you from also suffering one of the biggest breaches. The key is: Do you have the right skills and technology deployed to defend your critical assets? Michael Malone and Ben Johnson of Datashield, an ADT company, make the case for outsourcing.

Data Loss

How Pinterest Drives Engagement and Growth with Email and SparkPost

• September 19, 2018

Next-Generation Technologies & Secure Development

A Fresh Look at Security Analytics

Information Security Media Group • September 5, 2018

Most enterprises are at least discussing security analytics. But how are they actually deploying these tools? And with what levels of automation and orchestration? Drew Gidwani of ThreatConnect shares insight on how to maximize analytics.

Cybercrime

Sophisticated Online Attacks: An In-Depth Analysis

M.K. Palmore , Dan Woods • August 31, 2018

Hear from the FBI on the tenets of cyber defense and current trends in cybercrime. Then, learn from Shape Security about a specific type of cybercrime: imitation attacks.

Cybercrime

Paying Ransoms: More Cons Than Pros

Nick Holland • August 27, 2018

The March SamSam ransomware attack in Atlanta is reported to have cost the city $17 million to resolve. The attackers had asked for a $51,000 bitcoin ransom, which the city refused to pay. But Gartner Research analyst Avivah Litan stresses that paying ransoms has more cons than pros.