Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

An overview of Earth Lusca’s infrastructure (Source: Trend Micro)

New Chinese Threat Group Deals in Espionage and Theft

Mihir Bagwe • January 18, 2022

A new threat group linked to China, dubbed "Earth Lusca" by researchers, is not only running cyberespionage campaigns against governments around the globe, but also seeking financial gain.

Cybercrime

Ransomware Groups Keep Blaming Affiliates for Awkward Hits

Latest

Application Security

Log4Shell Update: VMware Horizon Targeted

Prajeet Nair • January 19, 2022

Attackers have been actively targeting Log4j vulnerabilities, or Log4Shell, vulnerabilities in the servers of virtualization solution VMware Horizon to establish persistent access via web shells, according to an alert by the U.K. National Health Service.

Critical Infrastructure Security

European Authorities Seize VPN Service Tied to Ransomware

Devon Warren-Kachelein • January 19, 2022

VPN Lab, known for its alleged wide use by ransomware threat actors, has been shut down. Fifteen servers associated with VPNLab.net were seized or disrupted based on multiple international investigations tying the VPN service provider to cybercrime operations, according to Europol.

Cybercrime

Indian Fashion Retailer Data Leaked on Darknet Marketplace

Soumik Ghosh • January 19, 2022

Ransomware group ShinyHunters has published 700 GB of data stolen from Indian firm Aditya Birla Fashion and Retail on a dark web forum, says Troy Hunt of Have I Been Pwned. A source at the retailer, however, says that its threat intrusion and detection solutions have not shown signs of an attack.

3rd Party Risk Management

Why SBOMs in the Healthcare IT Supply Chain Are Critical

Marianne Kolbasuk McGee • January 19, 2022

Because healthcare IT environments are so complicated, it will become essential for all suppliers to provide and maintain a software bill of materials for their products to remain relevant, says Curt Miller of the Healthcare Supply Chain Association.

Endpoint Protection Platforms (EPP)

McAfee Enterprise and FireEye Products Rebrand as Trellix

Mathew J. Schwartz • January 19, 2022

Endpoint detection and response software news: The entity formerly known as McAfee Enterprise and FireEye Products has a new name: Trellix. Think of a "security trellis to businesses across the globe, giving them support they need to keep them safe," says CEO Bryan Palma. Will customers and prospects buy in?

Cyberwarfare / Nation-State Attacks

EU's Cyber Rapid Response Team on Standby for Ukraine

Prajeet Nair • January 18, 2022

After the defacement of multiple Ukrainian government websites last week and subsequent deployment of destructive malware against Ukraine over the weekend, Lithuanian officials have offered to deploy the EU's Cyber Rapid Response Team to help Ukraine deal with cyberattacks.

Incident & Breach Response

FCC Proposes Stricter Telecom Breach Notification Measures

Dan Gunderman • January 14, 2022

The FCC is considering changes to its breach notification requirements for telecommunication companies. FCC Chairwoman Jessica Rosenworcel confirmed in a statement this week that the agency is strengthening its rules for both customer and federal law enforcement notification of breaches involving customer proprietary...

3rd Party Risk Management

Clinic Breach Affecting 200,000 Tied to Vendor's 2020 Attack

Marianne Kolbasuk McGee • January 14, 2022

A family medical practice is notifying nearly 200,000 individuals that their information was compromised in a 2020 ransomware attack on cloud hosting vendor Netgain Technology, an incident that also affected several of the vendor's other clients and hundreds of thousands of their patients.

3rd Party Risk Management

Ransomware Gatecrashes the Apache Log4j Attack Party

Anna Delaney • January 14, 2022

The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.

3rd Party Risk Management

Why Third Parties are the Source of So Many Hacks

Isa Jones • January 14, 2022

Protecting your critical access points and assets should be the number one priority in your cybersecurity strategy.

Identity & Access Management

Insider Threats are a Quiet Risk in your System

Isa Jones • January 14, 2022

No matter the root cause, the result is the same: reputation damage, fines, compliance issues, and of course the ripple effects that extend outward from a breach.

Identity & Access Management