Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

The attack workflow starts by exploiting an old Fortigate VPN server flaw. (Source: Kaspersky)

Ransomware Gang Exploits Old Fortinet VPN Flaw

Akshaya Asokan • April 8, 2021

The gang behind ransomware dubbed "Cring," which has waged a series of attacks this year, is exploiting a Fortinet VPN server vulnerability that the company patched in 2019, according to a report from the security firm Kaspersky that analyzes one attack in Europe.

Fraud Management & Cybercrime

Retailer Fat Face Pays $2 Million Ransom to Conti Gang

Latest

Fraud Management & Cybercrime

Check Point: 50,000 Attempted Ransomware Attacks Target Exchange

Doug Olenick • March 30, 2021

Check Point Research says it has spotted more than 50,000 ransomware attack attempts worldwide so far against unpatched on-premises Microsoft Exchange email servers.

3rd Party Risk Management

Accellion Holdouts Get Legacy File-Transfer Appliance Blues

Mathew J. Schwartz • March 30, 2021

The zero-day attacks against Accellion's File Transfer Appliance show that a number of big-name firms continued to use the legacy technology - even though more secure, cloud-based options were available. Evidently, many CISOs didn't see a compelling reason to move on. Of course, now they do.

Fraud Management & Cybercrime

Hades Ransomware Gang Linked to an Exchange Attack

Doug Olenick • March 29, 2021

Researchers at Awake Security says at least one attack launched by the operators of Hades ransomware has a connection to the China-linked Hafnium group waging attacks on vulnerable Exchange servers.

3rd Party Risk Management

ISMG Editors' Panel: Hot Cybersecurity Issues

Anna Delaney • March 26, 2021

Four editors at Information Security Media Group review the latest cybersecurity issues, including Microsoft Exchange server hacks, insider threat management and implementing a "collective defense."

Fraud Management & Cybercrime

FBI Issues Alert on Mamba Ransomware

Doug Olenick • March 26, 2021

The FBI and the U.S. Department of Homeland Security have issued a warning about Mamba ransomware that uses a weaponized version of the legitimate, open-source encryption software DiskCryptor to lock victims out of their systems.

Cybercrime

Hades Ransomware Targets 3 US Companies

Akshaya Asokan • March 26, 2021

A previously unknown threat group is deploying Hades ransomware as part of an ongoing campaign that has already targeted three U.S. companies, Accenture's cyberthreat intelligence group reports.

Cybercrime

Analysis: Takeaways From Ransomware Gang Interviews

Anna Delaney • March 26, 2021

The latest edition of the ISMG Security Report features an analysis of recent “tell-all” interviews with members of ransomware gangs. Also featured: insights on securing IoT devices and mitigating insider threat risks.

Business Continuity Management / Disaster Recovery

REvil Ransomware Can Now Reboot Infected Devices

Akshaya Asokan • March 24, 2021

The REvil ransomware gang has added a new malware capability that enables the attackers to reboot an infected device after encryption, security researchers at MalwareHunterTeam report.

Fraud Management & Cybercrime

CISA Prepares to Use New Subpoena Power

Scott Ferguson • March 23, 2021

The Cybersecurity and Infrastructure Security Agency will soon use its new subpoena powers authorized under the 2021 National Defense Authorization Act to help in the battle against ransomware attacks and other cyberthreats, says Brandon Wales, the acting agency director.

Fraud Management & Cybercrime

Accellion Data Breach Ensnares Energy Giant Shell

Jeremy Kirk • March 23, 2021

The Accellion File Transfer Appliance data breach continues to cause anguish. The energy company Shell has disclosed that it has been affected. Meanwhile, some customers of a Michigan-based bank have been informed that personally identifiable data has been exposed via the FTA breach.

Cybercrime

Charm Offensive: Ransomware Gangs 'Tell All' in Interviews

Mathew J. Schwartz • March 22, 2021

Ransomware-wielding attackers have been in the limelight lately - not just for hitting Acer, Dassault Falcon and celebrity law firms but also for granting tell-all interviews that describe their tactics and motivations.

Application Security

Microsoft Exchange Flaw: Attacks Surge After Code Published

Akshaya Asokan • March 20, 2021

There has been a spike in web shells being detected as ransomware gangs and other attackers increasingly target vulnerable on-premises Microsoft Exchange servers following publication of proof-of-concept attack code for ProxyLogon, which is one of four zero-day flaws patched by Microsoft in early March.