Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

The Centre Hospitalier Sud Francilien (Image: Poudou99/CC BY-SA 3.0)

LockBit Publishes Stolen Data as Hospital Rejects Extortion

Mihir Bagwe • September 26, 2022

Ransomware hackers made good on a threat to publish patient and staff data stolen from a French hospital after administrators said they refused on principal to pay out. François Braun, French minister of social affairs and health, said that the government will "not give in to these criminals."

Fraud Management & Cybercrime

Strike Force: Why Ransomware Groups Feel the Need for Speed

Latest

Cloud Security

Cloudflare, VCs Join Forces to Give Away $1.25B to Startups

Michael Novinson • September 30, 2022

Cloudflare has joined forces with 26 venture capital firms to provide up to $1.25 billion in financing to startups building on the company's developer platform. The Workers Launchpad Funding Program will connect developers with investors around the world to scale their startups faster.

Cloud Security

Orca Security's Avi Shua on Making Cloud Safe for Government

Michael Novinson • September 30, 2022

Security firms must increasingly follow U.S. government security requirements even if they don't serve federal agencies themselves, says Avi Shua, Orca Security co-founder and CEO. That's because cloud vendors such as Orca often serve businesses that contract or subcontract with the U.S. government.

3rd Party Risk Management

ISMG Editors: Will Others Follow US Lead to Legislate SBOMs?

Anna Delaney • September 30, 2022

In the latest weekly update, ISMG editors discuss how organizations can comply with the new PCI DSS 4.0 requirements, whether other countries should follow the U.S. lead on legislating software bills of materials, and key strategies for CISOs preparing for an economic downturn.

Big Data Security Analytics

Atos Rejects $4.12B Onepoint Bid for Cybersecurity Business

Michael Novinson • September 29, 2022

Atos turned down an unsolicited $4.12 billion offer from rival Onepoint to acquire the French conglomerate's $4.8 billion cybersecurity, big data and digital business. Atos received a letter of intent Tuesday related to the acquisition of its Evidian business by Onepoint and private equity fund ICG.

Cloud Access Security Brokers (CASB)

Zscaler Buys Workflow Automation Firm ShiftRight for $25.6M

Michael Novinson • September 29, 2022

Zscaler has bought out of stealth a startup established by the founders of Lacework to automate security management and dramatically reduce incident resolution time. ShiftRight will give customers real-time visibility into their security posture and help them manage an influx of risks and incidents.

Application Security

Tom Kellermann's New Mission: Secure the Code

Tom Field • September 29, 2022

Over his 23-year career in cybersecurity, Tom Kellermann has focused on policy, endpoints and even strategic investments. Now, in his new role as senior vice president of cyber strategy at Contrast Security, his mission is to protect code security - particularly in the public and financial sectors.

Cybercrime

Examining What Went Wrong for Optus

Anna Delaney • September 29, 2022

The latest edition of the ISMG Security Report discusses what went wrong for Optus in the wake of one of Australia's biggest data breach incidents, the state of code security today and the growing trend of private equity firms pursuing take-private deals.

Cyberwarfare / Nation-State Attacks

Cyberwar: Assessing the Geopolitical Playing Field

Steve King • September 29, 2022

The United States is arguably involved in a cyberwar against Russia and China - and appears to be losing. In this episode of "Cybersecurity Unplugged," Tom Kellerman of Contrast Security and Richard Bird of Traceable.ai discuss what the U.S. government and companies need to do to win this cyberwar.

Next-Generation Technologies & Secure Development

Jamf Buys ZecOps to Detect Advanced Hacks on Mobile Devices

Michael Novinson • September 28, 2022

Jamf plans to buy startup ZecOps to extend its ability to detect and respond to sophisticated threats across Mac, iOS and Android devices. Jamf's proposed acquisition will provide threat hunting tools to determine if any advanced attacks have compromised mobile devices.

Cloud Security

SentinelOne's Tomer Weingarten on Cloud, XDR and Analytics

Michael Novinson • September 27, 2022

Identity protection, XDR, data analytics and cloud security have been SentinelOne's biggest investment areas, says CEO Tomer Weingarten. Cloud has become the fastest-growing part of SentinelOne's business, appealing even to customers who might have chosen a different vendor for endpoint security.

Video

Code42's Joe Payne on Why Source Code Theft Is So Prevalent

Michael Novinson • September 26, 2022

Too often when software developers change jobs, they take source code they've written with them, feeling the code belongs to them even if it belongs to an employer. Code42's Joe Payne shares the challenges of detecting source code theft and ways to protect intellectual property wherever it resides.

Finance & Banking

Assessing Growing Cyberthreats to Africa's Financial Sector

Anna Delaney • September 26, 2022

Financial services firms in Africa are becoming bigger cyber targets as they expand into new mobile payment and financial inclusion products. Rob Dartnall of Security Alliance explains why these firms need to invest in information sharing, training and new cybersecurity practices to avoid breaches.