Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

(Source: Ken Lund via Flickr/CC)

Louisiana Government Recovering From Ransomware Attack

Scott Ferguson • November 19, 2019

After a ransomware attack on Monday forced Louisiana's government to take several servers and websites offline to prevent the malware from spreading, state officials spent Tuesday restoring online services.

Identity & Access Management

Ransomware School: The Rise of GandCrab Disciples

Latest

Business Continuity Management / Disaster Recovery

Report: Billtrust Recovering From Ransomware Attack

Akshaya Asokan • October 23, 2019

Billtrust, a cloud-based, business-to-business payment provider, reportedly is continuing to recover from a ransomware attack that crippled its computer systems.

Cybercrime

Sodinokibi Ransomware Gang Appears to Be Making a Killing

Mathew J. Schwartz • October 18, 2019

Sodinokibi/REvil appears to be making millions since it seized the ransomware-as-a-service mantle from GandCrab earlier this year. Security firm McAfee says up to 40 percent of every victim's ransom payment - average: $4,000 - gets remitted to the Sodinokibi actor, with "affiliates" keeping the rest.

Critical Infrastructure Security

The Ultimate Missing Link in Cyber: Continuous Compromise Assessment

Information Security Media Group • October 16, 2019

According to Ricardo Villadiego, Lumu Technologies' Founder and CEO, organizations are "sitting on a gold mine: their own data". Under the single premise that organizations should assume they are compromised and prove otherwise, Lumu seeks to empower enterprises to answer the most basic question: Is your organization...

Business Continuity Management / Disaster Recovery

Pitney Bowes Says Ransomware Behind System Outages

Jeremy Kirk • October 15, 2019

Pitney Bowes says it was infected by file-encrypting malware that has affected online accounts and mailing products but that client data doesn't appear to be at risk. The postage meter maker says "all options" are being considered for recovery, meaning that it could pay a ransom.

Cybercrime

Stung by Takedowns, Criminals Tap Distributed Dark Markets

Mathew J. Schwartz • October 15, 2019

Law enforcement success inevitably sparks criminals to become more innovative, including shifting from centralized markets - such as Hansa and Wall Street Market - to encrypted and distributed marketplaces, says the University of Surrey's Alan Woodward.

Business Continuity Management / Disaster Recovery

Responding to Ransomware Attacks: Critical Steps

Marianne Kolbasuk McGee • October 7, 2019

Organizations must take a number of critical steps to prepare a response to ransomware attacks before they hit, says Caleb Barlow, the new president and CEO of security consulting firm CynergisTek, who offers a guide.

Business Continuity Management / Disaster Recovery

Just How Widespread Is Ransomware Epidemic?

Akshaya Asokan • October 4, 2019

More than 600 ransomware attacks pummelled local governments, schools districts and healthcare providers across the U.S. in the first three quarters of this year, according to a study by security firm Emsisoft. Meanwhile, the FBI this week issued a fresh warning about the threat.

Fraud Management & Cybercrime

Toronto Sees 300% Increase in Ransomware Reports

Tom Field • October 4, 2019

Ransomware crime reports are up 300 percent in Toronto, but it's not just the frequency of crimes that is a concern - it's the complexity, says Kenrick Bagnall, detective constable with the Toronto Police Service.

3rd Party Risk Management

Analysis: Huawei's US Trust Problem

Nick Holland • October 4, 2019

The latest edition of the ISMG Security Report analyzes concerns about the use of Huawei equipment by U.S. telecommunications firms. Also featured: A Huawei executive discusses 5G security, plus an update on an Australian ransomware attack.

3rd Party Risk Management

Rheinmetall Investigating Malware Attack at Three Plants

Akshaya Asokan • September 30, 2019

An unspecified malware attack against the IT systems of Rheinmetall's automotive division in Brazil, Mexico and the U.S. is costing the company an estimated $4 million a week, the company says. It's one of several attacks over the last two weeks affecting defense contractors.

Business Continuity Management / Disaster Recovery

Baltimore Ransomware Carnage Compounded by Local Storage

Mathew J. Schwartz • September 30, 2019

The city of Baltimore's ransomware outbreak - $18 million in costs and counting - led to many crypto-locked files being lost forever, because no IT policy mandated centralized file backups. But effective IT solutions exist to help solve this challenge, provided they're deployed in advance of an attack.

Cybercrime

Supply Chain Attacks: Hackers Hit IT Providers

Mathew J. Schwartz • September 19, 2019

A hacker group called Tortoiseshell has been hitting targets in the Middle East since at least July 2018, apparently targeting IT service providers to gain access to many potential targets at once. The campaign is fresh proof that criminals and nation-state attackers alike continue to favor supply chain attacks.