Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Average ransom payments daily, in blue, versus median payments, in red (Source: Coveware)

Ryuk and Sodinokibi Surge as Ransom Payments Double

Mathew J. Schwartz • January 28, 2020

Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.

Business Continuity Management / Disaster Recovery

Maze Ransomware Victim Sues Anonymous Attackers

Latest

Anti-Phishing, DMARC

Emotet Malware Alert Sounded by US Cybersecurity Agency

Mathew J. Schwartz • January 23, 2020

Emotet malware alert: The U.S. Cybersecurity and Infrastructure Security Agency says it's been "tracking a spike" in targeted Emotet malware attacks. It urges all organizations to immediately put in place defenses to not just avoid infection, but also detect lateral movement in their networks by hackers.

Business Continuity Management / Disaster Recovery

Updated FTCODE Ransomware Now Steals Credentials, Passwords

Scott Ferguson • January 22, 2020

FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.

Fraud Management & Cybercrime

Maryland Considers Criminalizing Ransomware Possession

Akshaya Asokan • January 21, 2020

Maryland lawmakers are considering a bill that would make possession of ransomware a crime punishable by up to 10 years in prison, similar to moves at least two other states have already made. But is such legislation effective?

3rd Party Risk Management

Critical Steps in Managing Vendor Security Risk

Marianne Kolbasuk McGee • January 14, 2020

In light of recent ransomware and other cyberattacks against vendors serving numerous healthcare organizations, it's critical to develop and deploy comprehensive vendor risk management programs, says John Farley of Arthur J. Gallagher & Co., a provider of cyber insurance.

Critical Infrastructure Security

Cybercrime Support: Victory for the Midmarket

Tom Field • December 24, 2019

The year 2019 saw a marked increase on breach responses services for small-to-midsized businesses. Kristin Judge, CEO of the Cybercrime Support Network, outlines the state of cybersecurity for the midmarket.

Critical Infrastructure Security

The 'Axis of Evil' and Escalation of Destructive Attacks

Tom Field • December 24, 2019

Tom Kellermann, former cybersecurity adviser to the Obama administration, doesn't mince words when he describes the nation-state threat to the U.S. as the "axis of evil in cyberspace." Nor does he hold back about the threat from destructive attacks, 5G deployment and other trends to watch in 2020.

Breach Notification

Maze Ransomware Gang Names More Alleged Victims

Mathew J. Schwartz • December 23, 2019

The gang behind Maze ransomware now lists 21 alleged victims on its website that it says have not paid a demanded ransom, including the Florida city of Pensacola. But Canadian construction firm Bird, which was listed as a victim, subsequently disappeared from the list.

Cybercrime as-a-service

What About Ransomware?

Tom Field • December 23, 2019

Ransomware: It's the cybercrime "gift" that won't stop taking. What can organizations do to improve prevention, detection and response in 2020? Ex-FBI leader MK Palmore of Palo Alto Networks shares his insights.

Cybercrime as-a-service

MyKings Cryptomining Botnet Leverages EternalBlue Flaw

Scott Ferguson • December 23, 2019

The MyKings botnet, which has been spreading cryptominers and other malware, continues to grow in sophistication, using steganography to hide malicious updates, Sophos Labs reports. New research also shows attackers are exploiting the EternalBlue vulnerability in Windows.

Cybercrime as-a-service

Analysis: The Latest Ransomware Targets

Nick Holland • December 20, 2019

The latest edition of the ISMG Security Report discusses the recent ransomware attacks on the city of New Orleans as well as other units of local government and schools. Also featured: discussion on security issues for IoT and legacy medical devices.

Business Continuity Management / Disaster Recovery

Canadian Lab Pays Ransom to 'Retrieve' Data

Marianne Kolbasuk McGee • December 18, 2019

A Canadian medical testing lab acknowledges that it paid a ransom to "retrieve" data stolen by hackers in an incident that apparently did not involve ransomware. Find out about the unusual details of this incident.

Fraud Management & Cybercrime

Bill Spells Outs Steps to Help Schools With Cybersecurity

Akshaya Asokan • December 17, 2019

Following a series of high-profile ransomware attacks and other cyber incidents over the last year, two U.S. senators have introduced a bill designed to help bolster cybersecurity for local school districts.