Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Bill Siegel, CEO, Coveware

Ransomware Gangs Practice Customer Relationship Management

Mathew J. Schwartz • September 13, 2019

Ransomware-wielding attackers treat infecting endpoints as a business and put customer relationship management principles to work, says Bill Siegel, CEO of ransomware incident response firm Coveware. He notes criminals "go after the low-hanging fruit because it's cheap and the conversion rate is high."

Business Continuity Management / Disaster Recovery

Election Security Program Aims to Mitigate Ransomware Risks

Latest

Cybercrime

Supply Chain Attacks: Hackers Hit IT Providers

Mathew J. Schwartz • September 19, 2019

A hacker group called Tortoiseshell has been hitting targets in the Middle East since at least July 2018, apparently targeting IT service providers to gain access to many potential targets at once. The campaign is fresh proof that criminals and nation-state attackers alike continue to favor supply chain attacks.

Cybercrime as-a-service

US Sanctions 3 North Korean Hacking Groups

Jeremy Kirk • September 16, 2019

As part of the U.S. government's continuing efforts to highlight the North Korean government's cyberattacks, the U.S. Treasury Department has sanctioned three alleged North Korean hacking groups that have been blamed for the WannaCry ransomware, online bank heists and destructive malware attacks.

Account Takeover

Cybercrime Black Markets: RDP Access Remains Cheap and Easy

Mathew J. Schwartz • September 10, 2019

Cybercrime is surging thanks, in part, to the availability of inexpensive hacking tools and services. A recent look by security firm Armour at black market offerings finds stolen payment card data, RDP credentials, ransomware and DDoS services are widely available for sale.

Patch Management

Email Servers: Exim Flaw Leaves Millions at Risk of Hacking

Jeremy Kirk • September 10, 2019

Email server alert: Linux and Unix administrators should immediately patch a remotely exploitable flaw in Exim, one of the world's most-used message transfer agents, security experts warn. Attackers could abuse the flaw to deliver ransomware, spy on or spoof emails and possibly also take down cloud services.

Cybercrime

Keeping New York's Connected Infrastructure Secure

Nick Holland • August 30, 2019

Mike Krygier of the New York City Cyber Command outlines threats to connected cities and critical infrastructure, including ransomware, and what steps can be taken to mitigate risks

Fraud Management & Cybercrime

Cyber Insurance Changes as Threats Evolve

Scott Ferguson • August 27, 2019

In light of emerging cyberthreats, including ransomware, organizations must change how they assess their cyber insurance options, says Ken Suh of Beazley.

Cybercrime

Emotet Botnet Shows Signs of Revival

Akshaya Asokan • August 26, 2019

After two months of inactivity, the notorious Emotet botnet is poised to start delivering malicious code again; active command-and-control servers have been spotted in the wild, researchers at the security firm Cofense warn.

3rd Party Risk Management

Analysis: The Texas Ransomware Mess

Nick Holland • August 23, 2019

The latest edition of the ISMG Security Report analyzes the ransomware attack on Texas municipalities as part of a broader trend. Also featured: An initiative designed to safeguard the 2020 presidential elections and a CIO's third-party risk management efforts.

Breach Notification

A Summer of Data Breach Discontent

Marianne Kolbasuk McGee • August 16, 2019

When we look at many of the biggest healthcare data breaches reported so far this summer, two big culprits pop out: ransomware attacks and vendor mishaps. What other trends will emerge?

3rd Party Risk Management

Choice Hotels: 700,000 Guest Records Exposed

Jeremy Kirk • August 14, 2019

Choice Hotels says about 700,000 guest records were exposed after one of its vendors copied data from its systems. Fraudsters discovered the unsecured database and tried to hold the hotel chain to ransom, which it ignored.

Anti-Phishing, DMARC

JPMorgan Chase Develops 'Early Warning System'

Akshaya Asokan • July 30, 2019

JPMorgan Chase researchers have published a new paper describing their efforts at developing a novel "early warning" system based on artificial intelligence algorithms that can detect malware, Trojans and other advanced persistent threats before the phishing campaign that targets the bank's employees even starts.

Cybercrime

Marcus Hutchins Spared Prison Time in Malware Case

Scott Ferguson • July 26, 2019

Marcus Hutchins, who rose to fame by helping to stop the WannaCry ransomware attacks, was spared jail time on Friday after pleading guilty earlier this year to creating the Kronos banking malware.