Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Rady Children's Hospital-San Diego is facing a class-action lawsuit following a ransomware attack on its vendor, Blackbaud.

Pediatric Hospital Faces Lawsuit After Blackbaud Breach

Marianne Kolbasuk McGee • January 25, 2021

A proposed class-action lawsuit has been filed against Rady Children's Hospital-San Diego in the wake of a data breach resulting from a ransomware attack on Blackbaud, the hospital's cloud-based fundraising software vendor.

COVID-19

Ransomware Attack Delays EHR Rollout

Latest

Breach Notification

Cyber Incident Knocks Construction Firm Palfinger Offline

Doug Olenick • January 25, 2021

The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.

Fraud Management & Cybercrime

Texas Medical Center Breach Affects 640,000

Marianne Kolbasuk McGee • January 22, 2021

An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals.

Fraud Management & Cybercrime

Ransomware Incident Reportedly Leads to Health Data Leak

Marianne Kolbasuk McGee • January 20, 2021

An apparent ransomware attack that targeted an operator of occupational clinics used by employees of transportation companies and government agencies has reportedly resulted in the leak of some workers' health data.

Business Continuity Management / Disaster Recovery

Ransomware and EHR Systems: A Dangerous Mix

Marianne Kolbasuk McGee • January 8, 2021

A Baltimore medical center that suffered a ransomware attack a month ago and pulled its electronic health record system offline as a precaution is finally beginning to restore access to the system, the organization's CEO says. It's the latest example of how cyberattacks can derail EHRs.

Breach Notification

Blood Testing Lab Data Leaked

Prajeet Nair • January 6, 2021

Apex Laboratory a Farmingdale, New York-based blood testing facility, is notifying patients about the leak of their information, including test results. The security incident - which appears to involve ransomware - happened in July.

Fraud Management & Cybercrime

Ransomware Attacks in Healthcare Surging

Marianne Kolbasuk McGee • January 5, 2021

Ransomware and other cyberattacks on healthcare entities globally have increased by about 45% in the last two months, security vendor Check Point Software Technologies estimates.

Cybercrime

Police Dismantle Cybercrime 'Bulletproof Hosting Service'

Doug Olenick • December 22, 2020

The FBI, Europol and other law enforcement agencies shut down a virtual private network Tuesday that was providing a "bulletproof hosting service" that allowed cybercriminals to conduct illegal operations, including ransomware attacks, while remaining hidden from police.

Fraud Management & Cybercrime

Pay2Key Ransomware Campaign Tied to Iran

Akshaya Asokan • December 18, 2020

Over the past two months, several Israeli firms have been targeted with a ransomware variant called Pay2Key. Now, security firm ClearSky says the crypto-locking malware is linked to an Iranian threat group called Fox Kitten.

Fraud Management & Cybercrime

Ransomware Operators Using SystemBC Malware as Backdoor

Prajeet Nair • December 16, 2020

Several recent ransomware attacks, including those involving Ryuk and Egregor, have used a commodity malware variant called SystemBC as a backdoor, according to Sophos.

Cybercrime

'MountLocker' Ransomware Adds to Affiliate Extortion Racket

Scott Ferguson • December 12, 2020

lackBerry researchers are tracking a relatively new ransomware variant called "MountLocker" and the operators behind it, who are using affiliate cybercriminal gangs to help spread the malware, exfiltrate data and extort victims, sometimes for millions of dollars.

Cybercrime as-a-service

Ransomware Attacks Hitting Vulnerable MySQL Servers

Prajeet Nair • December 11, 2020

Hackers are targeting thousands of vulnerable MySQL servers around the world, using ransomware to exfiltrate data from organizations and then demanding payment, according to Guardicore Labs. The attackers are also selling access to over 250,000 stolen databases.

Breach Notification

FireEye Says Nation-State Attackers Stole Pen Test Tools

Jeremy Kirk • December 8, 2020

FireEye, one of the world's top cybersecurity firms, says attackers stole its penetration testing tools and sought information about government clients. But FireEye doesn't believe the suspected nation-state hackers exfiltrated any data.