Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Partial heat map of ransomware attackers' tactics, techniques and procedures, from red (most prevalent) to green (Source: Group-IB)

Ransomware Gangs' Ruthlessness Leads to Bigger Profits

Mathew J. Schwartz • May 28, 2020

Ransomware-wielding criminals are growing increasingly ruthless, based on the size of their extortion demands, their increasing propensity to leak data in an attempt to force victims to pay and their greater focus on taking down big targets. These tactics, unfortunately, appear to be working.

Endpoint Detection & Response (EDR)

ATM Manufacturer Diebold Nixdorf Hit With Ransomware

Latest

Active Defense & Deception

Modern Bank Heists 3.0: 'A Hostage Situation'

Tom Field • May 27, 2020

Ransomware, wire transfer fraud, destructive attacks: In recent months, the financial sector has seen these and other online attacks surge by 238% as criminals continue to exploit the pandemic, warns Tom Kellermann of VMware Carbon Black, who shares findings from his firm's third "Modern Bank Heists" report.

Cybercrime

Ransomware Gang Posting Financial Details From Bank Attack

Akshaya Asokan • May 23, 2020

The Maze ransomware gang has started releasing payment card data from an attack that happened earlier this year at Banco BCR, the state-owned Bank of Costa Rica. The cybercriminal gang is now threatening to release more of customers' financial data each week.

Application Security

Analysis: The Long-Term Implications of 'Work From Home'

Nick Holland • May 22, 2020

The latest edition of the ISMG Security Report features Retired General Keith Alexander, former NSA director, discussing the long-term security implications of the shift to working from home. Also: an update on ransomware gangs leaking data and an analysis of using open source code for app development.

Cybercrime

Hacked Law Firm May Have Had Unpatched Pulse Secure VPN

Scott Ferguson • May 21, 2020

A recent ransomware attack that targeted a law firm that serves celebrities may have been facilitated by a Pulse Secure VPN server that was not properly patched and mitigated against a well-known vulnerability, some security experts say.

Business Continuity Management / Disaster Recovery

Backing Up Data: How to Prepare for Disaster

Jeremy Kirk • May 15, 2020

If an organization fails to stop a ransomware attack, how does it recover the data? Backups, of course, are essential. But Peter Marelas of Dell Technologies says organizations should have a well-developed strategy for backups because attackers are increasingly targeting those systems as well.

Business Continuity Management / Disaster Recovery

Analysis: Securing RDP to Prevent Ransomware Attacks

Nick Holland • May 15, 2020

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments.

Breach Notification

Toll Group Says Ransomware Attackers Stole Data

Jeremy Kirk • May 13, 2020

Australian shipping giant Toll Group has vowed to again not pay a ransom after suffering its second ransomware attack of the year. In the latest incident, however, the company warns that attackers also stole corporate data - and it may get leaked.

Cybercrime

2020 Cyber Threats, Trends and Attacks

Information Security Media Group • May 5, 2020

Security and risk experts from Forrester and Neustar advise on what you need to know about today's cyberthreats, including website vulnerabilities, APIs, third-party party scripts, nefarious bots and DDoS attacks.

COVID-19

Analysis: Ransomware's Costly Impact

Nick Holland • May 1, 2020

The latest edition of the ISMG Security Report analyzes the rising costs of ransomware attacks and the latest victims. Also featured: An assessment of Australia's new contact-tracing app designed to help battle the spread of COVID-19, and a discussion of applying the "zero trust" model to the remote workforce.

Business Continuity Management / Disaster Recovery

Ransomware: Average Business Payout Surges to $111,605

Mathew J. Schwartz • April 30, 2020

The average ransom paid by victims to ransomware attackers reached $111,605 in the first quarter of this year, up 33% from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate.

Fraud Management & Cybercrime

Fresh Ransomware Targets Android Devices

Akshaya Asokan • April 29, 2020

The gang behind Black Rose Lucy malware, which targets Android users, has added ransomware capabilities, according to Check Point Research. The malware, which dates back to 2018, originally was designed as a malware-as-a-service botnet and dropper for other malicious code.

Endpoint Protection Platforms (EPP)

Case Study: Enhancing Endpoint Security

Marianne Kolbasuk McGee • April 28, 2020

Because it's inevitable that some attackers will get around defenses, Kettering Health Network added an extra layer of endpoint security to help mitigate the risks posed by ransomware and other cyberthreats, says Michael Berry, director of information security. He describes what's unusual about the approach.