Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Another Electronic Health Records Vendor Hacked

Marianne Kolbasuk McGee • December 7, 2018

Yet another cyberattack against a cloud-based electronic health records vendor has been revealed. This one involved a ransomware attack that potentially exposed data on 16,000 patients of a California eye clinic. What can healthcare organizations do to minimize vendor risks?

Cybercrime

Connecticut City Pays Ransom After Crypto-Locking Attack

Latest

Fraud Management & Cybercrime

Federal Prosecutors Discuss SamSam Indictments

Nick Holland • November 30, 2018

In the latest edition of the ISMG Security Report, hear prosecutors discuss the indictments of two Iranians in connection with SamSam ransomware attacks. Also: Updates on allegations that Google is violating GDPR and cryptocurrency's impact on crime trends.

Fraud Management & Cybercrime

Texas Hospital Catches Dharma Ransomware Infection

Marianne Kolbasuk McGee • November 16, 2018

An attack on Altus Baytown Hospital in Texas is the latest ransomware incident reported to federal regulators as a health data breach. What other major ransomware incidents are impacting the healthcare sector?

Business Email Compromise (BEC)

Health Data Breach Tally: Analyzing the Latest Trends

Marianne Kolbasuk McGee • October 30, 2018

What kinds of health data breaches have been most common so far in 2018? An analysis of the official HHS breach tally reveals the latest trends, and security experts offer an analysis.

Anti-Malware

GandCrab Ransomware Partners With Crypter Service

Mathew J. Schwartz • October 11, 2018

The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.

Next-Generation Technologies & Secure Development

Mobile Threats: Myths and Realities

Information Security Media Group • October 1, 2018

There is greater awareness to the proliferation of mobile threats, and yet many organizations still underestimate their own vulnerabilities. Brian Duckering of Symantec discusses the rise and maturity of mobile threat defense.

Breach Response

Ransomware Crypto-Locks Port of San Diego IT Systems

Mathew J. Schwartz • September 28, 2018

Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, incident response efforts remain underway and many port systems remain offline. Port officials say the attacker has demanded a ransom, payable in bitcoin, for the promise of a decryption key.

Cybercrime

Cybercrime Markets Sell Access to Hacked Sites, Databases

Mathew J. Schwartz • September 21, 2018

One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.

Business Continuity Management / Disaster Recovery

Scotland's Arran Brewery Slammed by Dharma Bip Ransomware

Mathew J. Schwartz • September 21, 2018

Scotland's Arran Brewery fell victim to a Dharma Bip ransomware attack that infected its Windows domain controller and crypto-locked files and local backups, leading to the loss of three months' worth of sales data. The brewery refused to pay the attackers' two bitcoin ransom demand.

Cybercrime

Why Cybercrime Remains Impossible to Eradicate

Mathew J. Schwartz • September 18, 2018

More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.

Cybercrime as-a-service

Russian Pleads Guilty to Operating Kelihos Botnet

Mathew J. Schwartz • September 13, 2018

Russian national Peter Levashov, who was arrested in Spain last year and extradited to the U.S., has admitted to a two-decade crime spree that included running multiple botnets that harvested online credentials while also pumping out spam, banking Trojans and ransomware.

Anti-Malware

Feds Charge North Korean With Devastating Cyberattacks

Jeremy Kirk • September 7, 2018

U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.

DevSecOps

Organizations Adopting DevOps as they Retool IT Infrastructure

Information Security Media Group • December 14, 2018

Organizations are increasingly moving their mission-critical applications and data to Amazon Web Services (AWS) and taking advantage of the massive compute power of Amazon Elastic Compute Cloud (Amazon EC2).