Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

US Warns Nation-State Groups May Exploit Flaw in Zoho Tool

Scott Ferguson • September 17, 2021

CISA, the FBI and the U.S. Coast Guard Cyber Command warn users of Zoho Corp.'s single sign-on and password management tool to patch for a vulnerability that nation-state groups may look to exploit. Attackers could use the bug to compromise credentials and exfiltrate data from Active Directory.

Critical Infrastructure Security

Bad News: Innovative REvil Ransomware Operation Is Back

Latest

Business Continuity Management / Disaster Recovery

Is White House Crackdown on Ransomware Having Any Effect?

Mathew J. Schwartz • September 17, 2021

The latest edition of the ISMG Security Report features an analysis of the state of the Biden administration's efforts to disrupt ransomware attackers, as well as how a newly patched Apple iMessage flaw was being targeted by Pegasus spyware to effect zero-click exploits.

3rd Party Risk Management

Top Initial Attack Vectors: Passwords, Bugs, Trickery

Mathew J. Schwartz • September 14, 2021

The top three tactics attackers have been using to break into corporate and government networks are brute-forcing passwords, exploiting unpatched vulnerabilities, and social engineering via malicious emails, says security firm Kaspersky in a roundup of its 2020 incident response investigations.

Cybercrime

Olympus: 'Potential Cyber Incident' Disrupted EMEA System

Mihir Bagwe • September 13, 2021

Olympus, a Japanese company that manufactures optics and reprography products, reports that a portion of its IT system in the EMEA region was affected by a "potential cybersecurity incident." While Olympus has not identified an attacker, some reports suggest it is the BlackMatter ransomware gang.

Cybercrime

Pysa Ransomware Gang Targets Linux

Prajeet Nair • September 11, 2021

The Pysa ransomware gang has created a new Linux version of its malware designed to target Linux hosts with the ChaChi backdoor, using its Windows counterpart's characteristics, according to a new report.

Blockchain & Cryptocurrency

ISMG Editors' Panel: Ransomware Affiliates Seek New Gangs

Anna Delaney • September 10, 2021

In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how ransomware affiliates change operators and why terrorists aren't launching massive cyberattacks.

Critical Infrastructure Security

Ransomware: Hot or Not? Here's Attackers' Ideal Target

Anna Delaney • September 10, 2021

The latest edition of the ISMG Security Report features an analysis of the most sought-after type of victim for ransomware-wielding attackers. Also featured: fighting extortion schemes and stress management tips.

Critical Infrastructure Security

National Cyber Director Sees Ransomware As Continuing Threat

Scott Ferguson • September 9, 2021

Despite a recent slowdown in incidents and some cybercriminals claiming they have stopped or abandoned ransomware attacks, National Cyber Director Chris Inglis says it's "too soon to tell," if the behavior of these groups has changed permanently or if they are waiting for an opportunity to return.

3rd Party Risk Management

White House Pushing Federal Agencies Toward 'Zero Trust'

Scott Ferguson • September 8, 2021

The White House is preparing executive branch agencies to adopt "zero trust" network architectures by 2024, with CISA and the OMB overseeing the creation of technology road maps that departments must follow. This is a major component of President Biden's cybersecurity executive order.

3rd Party Risk Management

Resilience CEO on White House Meeting, Cyber Insurance

Scott Ferguson • September 8, 2021

On Aug. 25, President Joe Biden invited about 25 technology, insurance, finance and education executives to the White House to discuss pressing cybersecurity issues such as supply chain and critical infrastructure. One of those participants was Resilience CEO Vishaal Hariprasad.

Business Continuity Management / Disaster Recovery

Ragnar Locker: 'Talk to Cops or Feds and We Leak Your Data'

Mathew J. Schwartz • September 7, 2021

The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."

Cybercrime

Criminals' Wish List: Who's Their Ideal Ransomware Victim?

Mathew J. Schwartz • September 6, 2021

The most sought-after type of victim for ransomware-wielding attackers is a large, U.S.-based business with at least $100 million in revenue, not operating in the healthcare or education sector, with remote access available via remote desktop protocol or VPN credentials, threat intelligence firm Kela reports.

Fraud Management & Cybercrime

Conti Ransomware Threat Rising as Group Gains Affiliates

Mathew J. Schwartz • September 3, 2021

As the United States heads into a holiday weekend, experts are warning that ransomware-wielding attackers are sure to unleash crypto-locking chaos in the coming days, with Conti ransomware attacks in particular having been rising sharply in recent weeks.