Welcome to ISMG's Ransomware Resource Center!

Ransomware has rapidly become one of the world's most prevalent types of cybercrime. The lure for criminals is easy to see: Using highly automated and easily distributed crypto-locking malware to forcibly encrypt systems, attackers can demand bitcoin ransoms in exchange for decryption keys. Use this Ransomware Resource Center for the latest details on emerging ransomware variants, threat intelligence on attackers, plus best practices for detection, response and remediation.

Spam email distributing the Trickbot banking Trojan, which appears to have obtained attack code from BokBot. (Source: Malwarebytes)

Repeat Trick: Malware-Wielding Criminals Collaborate

Mathew J. Schwartz • March 21, 2019

Emotet pushes Ryuk, GandCrab taps NTCrypt, and BokBot borrows from Trickbot. With millions to be potentially stolen from victims, is it any wonder that malware-wielding gangs continue to get a little help from their cybercrime friends?

Endpoint Security

11 Takeaways: Targeted Ryuk Attacks Pummel Businesses

Latest

DevSecOps

Why Security for DevOps Is Lagging

Mathew J. Schwartz • March 25, 2019

Many large organizations are app developers, and individuals are increasingly using apps to access computing resources. But the age-old problem of code not being reviewed for flaws at every stage of testing and production continues, warns Joseph Feiman of WhiteHat Security.

RSA Conference 2018

Technology's Role in Digital Risk Management

Tom Field • March 25, 2019

As enterprises embrace strategies built around digital risk management, it isn't that technology becomes a less important conversation. Instead, it's more strategic. Zulfikar Ramzan, CTO of RSA, outline's technology's role in the business path forward.

RSA Conference 2018

The Dark Side of Cybersecurity: Burnout

Mathew J. Schwartz • March 25, 2019

Call to action: Information security teams should "include mental health topics in their team meetings, their management reports and metrics, as well as face to face meetings," says to Thom Langford, head of security consultancy (TL)2, speaking from experience.

Authentication

Gaining Visibility and Control Over Passwords

Nick Holland • March 25, 2019

Passwords are still a persistent security threat, given their ubiquity as a form of authentication and the inability of users to create strong, unique passwords. John Bennet of LogMeIn discusses the issue and solutions.

Fraud Management & Cybercrime

Threat Watch: Phishing, Social Engineering Continue

Mathew J. Schwartz • March 25, 2019

Reviewing 2018 attacks, Jon Clay of Trend Micro, says social engineering persists, including phishing attacks, while criminals also continue to steal credentials, lob ransomware at targets and push cryptomining malware.

Application Security

Application Security and the Focus on Software Integrity

Tom Field • March 25, 2019

As trends such as DevSecOps and agile application development spread, enterprises increasingly are focused on software integrity. Andreas Kuehlmann of Synopsys discusses how to address this shift.

RSA Conference 2018

3 Hot Legal Topics at RSA Conference 2019

Mathew J. Schwartz • March 25, 2019

What's hot on the cybersecurity legal front? For starters, in 2018, the U.S. Department of Justice indicted twice as many alleged state-sponsored attackers than it had ever indicted, says Kimberly Peretti of Alston & Bird.

RSA Conference 2018

Stepping Up to the Board

Tom Field • March 25, 2019

Cybersecurity leaders hear a lot about speaking to the board. But increasingly, these leaders are also tapped to serve on boards of directors. What business skills are most needed and often lacking? Executive recruiter Joyce Brocaglia of Alta Associates and the Executive Women's Forum explains.

Encryption & Key Management

Securing Smartphones from Eavesdropping

Nick Holland • March 25, 2019

Smartphone security is paramount for certain scenarios, but software based encryption has been shown to be insufficient. Mike Fong, founder and CEO of Privoro, demonstrates a hardware based solution to smartphone encryption

Next-Generation Technologies & Secure Development

Cyber Risk Management: Why Automation is Essential

Mathew J. Schwartz • March 22, 2019

The challenge of wanted to adopt the latest and greatest point products, as opposed to opting for a more platform-based approach, seems never-ending, and can only be managed by bringing greater amounts of automation to bear, says Skybox Security's Michelle Cobb.

General Data Protection Regulation (GDPR)

GDPR: Data Breach Notification 101

Mathew J. Schwartz • March 22, 2019

Since the EU's new GDPR privacy law came into effect in May 2018, one challenge for organizations that suffer a breach is knowing whether or not they must report it to authorities, says Brian Honan, president and CEO of BH Consulting in Dublin.

Anti-Malware

Microsoft Brings Defender ATP Platform to macOS

Jeremy Kirk • March 22, 2019

A decade or more ago, this would have been unthinkable: Microsoft developing an anti-malware platform for macOS. But Windows Defender ATP is now available for Macs via a limited preview. Microsoft says the move will help protect customers running non-Windows machines.