Ransomware’s evolving tools and technical tactics confuse forensic analysis
Adversaries attempt to gain an upper hand by compromising the Active Directory, encrypting VM environments, and abusing Rclone.
About SC Media
Ransomware
To avoid penalties for ransomware payouts, incident response pros press for due diligence
The onus is also on the threat intelligence community, said one IR expert, to practice responsible ransomware attribution, as it can affect companies’ decisions on whether or not to pay.
Cring ransomware spread through hole in FortiGate VPN
In the early months of 2021 the ransomware operators struck a series of European industrial networks.
Ransomware cartel model didn’t fulfill potential, yet, but served as cybercrime proving ground
Competing ransomware actors don’t have enough incentive to collaborate and share profits, but that could change as automated attacks evolve.
Krebs: It’s time for a law that invests in the digital infrastructure
The former head of the CISA advocated for the equivalent of block grants to state and local government to modernize IT infrastructure, which in turn would boost citizen services, business growth, jobs, “and yes, help stop ransomware.”
Hackers rush to new doc builder that uses Macro-exploit, posing as DocuSign
It’s use in Trickbot and BazarLoader campaigns puts EtterSilent at the front end of attack chains for two of the most popular ransomware precursors in the world.
Conti ransomware gang hits Broward County Schools with $40M demand
Coral Glades High School, part of Broward County Public Schools. The $40 million ransomware attack on the district was one of a wave of cases targeting educational institutions over the last couple of weeks. (Formulanone, Public domain, via Wikimedia Commons) The Conti ransomware gang encrypted the systems at Broward County Public Schools several weeks ago and threatened to…
Qualys: Breach limited to 3rd-party vendor, but attackers trying to make exposure seem worse
In a detailed update posted on the Qualys website April 2, CISO Ben Carr said that an independent, third-party forensic firm has verified the company’s initial determination that the attack did not jump from Accellion’s file transfer appliance server to Qualys’ larger corporate network.
Policyholders may be the primary target in hack of cyber insurance provider CNA
In the words of one expert: “The theft of customer policies is the Sword of Damocles that has been hanging over the cyber insurance industry since its inception.”
Sierra Wireless withdraws financial guidance as ransomware attack takes down plants
Because of the disruptions caused by the ransomware incident, Sierra Wireless withdrew the Q1 2021 financial guidance provided Feb. 23, indicating a potential impact to the bottom line.
Want to read more?
Next post in Ransomware
