The Week in Ransomware - January 5th 2024 - Secret decryptors
With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. [...]
A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. [...]
Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week. [...]
The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation. [...]
Australia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. [...]
In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks. [...]