The Week in Ransomware - May 5th 2023 - Targeting the public sector
This week's ransomware news has been dominated by a Royal ransomware attack on the City of Dallas that took down part of the IT infrastructure. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
This week's ransomware news has been dominated by a Royal ransomware attack on the City of Dallas that took down part of the IT infrastructure. [...]
Texas officials preach limited government ... but not this limited The city of Dallas, Texas, is working to restore city services following a ransomware attack that crippled its IT systems.…
The attack took down essential services, including some 911 dispatch systems
Canadian diversified software company Constellation Software confirmed on Thursday that some of its systems were breached by threat actors who also stole personal information and business data. [...]
Sweeping changes implemented since the May 2021 cyberattack are helping -- but more work remains to be done, security experts say.
Innovative tactics turn up the heat on Bluefield University
Courts closed, but police, fire rescues unaffected following ransomware attack.
The Avos ransomware gang hijacked Bluefield University's emergency broadcast system, "RamAlert," to send students and staff SMS texts and email alerts that their data was stolen and would soon be released. [...]
How can organizations defend themselves more effectively against ransomware and other forms of cyber extortion? By “shifting left” and adopting proactive cybersecurity strategies to detect attacks sooner, mitigating breaches before they cause harm.
The City of Dallas, Texas, has suffered a Royal ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. [...]
Orqa, a maker of First Person View (FPV) drone racing goggles, claims that a contractor introduced code into its devices' firmware that acted as a time bomb designed to brick them. [...]
The City of Dallas, Texas, has suffered a ransomware attack, causing it to shut down some of its IT systems to prevent the attack's spread. [...]
Pediatric mental health provider Brightline is warning patients that it suffered a data breach impacting 783,606 people after a ransomware gang stole data using a zero-day vulnerability in its Fortra GoAnywhere MFT secure file-sharing platform. [...]
Build a culture of security so that everyone is on the lookout for suspect behavior. Implement least privilege, improve visibility.
The FBI and Ukrainian police have seized nine cryptocurrency exchange websites that facilitated money laundering for scammers and cybercriminals, including ransomware actors. [...]
The cyberattack campaign, similar to one to spread the Rhadamanthys Stealer, is part of a larger trend by attackers to use malvertising as initial access for ransomware and other threat activity.
How to recover from cyber attacks on Microsoft 365 Webinar Every organization needs a full set of data recovery tools. The sort that will get you back up and running quickly after a ransomware attack, outage, or accidental data deletion. And it's best to be prepared in advance rather than deal with the data disaster face to face when it happens.…
Ransoms, investigations, and breach-related lawsuits are hitting companies in the wallet, law firm says Data loss – particularly from ransomware attacks – has always been a costly proposition for enterprises. However, the price organizations have to pay is going up, not only in terms of the ransom demanded but also for the cost of investigating attacks and the lawsuits that increasingly follow in the wake of such breaches.…
The ransomware group adds in personal insults to ratchet up pressure on Western Digital threat hunters.
The ALPHV ransomware operation, aka BlackCat, has published screenshots of internal emails and video conferences stolen from Western Digital, indicating they likely had continued access to the company's systems even as the company responded to the breach. [...]