The Week in Ransomware - June 3rd 2022 - Evading sanctions
Ransomware gangs continue to evolve their operations as victims refuse to pay ransoms due to sanctions or other reasons. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
Ransomware gangs continue to evolve their operations as victims refuse to pay ransoms due to sanctions or other reasons. [...]
The latest iteration of CMD-based ransomware is sophisticated and tricky to detect – and integrates token theft and worming capabilities into its feature set.
Deja-Vu data from this year's DBIR report feels like we are stuck in the movie 'Groundhog Day.'
Someone interested in putting together a ransomware campaign has to consider several factors. The LockBit group touts its speed over competing families to attract potential buyers for its ransowmare-as-a-service.
Via their insurance companies, natch Healthcare organizations, already an attractive target for ransomware given the highly sensitive data they hold, saw such attacks almost double between 2020 and 2021, according to a survey released this week by Sophos.…
Don't leave those firmware patches to last The notorious Conti ransomware gang has working proof-of-concept code to exploit low-level Intel firmware vulnerabilities, according to Eclypsium researchers.…
The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC). [...]
The threat actor behind the notorious Dridex campaign has switched from using its exclusive credential-harvesting malware to a ransomware-as-a-service model, to make attribution harder.
A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes. [...]
Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [...]
An analysis of leaked chats from the notorious Conti ransomware group earlier this year has revealed that the syndicate has been working on a set of firmware attack techniques that could offer a path to accessing privileged code on compromised devices
Melissa Bischoping, security researcher with Tanium and Infosec Insiders columnist, urges firms to consider the upstream and downstream impact of "triple extortion" ransomware attacks.
Artificial intelligence technology can detect the latest wave of Trickbot ransomware and block the attack before it causes damage.
As ransomware infections have evolved from purely encrypting data to schemes such as double and triple extortion, a new attack vector is likely to set the stage for future campaigns
Foxconn electronics manufacturer has confirmed that one of its Mexico-based production plants has been impacted by a ransomware attack in late May. [...]
The Trend Micro Threat Hunting team recently analyzed a series of CMD-based ransomware variants with a number capabilities such as stealing user information, bypassing remote desktop connections, and propagating through email and physical drives.
In this Tech Talk, Darktrace's Brianna Leddy and Dark Reading's Terry Sweeney discuss ways ransomware groups adapt their activities as enterprise security teams evolve their defenses and controls.
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. [...]
AI technology is helping hospitals repel ransomware at machine speed Sponsored Feature Browse through a selection of hospital mission statements and common themes quickly emerge: putting patients and community first, acting with integrity, pushing the bounds of medical research.…
Proof-of-concept lab work demos potential future threat Forescout researchers have demonstrated how ransomware could spread through an enterprise from vulnerable Internet-of-Things gear.…