Ransomware Bill Passes House
The law is designed to make it easier for the US to respond to ransomware attacks from foreign adversaries
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
The law is designed to make it easier for the US to respond to ransomware attacks from foreign adversaries
Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems. [...]
Security analysts have observed an affiliate of the LockBit 3.0 ransomware operation abusing a Windows Defender command line tool to decrypt and load Cobalt Strike beacons on the target systems. [...]
Ransomware statistics from the second quarter of the year show that the ransoms paid to extortionists have dropped in value, a trend that continues since the last quarter of 2021. [...]
The Hive ransomware group claims it has home addresses, bank details, medical records and even students’ psychological reviews
Internet-connected MDM instances, each with an 'unrestricted number' of managed devices, were vulnerable FileWave has fixed a couple vulnerabilities in its endpoint management software that could allow a remote attacker to bypass authentication and take full control of the deployment and associated devices.…
Don't worry, the crooks totally deleted the data and promised not to use it for evil A ransomware gang has not only taken down WordFly, a mailing list provider for top arts organizations among others, but also siphoned data belonging to the US-based Smithsonian, Canada's Toronto Symphony Orchestra, and the Courtauld Institute of Art in London.…
Just ahead of its headline-grabbing attack on the Italian tax agency, the infamous ransomware group debuted an improved version of the malware featuring parts from Egregor and BlackMatter.
Wide use of Microsoft 365 applications by business lets phishers easily launch data theft, BEC, ransomware, and other attacks, new report finds.
Learn how to orchestrate your survival strategy here Webinar Ensuring your data is protected is the first step in dealing with cyber-attacks and outages. But that's only half the job. …
Cybersecurity researchers have reiterated similarities between the latest iteration of the LockBit ransomware and BlackMatter, a rebranded variant of the DarkSide ransomware strain that closed shop in November 2021
Be ready for a rebound, and protect yourself with patching and segmentation SonicWall has published its latest threat report, showing a drop in ransomware but an increase in malware attacks in the first half of 2022.…
The No More Ransom project celebrates its sixth anniversary today after helping millions of ransomware victims recover their files for free. [...]
Italian authorities are investigating claims made by the LockBit ransomware gang that they breached the network of the Italian Internal Revenue Service (L'Agenzia delle Entrate). [...]
Ransomware dips worldwide but surges in Europe
Ransomware gang hits Canadian town and Italian government
Miscreants boast of 78GB haul, officials say everything's fine The LockBit ransomware crew is claiming to have stolen 78GB of data from Italy's tax agency and is threatening to leak it if a ransom isn't paid by July 31.…
Several threat actors used Amadey Bot previously to steal information and distribute malware such as the GandCrab ransomware and the FlawedAmmy RAT.
Emerging threat group offers a broad range of attack services An emerging and fast-growing threat group is using a unique business model to offer cybercriminals a broad range of services that span from leaked databases and distributed denial-of-service (DDoS) attacks to hacking scripts and, in the future, potentially ransomware.…
In June 2022, LockBit revealed version 3.0 of its ransomware. In this blog entry, we discuss the findings from our own technical analysis of this variant and its behaviors, many of which are similar to those of the BlackMatter ransomware.