The Week in Ransomware - November 3rd 2023 - Hive's Back
Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise. [...]
Allied Pilots Association (APA), a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday. [...]
Secure Future Initiative needed in wake of tech evolution and unrelenting ransomware criminality Microsoft has made fresh commitments to harden the security of its software and cloud services after a year in which numerous members of the global infosec community criticized the company's tech defenses.…
Tailored ransomware readiness assessments help organizations develop comprehensive response plans that minimize damage and restore operations quickly.
More than 3,000 systems are exposed and vulnerable to attack on the Internet.
More than 3,000 systems are exposed and vulnerable to attack on the Internet.
The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information. [...]
Over a week later and barely any patches for the 10/10 vulnerability have been applied Security researchers have confirmed that ransomware criminals are capitalizing on a maximum-severity vulnerability in Apache ActiveMQ.…
A remote code execution (RCE) flaw impacting Apache ActiveMQ has been under active exploitation by threat actors who use HelloKitty ransomware payloads. [...]
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data. [...]
Cybersecurity researchers are warning of suspected exploitation of a recently disclosed critical security flaw in the Apache ActiveMQ open-source message broker service that could result in remote code execution
Won't say if it's LockBit, but LockBit appears to have claimed credit. Maybe payment, too Boeing has acknowledged a cyber incident just days after ransomware gang LockBit reportedly exfiltrated sensitive data from the aerospace defence contractor.…
Advarra probes intrusion claims, says 'the matter is contained' Ransomware crooks claim they've stolen data from a firm that helps other organizations run medical trials after one of its executives had their cellphone number and accounts hijacked.…
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack. [...]
Sophos researchers said the increased success rates was partly due to threat actors speeding up their attack timelines
RansomedVC owner takes to Telegram to flog criminal enterprise The short-lived RansomedVC ransomware operation is being shopped around by its owner, who is claiming to offer a 20 percent discount just a day after first listing it for sale.…
Initiative announced at International Counter Ransomware Initiative
'We're still in the final throes of getting every last member to sign' Top White House officials are working to secure an agreement between almost 50 countries to not pay ransom demands to cybercriminals as the international Counter Ransomware Initiative (CRI) summit gets underway in Washington DC Tuesday.…
At least two extortion gangs abusing CVE-2023-4966, we're told Citrix Bleed, the critical information-disclosure bug that affects NetScaler ADC and NetScaler Gateway, is now under "mass exploitation," as thousands of Citrix NetScaler instances remain vulnerable, according to security teams.…
The parties within the International Counter Ransomware Initiative intend to use information-sharing tools and AI to achieve their goals of cutting off the financial resources of threat actors.