Security News

The Egregor ransomware uses a novel approach to get a victim's attention after an attack - shoot ransom notes from all available printers. Ransomware gangs know that many businesses would rather hide a ransomware attack than make it public, including to employees, for fear of the news affecting stock prices and their reputation.

According to the survey, 57% of respondents said their companies haven't tested their disaster recovery plan within the past two months and 66% estimated that it would take five or more days to fully recover from a ransomware attack if they didn't pay the ransom. Just one third of all respondents said their companies had three or more copies of their data, including having one copy off site, separate from their data center.

Managed web hosting provider Managed.com has taken their servers and web hosting systems offline as they struggle to recover from a weekend REvil ransomware attack. As first reported by ZDNet, Managed.com disclosed on Tuesday that they were hit with a ransomware attack and, to protect the "Integrity of our customer's data," they decided to take their entire system down, including clients' websites.

They also warned that cases where the attackers exfiltrated data and asked for an additional ransom to delete it have doubled in the same period, but that paying up is a definite gamble. Various ransomware groups have posted the stolen data online despite having been paid to not release it or have demanded another payment at a later date.

In a new campaign analyzed by Radware, cybercriminals threaten organizations with Distributed Denial of Service attacks unless they acquiesce to their ransom demands. Published on Wednesday, a security alert entitled "2020 Ransom DDoS Campaign Update" describes how Radware and the FBI have been warning organizations about a global ransom DDoS campaign targeting financial companies and other businesses around the world.

Ransomware continues to run rampant this week, with well-known organizations getting hit with massive ransomware attacks. The biggest news this week is the Clop ransomware attack against Software AG, where the attackers are demanding a $23 million ransom.

The Clop ransomware gang hit the network of German enterprise software giant Software AG last Saturday, asking for a ransom of $23 million after stealing employee information and company documents. Software AG is a software company headquartered in Darmstadt, Germany, with more than 5,000 employees and operations in over 70 countries around the globe.

There's an old adage in information security: "Every company gets penetration tested, whether or not they pay someone for the pleasure." Many organizations that do hire professionals to test their network security posture unfortunately tend to focus on fixing vulnerabilities hackers could use to break in. These folks are very often contractors who work with established ransomware groups, and who are paid a set percentage of any eventual ransom payments made by a victim company.

Virginia's largest school system has been hacked and the attackers are seeking a ransom payment to keep them from disclosing stolen personal information. The school system confirmed the hack and said it is investigating and working with law enforcement.

Most online attacks could be easily avoided by following basic cyber security advice, Australia's national cyber security bureau has said - even as it warned that the impact and severity of things like ransomware attacks are getting worse and worse. "Cybercriminals follow the money," said the Australian Cyber Security Centre in its annual report for 2019-20, published earlier this week.