Security News
"To combat ransomware and other threats, I advise IT security organizations to invest wisely in products that continuously discover and patch vulnerabilities, uncover advanced threats using machine learning and artificial intelligence, and continuously back up their data everywhere." The report found 85 percent of organizations are experiencing a shortfall of skilled IT security personnel, and survey respondents cited "Lack of skilled personnel" as their biggest obstacle to adequately defending against cyberthreats.
Operators of the Sodinokibi Ransomware as a Service recently published over 12GB of data that allegedly belongs to one of its victims - Brooks International - that refused to pay ransom. Sodinokibi - a GandCrab derivative blamed for numerous attacks that took place last year - is a prime example of RaaS. BleepingComputer shared a screengrab of one such hacker forum post that showed a member advertising a link to the stolen data for 8 credits: that's worth about €2.
This week we talk about why Let's Encrypt might have to celebrate its billionth certificate twice, wonder if James Bond could hack Siri with ultrasound, and make backups surprisingly interesting. LISTEN NOW. Click-and-drag on the soundwaves below to skip to any point in the podcast.
A new report from the Deloitte Center for Government Insights surveyed ransomware attacks on local governments throughout 2019 and lays out a few tips for those faced with the tough decision of whether to pay ransoms or not. The crucial question for most local governments is whether to pay, and while it may seem like the massive cost differences between thousand-dollar ransom payments and million-dollar recovery efforts is steep, the report suggests local governments hold the fort and refrain from paying cybercriminals.
A lawsuit seeking class action status has been filed against a New Jersey healthcare organization in the wake of a ransomware attack last December in which the entity paid attackers a ransom to unlock its systems. Because of the ransomware attack, patients had their medical care and treatment disrupted, the complaint alleges.
Attackers using Ryuk and Sodinokibi - aka REvil - are increasingly "Focusing their attacks on large companies where they can attempt to extort the organization for a seven-figure payout," it says, noting that the average Ryuk ransom payment last quarter was $780,000. One commonality across all types of tools is that attackers overwhelmingly continue to demand ransom payments in bitcoins.
Paying off hackers after a ransomware infection could end up being a total loss, according to a study released Thursday which finds some attackers just take the money and run. A survey by researchers at the security firm Proofpoint found that 33 percent of organizations infected with ransomware opted to pay the ransom.
Could ransomware shakedowns against healthcare entities be taking an even uglier turn? In a recent attack on a Florida-based plastic surgery practice, hackers exfiltrated patients' medical records and then demanded a ransom be paid by the clinic and some of its patients to avoid further exposure of the data. "The attackers demanded a ransom negotiation, and as of Nov. 29, 2019, about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met."
Could ransomware shakedowns against healthcare entities be taking an even uglier turn? In a recent attack on a Florida-based plastic surgery practice, hackers exfiltrated patients' medical records and then demanded a ransom be paid by the clinic and some of its patients to avoid further exposure of the data. "The attackers demanded a ransom negotiation, and as of Nov. 29, 2019, about 15-20 patients have since contacted TCFFR to report individual ransom demands from the attackers threatening the public release of their photos and personal information unless unspecified ransom demands are negotiated and met."
That ransomware attackers can steal as well as encrypt data isn't a new phenomenon but the possibility that sensitive data might be revealed to the world is potentially more damaging than any short-term disruption caused by the malware. To understand this defiance, consider other recent Maze incidents in which the Maze gang released samples of the stolen data to media, and set up a special website to publish it.