Security News

As is typical in ransomware attacks, the University of Waterloo forced staff, faculty, and employee grad students to reset their passwords by June 8th. All non-employee grad students, incoming first-year undergraduates, and all remaining students had to reset their passwords by June 22nd. Resetting the passwords for 42,000 people and their many connected devices is challenging, to say the least, for any IT team. Let's explore why organizations are forced into mass password resets and how to make the process manageable.

The most widely used method for ransomware delivery in 2022 was via URL or web browsing, Palo Alto Networks researchers have found. Third-party apps were the primary entry vector for ransomware infections in 8.2% of cases recorded by the company in 2022.

Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID. Despite both the rise in threats and the high percentage of respondents whose organizations suffered recent attacks, there hasn't been a corresponding uptick in strategic measures to shore up cyber resilience. Organizations need cyber resilience and data security capabilities in place, too-to recover data and restore business operations and to do so fast.

The Abyss Locker operation is the latest to develop a Linux encryptor to target VMware's ESXi virtual machines platform in attacks on the enterprise. With VMware ESXi being one of the most popular virtual machine platforms, almost every ransomware gang has begun to release Linux encryptors to encrypt all virtual servers on a device.

With ransom payments declining, ransomware gangs are evolving their extortion tactics to utilize new methods to pressure victims. The Clop ransomware gang is copying an ALPHV ransomware gang extortion tactic by creating Internet-accessible websites dedicated to specific victims, making it easier to leak stolen data and further pressuring victims into paying a ransom.

The Hawaiʻi Community College has admitted that it paid a ransom to ransomware actors to prevent the leaking of stolen data of approximately 28,000 people. On June 19th, 2023, the relatively new NoEscape ransomware gang listed UH on its extortion portal, threatening to publish 65 GB of stolen data in a week if a ransom was not paid.

As ransomware attacks continue, a few key groups have inflicted some of the greatest damage to their victims. Though a variety of these criminal groups litter the cyberspace landscape, a few were especially dangerous and destructive in their ransomware attacks throughout the year.

A new 'Nitrogen' initial access malware campaign uses Google and Bing search ads to promote fake software sites that infect unsuspecting users with Cobalt Strike and ransomware payloads. [...]

The ALPHV ransomware gang, also referred to as BlackCat, is trying to put more pressure on their victims to pay a ransom by providing an API for their leak site to increase visibility for their...

"Q2 2023 continued to highlight the growing ransomware threat facing organizations across the globe, from both established ransomware gangs and emerging or ephemeral opportunistic groups," said Drew Schmitt, GRIT Lead Analyst. For the first half of 2023, correlation between the total number of ransomware groups and total observed ransomware events suggests that newly emerging groups directly contribute to the rise in total victims.