Ransomware.org Blog
76 FOLLOWERS
Read recent articles, watch videos and webinars on ransomware. Find tools; hear from industry experts how to stay ahead of ransomware actors.
Ransomware.org Blog
3M ago
When ransomware visits your network, resolve to build it back better. And if you’re tempted to pay the ransom, don’t. That money is better spent on new defenses to prevent a repeat incident. These are some of the takeaways from a remarkable British Library report, Learning Lessons From The Cyberattack, that analyzes the paralyzing ransomware […]
The post 10 Lessons from the British Library Ransomware Attack appeared first on Ransomware.org ..read more
Ransomware.org Blog
8M ago
Cybercriminals, it is widely observed, have a fondness for weekends. This is not by chance—at weekends organizations are short-staffed, making this the best time to launch a cyberattack.
It’s a pattern that played out in a ransomware attack on the Romanian health system on Sunday, Feb. 11, that sent some of the country’s most important hospitals back to the world of pen and paper.
First reports put the number of hospitals affected at 18, which soon climbed to 21, then 25, and then 30. It quickly became apparent that this was only for starters.
The attack targeted the Hipocrate Information Syst ..read more
Ransomware.org Blog
8M ago
Stop us if you’ve heard this one before but ransomware is undergoing another one of its periodic surges.
Granted, cybercrime always seems to be on the up—does the media ever report drops in cybercrime?—but this time there’s some hard evidence to back it up.
That ransomware activity for 2023 rose was no surprise with the war in Ukraine causing a temporary drop in activity during 2022. Even so, when assessing activity on leak sites, Palo Alto’s Unit 42 researchers found significant rises in activity across the year.
Another source is Chainalysis, which rates 2023 as ransomware’s “comeback” year ..read more
Ransomware.org Blog
8M ago
How will the sudden emergence of artificial intelligence (AI) platforms such as ChatGPT influence future ransomware attacks?
Right now, there are so many pessimistic answers to this question it can be hard to judge the real-world risk they pose.
On the one hand, there’s no doubt that AI can easily be used to improve individual components of today’s attack, for example improving the language and design of phishing emails to make them read more convincingly (as anyone who’s experimentally coaxed ChatGPT to rewrite an awkwardly phrased phishing email will attest).
At the same time, it’s also like ..read more
Ransomware.org Blog
10M ago
The most extraordinary week in ransomware history anyone can remember began on Feb. 19 with an historic takedown of the infrastructure used by notorious ransomware group, LockBit.
Industry watchers were euphoric, almost giddily so. If anything, that might be understating it. Twitter-X was ablaze with congratulations, most of them aimed at Britain’s National Crime Agency (NCA), which spearheaded the operation.
Allan Liska of Recorded Future (a former contributor to this site) even posted a picture of cupcakes his colleagues had delivered to their Boston office to celebrate the occasion.
But the ..read more
Ransomware.org Blog
10M ago
The 1980s brutalism of the British Library in London has been likened to an unwelcoming fortress, and yet the intimidating appearance was no help when ransomware attackers decided to pay it a visit last October.
In what is turning out to be one of the worst incidents ever to hit a public U.K. organization, over several days the famous institution’s website went down, its Wi-Fi stopped working, its email went offline, and the online catalog used by visitors became inaccessible.
Days of disruption turned into weeks, weeks turned into months, with the only glimmer of progress being the online cat ..read more
Ransomware.org Blog
11M ago
Has the digital reign of terror from the world’s second most active ransomware group, ALPHV (BlackCat), come to an end, or hasn’t it?
If you ask the coalition of global police forces that recently seized its infrastructure, you’ll get a clear yes in answer to that question.
The first sign that ALPHV was in trouble came on Dec. 7 when the dark websites used by the group to publish data leaks and conduct ransomware negotiations suddenly disappeared. This is highly unusual—dark websites used by ransomware groups are a vital piece of infrastructure necessary for their business model. Without it, t ..read more
Ransomware.org Blog
11M ago
One of the most unexpected trends of recent years is the way ransomware has turned high-impact cybercrime incidents into a public spectacle.
For ransomware criminals, the more public the better. Extra publicity equals more embarrassment for the victim, which even if it doesn’t result in a ransom being paid serves as a warning to future victims.
Public Exposure
For organizations being ransomed, there are really only three ways to approach public exposure. The first—and until recently the default option—is to pay the ransom and hope (probably in vain) that this keeps the attack private.
The seco ..read more
Ransomware.org Blog
1y ago
In the relatively short history of ransomware crime, very few of the professional criminals behind these attacks have ever been brought to justice.
So many crimes, so few arrests, and there’s no mystery as to why: Ransomware criminals typically operate from countries with weak or no laws against what they do, and sometimes (stand up, Russia) with what can only reasonably be interpreted as the tacit approval of the government itself.
Ringleader Arrest
This should make Europol’s announcement on Nov. 21 that it arrested the 32-year old alleged “ringleader” of a major ransomware operation a notabl ..read more
Ransomware.org Blog
1y ago
“Those who cannot remember the past are condemned to repeat it,” said philosopher George Santayana in one of the most widely quoted aphorisms of the 20th century.
According to a report from security company Sophos covering global customer data from the first half of 2023, a similar principle is applicable in many cyberattacks, especially those by ransomware.
The computing equivalent of remembering events is logging, through which events are recorded as data in simple text files that list system messages, application errors, and account logins.
Targeting Log Files
Log files have been a feature ..read more