Who are the people the ransomware groups most rely on for their business model? Most commentators fall back on the conventional view that the ransomware industry’s main protagonists are the clever but amoral hacker masterminds looking to make big bucks. But occasionally we get a glimpse that what’s inside the criminality’s black box might be more complicated than this picture suggests. A rarely mentioned group are the financial enablers who keep the whole ransomware show working efficiently and are probably just as important as any programmer. Laundering Operations Take, for example, Russian n ..read more

Sponsored Post: Nasuni. As we all know, it is very difficult to protect large file servers using traditional backup solutions. Organizations have been founded with the sole purpose to create a file system that automatically protects itself. They spend hours talking to customers about this new approach to file systems, UniFS®, and why it’s beneficial. As these organizations were doing their research, they were constantly reminded that customers are far more concerned with what technology can do for them and their business than its originality or intrinsic design. The many problems associated wi ..read more

Imagine a world where ransomware victims across the globe simply refused to pay their attackers. In theory, the attackers would quickly realize their extortion business model no longer made any sense. As has been widely observed, victims who pay attackers simply fuel the next wave of ransomware. It follows from this that as long as paying continues to be the default option for many victims, ransomware will only get worse. No Backsliding As reported by this blog, it’s why the idea of banning ransom payments has been kicking around in government circles in the United States and elsewhere for som ..read more

Sponsored Post: Nasuni. Ransomware is everywhere: According to Enterprise Strategy Group (ESG), 73% of organizations have been the victim of a successful ransomware attack that resulted in financial loss, disrupted business operations, or other impacts (see Figure 1) within the past 12 months, and ransomware was involved in 25% of all breaches according to the 2023 Verizon Data Breach Investigations Report. Figure 1: Impacts of successful ransomware attacks (Source: Ransomware: Trends, Impacts, and the Role of Data Storage, ESG, Scott Sinclair, March 2023) Given the growing and persistent thre ..read more

Sponsored Post: Palo Alto Networks. One of the most impactful cybersecurity strategies an organization can employ is the use of tabletop exercises. These simulated ‘what-if’ scenarios are not exclusive to the realm of cybersecurity. For example, coastal cities practice evacuation plans for potential storms, while police forces run drills in preparation for terrorist attacks. In the context of IT and cybersecurity, tabletop exercises offer teams a chance to methodically plan out their response to a hypothetical cybersecurity event. We often discuss preventative measures against ransomware attac ..read more

Sponsored Post: Nasuni. Ransomware attacks are on the rise this year. In the past, one of our customers would suffer an attack every few months. Now two or three customers might be hit in a single weekend. Ransomware attacks have evolved, and the pandemic seems to have emboldened malicious agents looking to take advantage of new WFH environments. My colleague John Bilotti, CIO/CISO at Nasuni, and I recently joined Tom Field of the Information Security Media Group (ISMG) to talk about these issues, and what large enterprises can do to prepare for a ransomware attack. Our conversation is av ..read more

Spend any time studying official cyberattack disclosures and two words that crop up with striking regularity are “sophisticated” and “targeted.” Every attack is said to be sophisticated just as every attack is either targeted or even highly targeted. These terms have been a common element in press releases and regulatory disclosures ever since cyberattack incidents (usually data breaches) started becoming more frequent around 15 years ago. If there was once a time when the distinction between a run-of-the-mill cyberattack and something more developed or clever seemed like a reasonable distinct ..read more

Sponsored Post: Nasuni. File backup is broken and no one is talking about it. The most recent uptick in ransomware attacks has exposed a fallacy that the industry has been supporting and re-enforcing for decades. Large companies running modern backup software and following recommended best practices are being brought down to their knees for weeks by ransomware attacks. How is this happening? All backup technology relies on a simple premise. You make a copy of the data in order to protect it. The restore phase — the reason we rely on backup in the first place — moves that copy back into product ..read more

On Oct. 17, a triumphant message suddenly appeared on the official dark web leak page of the Trigona ransomware group. Later copied to X (formerly Twitter) by a group calling itself the Ukrainian Cyber Alliance, it read as follows: “Trigona is gone! The servers of the Trigona ransomware gang has been exfiltrated and wiped out.” And just to rub in the disruption: “Welcome to the world you created for others.” Hacktivists in Action For the Ukrainian Cyber Alliance—a group that claims to have devoted itself to “disrupting Russian criminal enterprises since 2014”—disrupting the Trigona ransomware ..read more

Readers of this blog won’t be surprised by the idea that there’s a lot of ransomware out and about these days. Exactly how much depends on which source is used as a reference point, but perhaps fretting about numbers and whether they’re increasing is to miss the point. What matters most is how we measure the scale of the human and economic damage being caused. For that, we’re forced to fall back on an ever-expanding body of anecdotal evidence that some quite sizable organizations are suffering at the hands of a phenomenon that shows no sign of subsiding. Recent Ransomware Attacks Take, for exa ..read more