Tag Archive for: Ransomware

Luta Security and Emsisoft discuss how to fight ransomware at Disrupt – TechCrunch


Ransomware is an exponentially growing global threat. Here are just a few examples from 2022: Costa Rica declared a national emergency after a $20 million ransomware attack; ransomware caused one of the biggest U.S. health data breaches; and ransomware topped CSO’s list of nine hot cybersecurity trends.

To hammer the point home, 14 of the 16 critical infrastructure sectors in the U.S. experienced ransomware attacks during 2021, according to a February 2022 report from the Cybersecurity & Infrastructure Security Agency.

The urgent threat ransomware presents is why we’re excited to announce that Katie Moussouris, the founder and CEO at Luta Security, and Brett Callow, a threat analyst at Emsisoft, will join us onstage at TechCrunch Disrupt on October 18–20 in San Francisco.

In a conversation called “Winning the war on ransomware,” Moussouris and Callow will talk about why ransomware is escalating at such an alarming rate, define what “winning the war” looks like, and share what startup founders need to know — and what steps they can take — to protect their customers and their business.

A self-described computer hacker with more than 20 years of professional cybersecurity experience, Moussouris has a distinct perspective on security research, vulnerability disclosure, bug bounties and incident response. She serves in three advisory roles for the U.S. government as a member of the Cyber Safety Review Board, the Information Security and Privacy Advisory Board, and the Information Systems Technical Advisory Committee.

Moussouris worked with the U.S. Department of Defense where she led the launch of Hack the Pentagon, the government’s first bug bounty program. During her tenure with Microsoft, she worked on initiatives such as Microsoft’s bug bounty programs and Microsoft Vulnerability Research.

Moussouris serves as an advisor to the Center for Democracy and Technology, and she is also a cybersecurity fellow at New America and the National Security Institute.

A Vancouver Island–based threat analyst for cybersecurity company Emsisoft, Brett Callow lives life with an ear to the ground, monitoring emerging cyberthreat trends and…

Source…

Ransomware potentially exposed 2,000 Ypsilanti-area utility customers’ bank information


YPSILANTI, MI – A ransomware infection, detected by an employee working the midnight shift in mid-April, may have exposed 2,000 Ypsilanti-area utility customers’ bank payment information to unauthorized individuals.

The Ypsilanti Community Utilities Authority, serving Ypsilanti and surrounding townships, isn’t aware of any reports of identify fraud or improper use of information resulting from the incident, detected on April 16, according to a letter sent this month to affected customers.

“We took a very proactive approach from the very beginning. We’ve brought experts on board, and we followed their guidance,” said YCUA Human Resource Director Debra Kinde.

The person or people behind the network breach potentially obtained files containing customers’ names and bank account and routing numbers used for ACH payments to the water and wastewater service provider, affecting about 8% of the authority’s 25,000 customers, according to Kinde and the letter.

Cybersecurity experts have assured YCUA officials that the information alone should not be sufficient to access the accounts. Kinde said while legal counsel brought on to assess the situation determined the the breach didn’t require notification to customers under the law, YCUA felt it was still important to notify them.

“Better that we take that route than for even one person to be caught unaware,” Kinde said. “We just wanted to be extra-transparent.”

Officials quickly contained the cyberthreat by disabling unauthorized access to their network and started an investigation with the assistance of outside digital forensics professionals, according to Kinde and the notification letter to customers.

The ransomware infected encrypted files stored on the network, and YCUA officials received a demand for payment to access them, saying the information would be released otherwise, Kinde said. Officials were able to restore all encrypted data and did not pay any ransom, she said.

On July 15, the investigation into the incident revealed that data accessible to the unauthorized individual or individuals behind the attack included some customers’ banking information, according to the notice sent to customers.

The letter recommends…

Source…

How to Hunt for Ransomware with Combined PAN XSOAR Integrations


cryptolocker-ransomware-xsoar

Here’s how to automate your file analysis routines and protect your valuable data from ransomware cyber criminals.

Through the years, ReversingLabs security solutions have been integrated with numerous third-party ecosystems and platforms, including IBM SOAR, Anomali ThreatStream, Splunk and Microsoft Azure cloud. Each integration is designed and developed to bring valuable ReversingLabs intelligence and data to users of as many cybersecurity platforms as possible.

The same goes for Palo Alto Networks Cortex XSOAR (XSOAR) — a well known and respected SOAR (Security Orchestration, Automation and Response) platform. There is a bundle of well crafted threat analysis apps developed by ReversingLabs and available on the XSOAR Marketplace. SOAR platforms enable threat analysts to create their own workflows and reactions to various security-related situations and incidents using data enrichment apps, data feeds and action playbooks.

DevOps Connect:DevSecOps @ RSAC 2022

Here’s how each of the mentioned types of tools ReversingLabs offers can be used with XSOAR.

Indicator Feed App: The Source of Ransomware Intelligence

If you want to perform detailed analysis on a large indicator dataset using a SOAR platform, first you need to bring the data to the platform. ReversingLabs’ Ransomware and Related Tools Feed for XSOAR brings in data that is already analyzed, labeled and assigned a certain malware reputation. Each indicator itself in this data feed is related to an instance of ransomware found in the wild, or in any possible way connected to ransomware activity. Each indicator is connected either to an ongoing, or a very recent, ransomware campaign. This is where the value of such a feed lies: The data is derived from numerous sources providing fresh and relevant malware information.

The Ransomware and Related Tools Feed

ReversingLabs Ransomware and Related Tools Feed for XSOAR currently provides four types of indicators:

  • file hashes
  • IPv4 addresses
  • URLs
  • domains

Each of these indicator types carries a lot of common types of metadata with additional information specific to each.

After installing and configuring the feed app, the indicators start flowing into XSOAR’s Threat Intel.

Figure 1: File hash indicator…

Source…

Ransomware Recovery in 2022 — Redmondmag.com


Ransomware Recovery in 2022

Date: Tuesday. September 6th at 11am PT / 2pm ET

We know that having a reliable backup can be the difference between downtime, data loss and paying a costly ransom. Unfortunately, when it comes to ransomware, most organizations data security strategies aren’t evolving to meet the threat.

During this session we will discuss how you can improve your defenses and reduce the risk of data loss through the lens of Veeam®’s 2022 Ransomware Research Report.

Among the topics we will cover are:

  • How you can prepare for a ransomware attack
  • Why immutability and air gapping are key to data security
  • Best practices for rapid reliable recovery
  • And more!

Register now!

About the presenters:

Jason Buffington, Vice President, Market Strategy, Veeam

Jason Buffington (@JBuff) has been in the data protection industry for over 30 years, working on a variety of backup, replication/failover, and BC/DR solutions within data protection vendors and Microsoft. Prior to joining Veeam, Jason was the Principal Analyst at the Enterprise Strategy Group (ESG) covering the myriad data protection vendors and providers in the IT industry. Outside of IT, Jason is an active volunteer leader in Scouting BSA. At Veeam, Jason focuses on accelerating the success of enterprise customers through Veeam’s key alliance partnerships, as well as strategic special projects, evangelizing thought leadership at key industry events, and communicating Veeam’s long-term vision and strategy.

Chris Hoff, Security & Data Protection Marketing Manager, Veeam

Chris’ career has been deeply rooted in cyber security with over 15 years of diverse technical experience. He is currently driving the Security and Data Protection Marketing effort at Veeam. Before joining the team, Chris has held various engineering, sales, and product management roles. During his career, he’s helped numerous organizations manage cyber risks by designing solutions that align with industry frameworks, programs, and compliance mandates.

Date: 09/06/2022

Time: 11:00am PT

Source…