Tag: Ransomware | Page 235

Singapore Releases Blueprint to Combat Ransomware Attacks – Regulation Asia

December 17, 2022/in Internet Security

Singapore Releases Blueprint to Combat Ransomware Attacks Regulation Asia

Pulitzer Prize winner Daniel Golden talks global challenges of ransomware

December 16, 2022/in Internet Security

This month, the Mid-Coast Forum on Foreign Relations hosted journalist and author Daniel Golden to discuss the global challenge of ransomware.

Daniel Golden

The Mid-Coast Forum on Foreign Relations seeks to promote study and discussion of the development, formulation, and implementation of United States foreign policies by means of a program of speakers, the organization of discussion and study groups, and the production and distribution of relevant materials.

Golden, currently a senior editor and reporter at ProPublica, has been part of three Pulitzer Prize teams at the Wall Street Journal, ProPublica and Bloomberg.

He has notably reported on the topics of college admissions, recruitment by universities, asylum-seekers, corporate tax evasion, the U.S. intelligence agencies, and ransomware.

Listen to the talk at: Midcoast Forum, Daniel Golden, December 2022.

Those interested in learning more about the Forum or seeing future speaker events can visit midcoastforum.org. The Maine Monitor will periodically share recordings of the Forum’s talks.

Source…

UK unis implement new IP traffic policies to combat ransomware

December 16, 2022/in Computer Security

Jisc, the non-profit that supports the UK higher education and research community with shared digital infrastructure and services such as the Janet network, has announced that it will start blocking traffic originating from outside the UK from accessing the Remote Desktop Protocol (RDP) remote-access feature from 28 March 2023, to better protect its users from ransomware attacks.

The move follows a 2021 consultation with its users, and reflects the fact that 50% of major ransomware incidents experienced by UK higher education institutions in the past two years began when attackers exploited the RDP feature.

Going forward, said Jisc, inbound traffic to port 3389 – the default port used for RDP – that originates from outside the UK will be blocked, and only inbound traffic from UK IP addresses will be allowed to proceed. Currently, this blocking is possible via Jisc as an opt-in measure, but it will now be by default.

“The use of ransomware against our sector, and globally, has ramped up over the past couple of years, and some attacks against colleges and universities have been devastating,” said John Chapman, director of information security policy and governance at Jisc.

“Organisations can still opt out of restrictions to specific IP addresses if they wish to, but they must accept the greater risk of a serious cyber security incident. Controlling access to a known attack vector will help protect the sector as a whole against this type of attack.”

Originally developed by Microsoft, RDP is a supposedly-secure network communications protocol that is intended to help IT admins diagnose problems remotely, and let users access their physical work desktops from other devices.

This is done by deploying RDP client software to connect to the system or server running RDP server software, and open a socket on the desired system to accept authenticated inbound traffic through port 3389. The user can then access all their applications and files just as if they were physically present in the workplace.

Legitimate use of RDP soared in 2020 during the Covid-19 pandemic, as millions of people were forced to work from home by lockdown restrictions, a policy that for many…

Source…

GRIT Ransomware Report: November 2022

December 15, 2022/in Internet Security

December 15, 2022

Report written by Drew Schmitt and Nic Finn

In November, GRIT observed 22 active groups accounting for 166 victims. Continuing their trend from previous months, Lockbit’s claimed victims fell by a massive margin, dropping 41% from their October haul. November represents Lockbit’s slowest month this year, falling even lower than they did during their June to July lull when switching from Lockbit2 to Lockbit3. Lockbit wasn’t alone in their slowdown, as eight other groups also saw at least a 40% decrease in reported victims.

GRIT began tracking four additional groups this month, including Royal and MedusaLocker, who immediately jumped into the top five groups based on total reported victims. These four groups accounted for 43 reported victims in November. An additional six groups with no activity in October showed a minor resurgence, accounting for 26 victims in November.

In addition to having less reported victims, November also saw less countries and industries targeted. Specifically, 33 industries were impacted this month compared to 36 in October. Similarly, 38 countries were impacted in November compared to 40 countries in October. These slight decreases suggest that there were no significant changes to targeting this month. While there were some shifts in the order of the most targeted industries, the most noteworthy changes included the Legal industry shifting into the top 10, knocking Government organizations off the list, and the Construction industry dropping from third place to tenth. In terms of countries targeted, GRIT noted that India and UAE were among the top ten victimized nations, pushing Spain and Australia out of the top ten.

GRIT’s data in this report includes updated insights into threat actor activity from October obtained from recently published leak sites that included historically compromised victims. The addition of this dataset had slight impacts to victim trends and statistics from previous months; however, it did not have significant impacts on trends or findings from previous reports.

Ransomware Trends

Based on sources monitored by GRIT, there was a 12.6% decrease in the total number of victims from October to November….

Source…

Tag Archive for: Ransomware

Ransomware Trends