Tag Archive for: Ransomware

Keeping the lights on after a ransomware attack • Graham Cluley

/in


Smashing Security podcast #369: Keeping the lights on after a ransomware attack

Leicester City Council suffers a crippling ransomware attack, and a massive data breach, but is it out of the dark yet? And as election fever hits India we take a close eye at deepfakery.

All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.

Warning: This podcast may contain nuts, adult themes, and rude language.

Hosts:

Graham Cluley – @gcluley
Carole Theriault – @caroletheriault

Episode links:

Sponsored by:

  • Sonrai’s Cloud Permissions Firewall – A one-click solution to least privilege without disrupting DevOps. Start a 14 day free trial now!
  • Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 20% off!
  • Kolide – Kolide ensures that if your device isn’t secure it can’t access your cloud apps. It’s Device Trust for Okta. Watch the demo today!

Support the show:

You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on Apple Podcasts or Podchaser.

Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!

Follow us:

Follow the show on Twitter at @SmashinSecurity, or on Mastodon, on the Smashing Security subreddit, or visit our website for more episodes.

Thanks:

Theme tune: “Vinyl Memories” by Mikael Manvelyan.
Assorted sound effects: AudioBlocks.

Source…

Ransomware Simulation & Incident Response in the Healthcare Industry

/in



April 23, 2024


Discover how ransomware simulations and developing an incident response plan can help mitigate the disruption of a ransomware attack.

Source…

Ransomware victims increasingly refuse to pay

/in


Victims of ransomware attacks are less likely to pay cybercriminals to release the encrypted or stolen data. This is according to Coveware research in a quarterly report.

The researchers state that in the first quarter of 2024, 28 percent of companies affected by ransomware paid the requested ransom, compared to 29 percent in the last quarter of 2023.

Companies are paying less because they protect themselves more against these attacks. They are also increasingly able to perform recovery operations themselves and, consequently, are less dependent on a decryption key.

In addition, companies are increasingly being legally forced not to give in to ransomware criminals. For example, the state of Florida in the U.S. prohibits responding to ransomware attacks, as does Australia.

Furthermore, companies often do not pay because cybercriminals don’t keep their end of the agreement anyway. For example, they publish or otherwise trade the stolen data after payment despite promising not to do so.

Lijngrafiek met driemaandelijkse losgeldbetalingen met twee trends: gemiddelde betaling en mediaan losgeld, gemarkeerd door verschillende lijnen, met een dramatische piek in het laatste weergegeven kwartaal.

The average amount of demanded ransom drops

The average ransom price in the past first quarter was $382,000 (358,000 euros), down 32 percent from the previous quarter. However, the median was 25 percent higher at $250,000.

Grafiek die de daling in het aantal oplossingen voor ransomware-betalingen tussen 2019 en 2023 laat zien, met percentages per jaar.

According to the Coveware research, part of the reason the average ransomware ransom price is falling is because criminals recognise they no longer can charge astronomical sums that companies cannot cough up anyway. As a result, criminals are now switching more frequently to asking for more reasonable ransom amounts.

The study states that the drop in ransom prices could be due to fewer ‘high-value’ targets willing to be extorted and, therefore, pay ransoms.

The researchers state that ransomware is still a significant threat and that more than $1.1 billion in ransoms was still paid last year.

Read more: Ransomware payments reach record high: more than 1 billion euros

Ransomware groups and attack vectors

Coveware also examined the most popular perpetrators of ransomware attacks in the first quarter of this year. The Akira group was the top perpetrator, followed by Black Basta and LockBit 3.0 in joint second place. LockBit 3.0 took a…

Source…

Cheap, independently produced ‘Junk Gun’ ransomware infiltrates dark web: Sophos

/in


Sophos, a global leader of innovative security solutions that defeat cyberattacks, recently released a new report titled, “‘Junk Gun’ Ransomware: Peashooters Can Still Pack a Punch,” which offers new insights into an emergent threat in the ransomware landscape.

Since June 2023, Sophos X-Ops has discovered 19 ‘junk gun’ ransomware variants—cheap, independently produced and crudely constructed ransomware variants—on the dark web, reads a press release.

The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS) model that has dominated the ransomware racket for nearly a decade.


The Business Standard Google News
Keep updated, follow The Business Standard’s Google news channel

Instead of selling or buying ransomware to or as an affiliate, attackers are creating and selling unsophisticated ransomware variants for a one-time cost—which other attackers sometimes see as an opportunity to target small and medium-sized businesses (SMBs), and even individuals.

As noted in the Sophos report, the median price for these junk-gun ransomware variants on the dark web was $375, significantly cheaper than some kits for RaaS affiliates, which can cost more than $1,000. The report indicates that cyber attackers have deployed four of these variants in attacks. While the capabilities of junk-gun ransomware vary widely, their biggest selling points are that the ransomware requires little or no supporting infrastructure to operate, and the users aren’t obligated to share their profits with the creators.

Junk gun ransomware discussions are taking place primarily on English-speaking dark web forums aimed at lower-tier criminals, rather than well-established Russian-speaking forums frequented by prominent attacker groups. These new variants offer an attractive way for newer cybercriminals to get started in the ransomware world, and, alongside the advertisements for these cheap ransomware variants, are numerous posts requesting advice and tutorials on how to get started.

To learn more about junk gun ransomware and the latest change in the ransomware ecosystem, read “Junk Gun Ransomware: Peashooters Can Still Pack a Punch” on Sophos.com.

Source…