The 2016 U.S. presidential election served as a wake-up call for lawmakers and the public about the threat that cyber attackers can pose to the country's democracy, CISA Director Christopher Krebs told the 2020 RSA Conference. Election security and ransomware remain his agency's two biggest concerns.
ISS World, a global facilities maintenance company based in Denmark, says it's gradually restoring its systems after a malware attack on Monday. The company says it has identified the root cause but has not said if ransomware was involved.
Ekans, a recently discovered ransomware variant that's designed to target industrial control systems, appears to have some of the same characteristics found in Megacortex, malware that struck several high-profile targets in 2019, according to the security firm Dragos.
Australian transportation and logistics firm Toll Group has confirmed that it sustained a ransomware attack earlier this month that has forced the company to shut down several of its systems and led to delays in deliveries.
More bad news for ransomware victims: Anyone hit with crypto-locking DoppelPaymer malware now faces the prospect of having their personal data dumped on a darknet site unless they pay a ransom. The gang's move follows in the footsteps of Maze, Sodinokibi (aka REvil) and Nemty ransomware operators.
The National Institute of Standards and Technology has unveiled a pair of draft practice guidelines that offer updated advice and best practices on how to protect the confidentiality, integrity and availability of data in light of increasing threats from ransomware and other large-scale cyber events.
After a hiatus, TA505 - a sophisticated APT group that has targeted financial companies and retailers in several countries, including the U.S. - has returned with a campaign that uses HTML redirectors to deliver malicious Excel documents, according to Microsoft and other security researchers.
A federal judge has ruled that an insurer providing a "business owner's insurance policy" to a company that sustained a ransomware attack and was forced to replace most of its IT infrastructure must pay for the damages the security incident caused.
Bad news on the ransomware front: Victims that choose to pay attackers' ransom demands - in return for the promise of a decryption tool - last quarter paid an average of $84,116, according to Coveware. But gangs wielding Ryuk and Sodinokibi - aka REvil - often demanded much more.
FTCODE, a ransomware strain that has been active since at least 2013, has recently been revamped to include new features, including the ability to steal credentials and passwords from web browsers and email clients, according to two research reports released this week.
As if ransomware wasn't already bad enough, more gangs are now exfiltrating data from victims before leaving systems crypto-locked. Seeking greater leverage against non-paying victims, Maze and Sodinokibi attackers are not just threatening to leak stolen data; they're also following through.
A ransomware attack has held London-based foreign currency exchange firm Travelex hostage since New Year's Day, the company confirmed Tuesday. It appears that the Sodinokibi group is behind the attack and is asking for millions from the company.
Attackers are hitting unpatched Pulse Secure VPN servers with Sodinokibi - aka REvil - ransomware, British security researcher Kevin Beaumont warns. Pulse Secure says that although many organizations have installed the critical April 2019 patch, holdouts persist.
The Maze gang crypto-locked Georgia cable and wire manufacturer Southwire's systems and publicly dumped stolen data to try to force it to pay a ransom. In response, Southwire has sued its attackers and obtained a court order in Ireland that knocks the gang's "name and shame" site offline.