Contrary to the popular notion that ransomware hackers are sophisticated launderers of their stolen money, research shows they use straightforward mechanisms to transfer their bitcoin - allowing researchers to follow their money trail. Only a sliver transacted with a crypto mixer.
This week: Johnson Controls suffers a ransomware attack, the Philippine state health insurance program struggles to recover from a ransomware and Air Canada reports a cyberattack. Also: an APT group uses the American Red Cross as bait and new malware targets would-be users of Bitwarden.
Welcome to "Cyber Fail" - ISMG's roundup of all that's broken in the world of cybersecurity, where our panel of experts uncovers the fails so we can strengthen our defenses. In this episode, ISMG host Anna Delaney takes on bumbling cybercrooks, avoidable breaches and the ethics of paying a ransom.
A medical center president and school district IT leader talked to lawmakers Wednesday about lessons learned from their experiences responding to harrowing ransomware attacks. 'The cyberattack was much harder than the pandemic by far,' said Vermont Medical Center President Stephen Leffler.
An apparently new hacking group has connections to a number of name-brand ransomware-as-a-service groups including Conti spinoffs and possibly Clop, making it a notably versatile addition to the criminal underground. Group-IB researchers dubbed the group ShadowSyndicate.
Information Security Media Group recently concluded its Cybersecurity Summit: London, which brought together industry leaders for a day of informative sessions covering a diverse range of critical cybersecurity topics, including CISOs' vulnerability to liability, ransomware threats and burnout.
Chicago-based CommonSpirit is still waiting to hear back on its insurance claim for an October 2022 ransomware attack, but the hospital chain said disruption of some facilities and "significantly" hampered billing and collection activities contributed to a $1.4 billion operating loss for the year.
MGM Resorts International says its hotels and casinos are now operating "normally" after the company was hit by ransomware-wielding attackers. Even so, numerous systems remain offline - including digital room key cards - as the company seeks to rebuild its IT infrastructure.
The Snatch ransomware group is targeting a wide range of critical infrastructure sectors, including the defense industrial base, food and agriculture, and information technology sectors, according to a new alert issued by U.S. authorities. The group operates on a ransomware-as-a-service model.
An Ohio community college is notifying 290,000 people of a data theft breach this spring that may have compromised their personal and health information. Security researchers say small schools such as this are now favored targets. Some 80% of schools have reported hacking incidents in the past year.
This week, Colombia grappled with the aftermath of a ransomware attack against IFX Networks, Clorox suffered product shortages, a glitch allowed T-Mobile users to access other users' data, California passed restrictions for data brokers and Finland seized a dark web marketplace.
Federal authorities are warning of "significant risk" for potential attacks on healthcare and public health sector entities by the North Korean state-sponsored Lazarus Group involving exploitation of a critical vulnerability in 24 Zoho ManageEngine products.
This week, ISMG editors covered the hot topics at ISMG's London Cybersecurity Summit 2023, including the technical landscape of AI, executive liability, incident response strategies in the face of a global ransomware attack and how to build personal resilience to avoid burnout.
An April ransomware attack against one of Australia's largest law firms swept up the data of 65 Australian government agencies, the country's national cybersecurity coordinator said Monday. The Russian-speaking Alphv hacking group claimed responsibility earlier this year for hacking HWL Ebsworth.
Authorities are warning of threats posed by Akira, a ransomware group that surfaced in March and has been linked to dozens of attacks on small and midsized entities. The group is targeting many industries, including healthcare, and seems to favor entities that lack MFA on VPNs.