An in-depth look at the escalating threat of ransomware, its transformative trends, and the forecasted landscape as uncovered by Kaspersky., Technology & Science News, Times Now
But as CISOs look for hope on Anti-Ransomware Day, they can consider the advice of one infosec pro: If you’re well-prepared for any cyberattack you’re prepared for ransomware.
”Ransomware is a disaster recovery event,” says Robert Capps, vice-president of innovation at the NuData Security division of Mastercard. “And for a lot of organizations, it’s a fairly mild one. For others, it can be business-impacting.
“When you talk to CISOs about any sort of disaster situation it comes down to resiliency and recoverability. Ransomware is just a fancy disruption attack. There can also be disruption through power outages or provider outages … You’ve got to be able to recover quickly, and those organizations that are ready don’t really sweat ransomware as much as recoverability of systems.”
Department for Education says: We believe this is not widespread
Gareth Corfield Thu 21 Jan 2021 // 17:32 UTC Share
Copy
Updated A shipment of laptops supplied to British schools by the Department for Education to help kids learn under lockdown came preloaded with malware,
The Register can reveal.
The affected laptops, distributed to schools under the UK government s Get Help With Technology (GHWT) scheme, which started last year, came bundled with Gamarue – an old remote-access worm from the 2010s. This software nasty doesn t just spread from computer to computer, it also tries to connect to outside servers for instructions to carry out.
The Register understands that a batch of 23,000 computers, the GeoBook 1E running Windows 10, made by Shenzhen-headquartered Tactus Group, contained the units that were loaded with malware. A spokesperson for the manufacturer was not available for comment.
$500 a pop, $25k earned and not much of a trace left, says Guardicore
Gareth Corfield Thu 10 Dec 2020 // 20:17 UTC Share
Copy
A “malwareless” ransomware campaign delivered from UK IP addresses targeting weak security controls around internet-facing SQL servers successfully pwned 83,000 victims, according to Israeli infosec biz Guardicore.
“The attack chain is extremely simple and exploits weak credentials on internet-facing MySQL servers” said Guardicore’s Ophir Harpaz in a technical advisory today, estimating that there around five million MySQL servers accessible from the public internet.
Once the database servers are compromised, the miscreants operating the campaign begin a so-called “double extortion” attack, threatening to publish data exfiltrated from the SQL silos unless victims pay a ransom, which also apparently will lead to the restoration of that data.