Ransomware

Your cyber insurance policy may not always have your back in a ransomware attack, but we can. Get access to practical steps and actionable advice from our security experts to automate prevention and rapid containment in the event of a breach. Introduction It’s in the name: malware is malicious software which, if able to run …

The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint security alert providing guidance on ESXiArgs ransomware virtual machine recovery. CISA has released a recovery script; the security alert offers guidance on using that script. Note Great move by CISA to provide the recovery script. The …

Both France’s and Italy’s Computer Emergency Response Teams (CERTs) have issued alerts warning “of attack campaigns targeting VMware ESXi hypervisors with the aim of deploying ransomware on them.” The vulnerability (CVE-2021-21974) affects ESXi 7.0, 6.7 and 6.5. Support for ESXi 6.7 and 6.5 ended in October 2022. The flaw was disclosed, and a fix was …

Maryland’s Atlantic General Hospital is experiencing disruptions to some services following a ransomware attack. Healthcare professionals are operating on EHR downtime procedures. Most patients can still be seen; the attack has caused outages affecting the hospital’s pharmacy, outpatient imaging, outpatient walk-in lab, and pulmonary function testing Note The Healthcare Sector was frequently targeted for ransomware …

As the digital age continues to progresses, it is increasingly important that we understand how to stay secure and protected when browsing online. It is becoming more and more likely that we will come across malicious sites and vulnerable networks, so it is essential that we take the necessary precautions to protect ourselves when browsing …

An international law enforcement effort has disrupted the infrastructure of the Hive ransomware group. Authorities have seized US-based servers and have shut down two of the group’s data leak sites. The takedown effort was aided by FBI agents who infiltrated the Hive network and maintained a presence on their servers for seven months. Note The …

This article could start by reviewing the college that closed permanently after a ransomware attack or the large school district that suffered an incident during a recent holiday weekend. Or it could focus on how critical infrastructure—such as water treatment plants, pipelines, and meat processing plants—are increasingly under attack. We could even comment on the …

Royal Mail, which suffered a ransomware attack earlier this month, is slowly recovering from the incident. Initially, the attack disrupted the UK postal service company’s operations, rendering it unable to ship overseas. Earlier this week, Royal Mail said that it has “resumed the export of letters which do not require a customs declaration to all …

The US Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has released a brief detailing the tactics and techniques used by the Royal and Black Cat ransomware. HC3 says that both strains of ransomware have been used to “aggressively target” the US health sector. Note Read the analysis even if …

Updated on 2023-01-08: MegaCortex decrypter Romanian antivirus maker Bitdefender has published a decrypter for the MegaCortex ransomware that will allow past victims to recover their encrypted files without paying the ransom. Updated on 2023-01-06:: MegaCortex Ransomware Decryptor A decryptor for the MegaCortex ransomware is now available. The tool was developed as a joint effort by …

CentraState Medical Center in New Jersey is operating under electronic health record (EHR) downtime following a cybersecurity incident that began last month. The medical center is also sending patients to other hospitals in the area due to the IT disruptions. Note Despite LockBit’s actions, hospitals and medical remain top targets for attackers. Even so, don’t …

Updated on 2023-01-03: Rail Technology Company Wabtec Suffers Apparent Ransomware Attack In June 2022, rail technology company Wabtec learned of suspicious activity on its network and following an investigation, learned that intruders had managed to install malware on the company’s systems in mid-March 2022. Wabtec determined that sensitive data, including non-US national ID numbers, non-US …

Updated on 2023-01-05: Port of Lisbon ransomware attack The administration of the port of Lisbon (Portugal) suffered a ransomware attack over Christmas. The port’s activity wasn’t disrupted. However, the subsequent disruptions were caused by a planned workers’ strike. Updated on 2022-12-29: Port of Lisbon Hit with Cyberattack The Port of Lisbon (Portugal) has confirmed that …

Updated on 2023-01-11 SF BART ransomware The San Francisco Bay Area Rapid Transit (BART) is investigating an intrusion of its IT network after the Vice Society ransomware gang claimed to have compromised the agency via a blog post on their dark web leak site. The agency’s spokesperson told The Record that “no BART services or …

Ohio’s state Supreme Court has ruled that ransomware is not physical damage and is therefore not covered under a property insurance policy held by EMOI, an Ohio medical billing company. The court overturned a lower court ruling, finding in favor of Owners Insurance Company. Note Fully understand your cyber insurance limitations, including scheduling regular reviews …