It’s nearly 20 years since I first encountered ransomware as the security editor of an online computer magazine, although at the time I had no idea what it was and the term had not yet been coined to describe it. A reader emailed me to describe how the main computer he used as part of […]
His name is Guan Tianfeng and in December 2024 the US State Department’s Rewards for Justice campaign placed a reward of up to $10 million for anyone offering information on his whereabouts. Guan Tianfeng, it is alleged, masterminded an April 2020 attack on Sophos XG firewalls using an exploit for a zero-day vulnerability later hastily […]
When ransomware strikes, the first question every security team asks themselves is how the attackers got inside what was supposed to be a well-defended network. These days, the question is asked within minutes of the attack being discovered, and for good reason. Without understanding the weakness that led to an attack, resolving it is a […]
Ransomware’s history is littered with threat actors that rise and fall but every now and then a new name appears that grabs people’s attention for the wrong reasons. RansomHub, a ransomware-as-a-service (RaaS) platform which seems to have successfully recruited affiliates from the downed BlackCat and Lockbit groups during 2024, is the latest example of this […]
When ransomware visits your network, resolve to build it back better. And if you’re tempted to pay the ransom, don’t. That money is better spent on new defenses to prevent a repeat incident. These are some of the takeaways from a remarkable British Library report, Learning Lessons From The Cyberattack, that analyzes the paralyzing ransomware […]
Imagine an everyday ransomware attack on a U.S. city that results in sensitive data being leaked weeks later when the large ransom demanded is not paid. Now imagine that the mayor of that city denies that the leaked data was as bad as it appeared, asserting in a press conference that the stolen data was […]
