One of the biggest internal debates facing ransomware recovery planners is whether to pay an extortion demand or fall back on a process of internal data recovery. Increasingly, however, victims who decide to pay face a second and potentially complex question: is it worth trying to retrieve a ransom after it has been paid? For […]

A critical and often underestimated resource in the fight against malware is the industry’s history of finding and reporting software flaws in everything from big-brand programs to websites and software APIs. Many software companies and a few larger enterprises run dedicated programs that offer massive rewards for researchers opting for this type of work, sometimes […]

For most of us, the chance of being caught up in a data breach is just another hazard of online life. Personally identifiable information (PII) is stolen from a company we have an association with, and nobody is the wiser unless the company contacts us with the bad news. Except not every company wants to […]

If you had to name a piece of software cybercriminals look to target, Microsoft’s Exchange Server would surely be near the top of the list. To its huge user base, it’s the perfect DIY in-house email system that has dovetailed with Microsoft’s ecosystem since the 1990s. To criminals, including ransomware criminals, it’s become tempting prey […]

How realistic would it be for ransomware to successfully exploit weaknesses in the obscure firmware systems running inside PCs? There’s certainly a lot of things to aim at, ranging from the UEFI BIOS that boots PCs to the many other barely-documented firmware running on chips most owners pay absolutely no attention to. An unfortunate characteristic […]