An odd characteristic of cybercrime is that it’s almost always disembodied. Crimes are perpetrated by someone out there but precisely who is only rarely made clear. This mystery can confuse victims. The history of crime is a long one but until recently it was a much more human-to-human affair, conducted in person. This didn’t make […]
Many organizations pay ransomware criminals, while anecdotal evidence suggests an increasing number don’t. But until recently, the consensus was that the decision to pay or not pay should be left to the victim. Now it looks as if this choice might soon be taken away with the news that the Biden administration is considering banning […]
What’s the worst thing a ransomware attack can do to an organization? For a long time, the answer to that question was to encrypt large numbers of files so that the victim would have to choose between spending weeks reinstating data or paying the ransom as a shortcut. Around four years ago, attackers turned to […]
Among software vulnerabilities, none is more feared than so-called “zero days,” which are known only to the attackers (that is, defenders have “zero days” to patch). These have traditionally been used sparingly in targeted attacks carried out by nation-states. Recently, however, this has started to change, and zero day exploits have started turning up more […]
Should organizations extorted by ransomware gangs pay their attackers? It’s a question that cuts to the heart of ransomware response. Some take what might be viewed as a pragmatic stance and say there is no right or wrong answer, and organizations should be free to make their own decision. On the other side is […]
There aren’t many certainties in cybercrime, but one that is often repeated is that malware is overwhelmingly a problem affecting computers running Microsoft Windows. This can sound like a statement of the obvious, but malware targets Windows because there are a lot more Windows computers to target—up to 80% of all desktops and laptops globally, […]
