Ransomware’s evolution away from encryption continues, according to this article from The Register. To be clear, ransoms are still being demanded and paid. But instead of being forced to pay to recover access to encrypted files, victims are shelling out to keep stolen, sensitive data from being publicly leaked. Ransomware gangs like Karakurt put pressure […]
The U.S. has a way to cut off funding to some ransomware gangs, and it works—but it’s seldom used. If the U.S. has economic sanctions against a nation (Iran, Russia, and North Korea, for example) then it can be illegal for American companies to deal with organizations from that nation. This can include paying ransom […]
Earlier this year, Russian law enforcement arrested 14 members of the notorious REvil ransomware gang and dismantled their networks. It seemed like a successful takedown. But now REvil–or someone claiming to be REvil–is back. (Something about which absolutely nobody in the information security field is surprised.) Early activity of this REvil resurgence was limited to […]
Despite the headline-grabbing multi-million dollar (or even larger) ransom demands, ransomware may not be the costliest cybercrime. Business e-mail compromise (BEC) is a less-publicized but potentially more lucrative way for criminals to digitally steal money. First, a warning that statistics on criminal endeavors—whether ransomware (or related extortion), or BEC and related frauds—are very difficult. With […]
