So, what has ransomware done this week?

There are always ransomware stories in the technical press – and even one of two that get into the mainstream press, but of course for all of these headliners, smaller companies and micro-businesses get hit by ransomware but do not make the news. That could be you!

BlackCat ransomware claims attack on Italian energy agency (bleepingcomputer.com)

Damart clothing store hit by Hive ransomware, $2 million demanded (bleepingcomputer.com)

Second largest U.S. school district LAUSD hit by ransomware (bleepingcomputer.com)

These education attacks appear to be coming from a highly organised group:

Vice Society ramping up ransomware in US education sector • The Register

It appears that someone is fighting back, by using their own distributed denial of service attack against the hacker’s servers. No one is taking credit for this yet:

Ransomware gang’s Cobalt Strike servers DDoSed with anti-Russia messages (bleepingcomputer.com)

One of the ways ransomware can get into your systems, is via attacks aimed at unpatched vulnerabilities in both software and hardware firmware. Which is why keeping an eye on the news here, on Smart Thinking, and having a comprehensive monitored list for your hardware and software and promptly patching when needed, is an essential step in defending yourself.

QNAP patches zero-day used in new Deadbolt ransomware attacks (bleepingcomputer.com)

This weekend, if you are interested, I have a couple of longer “Weekend Read” articles examining the activity and hacking operations of some of the largest gangs out there carrying out these types of attacks. Knowing how these things work, can give you some insight as to where to spend your money when it comes to cyber security.

Clive Catton MSc (Cyber Security) – by-line and other articles

My advice: Either you or your IT support need to check whether these issues impact your systems. You need to have a master document that details your systems, hardware, software, online, networks, back-ups, suppliers etc – so when cyber security (or operational) issues arise you and your support teams can quickly check if you are affected. From there you can take fast, effective action.

ransomware 200