Ransomware is big business, and it’s getting even bigger. Some successful ransomware groups now operate as efficient organizations, reinvesting the proceeds from ransom payments to grow the business and refine attack methods. Instead of relaunching the same tried-and-true attacks that have generated their handsome profits, ransomware groups are using the money to invest in R&D, an approach resembling series A financing rounds. As reported by SC Magazine, larger ransomware groups are becoming more professionalized, even holding conferences, hiring web design teams and placing want ads to build their businesses. “Ransomware, like any business, is a complex economy,” SC Magazine reported. “The well-organized designers let stables of contractors use their ransomware on commission, those contractors purchase pre-hacked access to systems from

A recent survey conducted by CNBC and Momentive found that 56% of small business owners are not concerned about being the victim of a cyberattack in the next year and that only 28% of them have a response plan in place in case of a cyberattack. This does not bode well for their longevity, as other industry data shows that 60% of small businesses that suffer a data breach will be out of business within six months. The high cost of remediation and the potential for reputational damage can be more than most small businesses can withstand. Many times, the issue is sheer size and staffing. Small businesses rarely have the capacity to hire a full-time cybersecurity professional, and the

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) announced this week that they have observed an “increase in highly impactful ransomware attacks occurring on holidays and weekends.” The REvil ransomware gang knocked JBS Foods’ operations offline over the U.S. Memorial Day weekend. REvil struck again over the U.S. Fourth of July holiday weekend, launching a ransomware attack targeting Kaseya, which had a cascading effect on Kaseya’s managed service provider customers and their clients. It’s not coincidental that these attacks transpired over holiday weekends. Attackers know that it’s difficult for security teams to quickly respond to an incident when away from work, giving them more time to move laterally and lock up or steal data.

As the U.S. healthcare system struggles to cope with the COVID-19 pandemic, it has been fighting another major battle – ransomware. Nearly half (48%) of hospitals, according to a new study, have had to disconnect their networks in the past six months because of ransomware. Midsize hospitals are especially at risk, according to the study, Perspectives in Healthcare Security, conducted by Ipsos for CyberMDX and Philips. It found that while large hospitals reported an average shutdown of 6.2 hours at a cost of $21,500 per hour, midsize hospitals averaged nearly 10 hours at a cost of $45,700 per hour. The study, which polled 130 IT and cybersecurity hospital executives, found that despite being in the crosshairs of ransomware attackers, hospitals

Nearly three weeks after (ISC)² made its highly popular Professional Development Institute (PDI) course titled “Ransomware: Identify, Protect, Detect, Recover,” free to the public through July 31, 2021, more than 4,500 professionals have enrolled in the course. The ransomware crisis has reached an all-time high, with numerous headline-grabbing attacks coming to light. Some attacks, such as the ones against Kaseya and SolarWinds, are having far-reaching effects that, by design, extend well beyond the original target. The current ransomware epidemic is leaving victim organizations struggling to remediate and others wondering if they’ll be next. However, with protection strategies and remediation plans in place prior to an attack, organizations are better prepared to recover quickly or negate an attack altogether. The two-hour nontechnical (ISC)² course covers