A cybersecurity bulletin was released by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) on October 28, 2020. The three agencies have issued a high-level warning about an increased, imminent threat of ransomware attacks in the healthcare sector. The cybercriminal group behind the TrickBot, Ryuk, and BazarLoader malware is now targeting U.S. hospitals and healthcare providers.

Cybersecurity Infrastructure Security Agency (CISA) released Alert (AA20-302A) on October 28th called “Ransomware Activity Targeting the Healthcare and Public Health Sector.” This alert details TTPs associated with ongoing and possible imminent attacks against the Healthcare sector, and is a joint advisory in coordination with other U.S. Government agencies.

Several weeks ago, my good friend Katie Nickels (Director of Intelligence at Red Canary extraordinaire) and I were chatting about Ransomware. She was super interested and passionate about some new uses of a ransomware variant named “Ryuk” (first detected in 2018 and named after a manga/anime character) [1]. I was, to be honest, much less interested. It turns out, as usual, Katie was right; this was a big deal (although as you will see, I’m right too… still dull stuff!).

As companies responded to the COVID-19 pandemic with remote work, cybercriminals increased their social engineering and ransomware attack methodologies. Ransomware, malicious code that automatically downloads to a user’s device and locks it from further use, has been rampant since the beginning of March 2020. According to a 2020 report by Bitdefender, ransomware attacks increased by seven times when compared year-over-year to 2019.

Spyware is a type of malware that hides deep inside your computer. Unlike more visible types of malware, spyware lets you go about your tasks while secretly recording information—especially passwords and other sensitive credentials. Since spyware is difficult to notice, both home users and system administrators need to prioritize its prevention and detection. Thankfully, even if you have spyware, it’s easy to get rid of with the right tools.

The frequency and volume of ransomware attacks have increased dramatically in the past few years. Few people in the tech industry will forget the 2017 WannaCry attack, which infected over 200,000 computers in 150 countries worldwide and brought down part of the U.K.’s National Health Service, or the 2019 RobbinHood attack, which brought the Baltimore government to a standstill for nearly two weeks.

Ransomware is a malicious type of software that’s used to extort money from victims. It almost always promises to restore the data it encrypts or the operating system it locks, in exchange for a large sum of money. Networks seem to face threats from all directions, but there are ways to prevent malware attacks. Specialized software can protect your assets. In addition, there are other steps you can take to strengthen your ransomware prevention best practices.

Pitney Bowes, a global package delivery giant, has been hit by a second ransomware attack in less than seven months, according to ZDNet. Those responsible for the attack have released screenshots portraying directory listings from inside the company’s network. What is Maze ransomware and what makes it so special?

The ability of an actor to remain undiscovered or obfuscating its doings when driving a malicious campaign usually affects the gains of such campaigns. These gains can be measured in different items such as time to allow completion of operations (exfiltration, movement of compromised data), ability to remain operative before take down notices are issued, or ability to obtain gains based on for-profit driven crimeware (DDoS for hire, Crypto mining).