FBI Director Christopher Wray, appearing before a Senate committee last month, confirmed that the bureau and law enforcement partners had obtained a universal decryption key for REvil.

REvil Revelations: Law Enforcement Behind Disruptions

Mathew J. Schwartz • October 22, 2021

The outages of the notorious REvil - aka Sodinokibi - ransomware operation have been due to a coordinated law enforcement effort involving the U.S. and foreign partners, aimed at disrupting the group's attack capabilities, Reuters reports.

Critical Infrastructure Security

BlackByte: Free Decryptor Released for Ransomware Strain

Latest

Artificial Intelligence & Machine Learning

New Bill Would Secure Government Contractors' Use of AI

Dan Gunderman • October 22, 2021

Two Senate leaders on Thursday introduced legislation that would form a working group charged with monitoring the security of AI data obtained by federal contractors. This body would also ensure that the data adequately protects national security and recognizes privacy rights, the lawmakers say.

Endpoint Detection & Response (EDR)

Forrester Report: Key Questions to Ask XDR Vendors

Anna Delaney • October 22, 2021

The current state of the XDR market is a "chaotic jumble of different features," according to Forrester analyst Allie Mellon, who has authored a new study to identify the top XDR providers in the industry: The Forrester New Wave: Extended Detection And Response (XDR) Providers, Q4 2021.

Blockchain & Cryptocurrency

ISMG Editors’ Panel: Regulators Get Tough on Crypto Firms?

Anna Delaney • October 22, 2021

In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.

3rd Party Risk Management

Ransomware Warning: Are Businesses Stepping Up?

Anna Delaney • October 22, 2021

The latest edition of the ISMG Security Report features an analysis of whether businesses are stepping up their ransomware defenses in response to several warnings released by the U.S. and U.K. governments highlighting the threat posed to infrastructure. Also featured are the Thingiverse data breach and airline fraud...

3rd Party Risk Management

House Passes Bills on Both Supply Chain, Telecom Security

Dan Gunderman • October 21, 2021

In a busy congressional day for cybersecurity legislation, the U.S. House of Representatives passed several bills on Wednesday, targeting both software supply chain and telecommunication system security. One observer describes them as "a win-win for the government and U.S. citizens."

3rd Party Risk Management

Ransomware: Average Ransom Payment Stays Steady at $140,000

Mathew J. Schwartz • October 21, 2021

When a business, government agency or other organization hit by ransomware opted to pay a ransom to its attacker in Q3, the average payment was $140,000, reports ransomware incident response firm Coveware. It says the attack landscape has seen some notable shifts since the Colonial Pipeline attack.

3rd Party Risk Management

CISA Leader Backs 24-Hour Timeline for Incident Reporting

Dan Gunderman • October 20, 2021

A top leader of the U.S. Cybersecurity and Infrastructure Security Agency has voiced support for a 24-hour timeline for cyber incident reporting involving critical infrastructure, signaling a push by the Biden administration to implement a rapid mechanism for federal response.

Endpoint Security

Why Reporting Security Bugs Can Be Fraught With Tension

Jeremy Kirk • October 20, 2021

Reporting security vulnerabilities to organizations with no disclosure policies can be fraught with tension. In the worst conflicts, security researchers could face lawsuits or even prosecution. Some experts say laws should provide a safe harbor for responsible security research.

3rd Party Risk Management

Ransomware Soap Opera Continues With REvil’s Latest Outage

Mathew J. Schwartz • October 20, 2021

Is there any bigger cybercrime soap opera than the life and times of ransomware operators? Take the REvil, aka Sodinokibi, ransomware-as-a-service operation, which feels like it's disappeared and reappeared more times than the secret, identical twin of the protagonist in your favorite melodrama.

Business Continuity Management / Disaster Recovery

BlackMatter Ransomware Defense: Just-In-Time Admin Access

Mathew J. Schwartz • October 19, 2021

How many ways do U.S. businesses need to be told to lock down their systems to safeguard themselves from ransomware? That's the focus of a new, joint cybersecurity advisory from the U.S. government pertaining to BlackMatter, following an advisory issued last month about Conti.

Breach Notification

Sinclair TV Stations Targeted in Weekend Ransomware Attack

Dan Gunderman • October 18, 2021

Sinclair Broadcast Group, Inc., which owns or operates 186 television stations across 87 U.S. markets, has been hit with a ransomware attack that has disrupted operations. The company says the attack has impacted its ability to deliver advertisements and certain programming.

Breach Notification

Accenture: Ransomware Attack Breached Proprietary Data

Mathew J. Schwartz • October 18, 2021

Accenture says an online attack against it that it first disclosed in August resulted in "the extraction of proprietary information by a third party, some of which was made available to the public by the third party." The LockBit 2.0 ransomware operation has taken credit for the attack and dumping data.