Hard question: How do you recover from ransomware? Harder question: How can you prove you can recover? These two questions led our recent Winter Release event, where we discussed how to take the uncertainty out of ransomware recovery and prove that your recovery plan actually works. Read on to see how you can get peace of mind out of your ransomware recovery plan.

Ransomware’s new favorite victim is educational institutions. Ransomware attacks, that exploit targets utilizing malicious software code, have increased tremendously over the past few years. In addition to targeting business sectors, cybercriminals are now attempting to ambush the security posture of educational sectors. Educational institutions are an easy prey for ransomware attackers as they lack the fundamental elements of a secured network.

In Part 1 of this blog series, we highlighted the benefits of CrowdStrike’s investigative approach and the CrowdStrike Falcon® Real Time Response capabilities for avoiding a significant incident in the first place, and minimizing the damage should an attacker gain entry into your environment. We also explored a range of governance and process-oriented steps that are often left out of technology-centric discussions on incident response preparedness.

A look in the rearview can tell you a lot about the future, so we revisited the top cyber security stories of 2022 with experts in the field. Yes, ‘tis the season when cyber security experts gaze into the crystal ball to tell us what to expect in the coming year, which is fine, but it’s also good to look in the rearview at a year that will be over next week, both for what happened but also for what it all might mean and what we can learn from it.

The FBI is warning US consumers that cybercriminals are placing ads in search engine results that impersonate well-known brands, in an attempt to spread ransomware and steal financial information. In a public service announcement issued this week, the FBI describes how cybercriminals are purchasing ads that show up at the very top of search engine results, often purporting to link to a legitimate company's website.

After Microsoft announced this year that macros from the Internet will be blocked by default in Office, many threat actors have switched to different file types such as Windows Shortcut (LNK), ISO or ZIP files, to distribute their malware. Nevertheless, Office documents are still actively leveraged in many campaigns and pose a large risk to organizations, especially with threat actors continuously finding new ways to avoid detection.

CrowdStrike analyzes malware to augment the behavior and machine learning-based detection and protection capabilities built into the CrowdStrike Falcon® platform to deliver automated, world-class protection to customers. GuLoader has been known to employ a significant number of anti-analysis techniques, making detection and protection challenging for other security solutions.

How hackers are using SVG files to smuggle QBot malware onto Windows systems, a new batch of ransomware families leading attacks on Windows systems, and this year’s spike in command-and-control servers.

Ransomware is one of the most dangerous cyber attacks to businesses and consumers. This type of malware holds files and data hostage until a ransom is paid. Ransomware incidents can result in data loss, financial losses, and even ransomware payments. In order to protect your business from ransomware-based data breaches, it is important to understand ransomware statistics, ransomware trends, and the best practices for ransomware prevention.

If I asked you what the common ways to exploit a cloud app for malicious purposes are, I bet your answer would probably be either to use it to distribute malicious content (such as malware or phishing pages), or to host the command and control (C2) infrastructure. In reality another frequent technique is the dead drop resolver, where a legitimate service is abused by threat actors to host the information related to the C2 infrastructure rather than the C2 infrastructure itself.

The JFrog Security Research team continuously monitors popular open-source software (OSS) repositories with our automated tooling, and reports any vulnerabilities or malicious packages discovered to repository maintainers and the wider community.

Kroll has observed threat actors abusing Google Ads to deploy malware masquerading as legitimate downloads or software that has been “cracked” or modified to remove or disable features such as copy protection or adware. As part of our analysis of this trend and threat, we have identified specifically that VIDAR malware, an information-stealing trojan, is using Google Ads to advertise spoofed domains and redirect users to fraudulent sites or malware downloads.

Today, we’re thrilled to announce that Rubrik has been named a Leader in The Forrester Wave™: Data Resilience Solutions, Q4 2022. The report evaluated nine vendors based on 40 criteria, which were grouped into three categories: current offering, strategy, and market presence.

Cybercriminals have long used Microsoft documents to pass along malware and they are always experimenting with new ways to deliver malicious packages. As defenders, Trustwave SpiderLabs’ researchers are always looking out for new or unusual file types, and through this ongoing research, we uncovered threat actors using a OneNote document to move Formbook malware, an information stealing trojan sold on an underground hacking forum since mid-2016 as malware-as-a-service.

The Sysdig Threat Research Team (TRT) recently discovered threat actors leveraging an open source tool called PRoot to expand the scope of their operations to multiple Linux distributions and simplify their necessary efforts. Typically, the scope of an attack is limited by the varying configurations of each Linux distribution. Enter PRoot, an open source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine.

With the new browser botnet, Cloud9, waiting to penetrate your browsers remotely to access and steal your sensitive and confidential data, it can be challenging to stay safe while browsing the internet. As reported by Bleeping Computer, this Remote Access Trojan named Cloud9 allows cyberattackers to execute commands remotely to steal your data. This malicious extension is not found in the Chrome store, but has been reported to be installed by other means. What’s the story of Cloud9?

I recently read a technology forum post where a system administrator described symptoms of post-traumatic stress disorder after their company was attacked by ransomware. The recent State of Data Security report from Rubrik Zero Labs even found that 96% of individuals suffered emotional or psychological impacts as a direct result of experiencing a cyberattack.