Not only is ransomware on the rise, but this type of malware is also growing more sophisticated and professionalized, which is a cause for concern for both organizations and users.

Researchers at Sophos have found that the criminal market for malicious generative AI tools is still disorganized and contentious. While there are obvious ways to abuse generative AI, such as crafting phishing emails or writing malware, criminal versions of these tools are still unreliable. The researchers found numerous malicious generative AI tools on the market, including WormGPT, FraudGPT, XXXGPT, Evil-GPT, WolfGPT, BlackHatGPT, DarkGPT, HackBot, PentesterGPT, PrivateGPT.

Recovering from a Ransomware attack requires a systematic approach to minimise damage and restore normal operations efficiently. The following steps are crucial in the recovery process.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including NoEscape ransomware, AvosLocker ransomware, and Retch ransomware, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Rubrik Zero Labs’ recent study accentuated several hard truths we think are important and warrant a response from Rubrik’s CISO Advisory Board. First, let’s confirm what many of us have already discussed: It’s not fun to be a CISO right now. There’s an overwhelming amount of expectation—from the board to business unit owners—to figure out how to grow and use data, but also keep it secure, and figure out what happens when it’s not.

If you’re the victim of a ransomware attack, there are no guarantees that you can recover your stolen data. The best you can do is mitigate the effects of the attack and remove the ransomware from your device. The steps to recover from a ransomware attack include isolating your device, removing the ransomware, restoring your backed-up data and changing any compromised login credentials.

It goes without saying that organizations must back up their critical data to ensure business continuity in the event of cyber attacks, disasters, operational failures, or insider threats. But are passive backups enough in today’s environment of sophisticated cyber threats? Despite having backups and various security tools to monitor infrastructure, organizations remain vulnerable to attackers who are still managing to penetrate defenses.

Clark County School District in Nevada, the fifth-largest school district in the United States, recently experienced a massive data breach. Threat actors gained access to the school district’s email servers, which exposed the sensitive data of over 200,000 students. The district is now facing a class-action lawsuit from parents, alleging it failed to protect sensitive personal information and take steps to prevent the cybersecurity attack.

The Malware-as-a-Service (MaaS) model, and its readily available scheme, remains to be the preferred method for emerging threat actors to carry out complex and lucrative cyberattacks. Information theft is a significant focus within the realm of MaaS, with a specialization in the acquisition and exfiltration of sensitive information from compromised devices, including login credentials, credit card details, and other valuable information.

There’s a massive elephant in the room: unstructured data. It’s valuable, and it needs to be protected. Let’s talk about why.

The different types of ransomware include crypto ransomware, locker ransomware, scareware, leakware and Ransomware-as-a-Service (RaaS). Ransomware is a type of malware, also known as malicious software, that prevents victims from accessing the data stored on their devices until they’ve paid a cybercriminal a certain amount of money, commonly referred to as a ransom.

Man Bites Dog: In an unusual twist in cybercrime, the ransomware group BlackCat/ALPHV is manipulating the SEC's new 4-day rule on cyber incident reporting to increase pressure on their victims. This latest maneuver highlights a sophisticated understanding of regulatory impacts in ransomware strategies.

Google Cloud releases its Q3 Threat Horizons report, BlueNoroff hacks macOS machines with ObjCshellz malware, and a ChatGPT-powered infostealer targets cloud platforms.

We’re excited to announce Rubrik as one of the first enterprise backup providers in the Microsoft Security Copilot Partner Private Preview, enabling enterprises to accelerate cyber response times by determining the scope of attacks more efficiently and automating recoveries. Ransomware attacks typically result in an average downtime of 24 days. Imagine your business operations completely stalled for this duration.

Every day more than 2 billion documents and emails are added to Microsoft 365, making this critical data a priority target for ransomware and other cyber attacks. After all, 61% of attacks affect SaaS applications, the most targeted platform / environment. This data can also often be unstructured, and rapidly processing and managing the content at enterprise scale is critical when it comes to both applying protection and performing restores.

What if a malicious attack deleted your Microsoft Entra ID (formerly Azure Active Directory) objects? Or what if hundreds of objects get deleted across your Microsoft OneDrive account from a rogue script? Think about it. If you’re a large enterprise customer, would you be prepared to rapidly recover from these scenarios at scale?

The City of Huber Heights is in east Ohio, north of Dayton. The suburban area has a population of around 50,000, but other populated areas are nearby. Sunday morning, November 12th, 2023, the City of Huber Heights was subject to a ransomware attack; the investigation is ongoing, as the attack disrupted many City divisions.

Rubrik has been assisting our customers with recovery from cyber attacks since 2018. We immediately took notice of these attacks, and early on, began developing processes and procedures to respond more effectively to better assist our customers. Our spirit of continuous improvement and execution of lessons learned from the field has led to a number of improvements to both our products and processes.

The high profile MGM Resorts hack by ransomware group ALPHV/BlackCat has served as a wake up call to the hospitality industry, demonstrating that the industry is a lucrative target for cybercriminals. The hack was hugely impactful to MGM making for sensational headlines in mainstream media, however what struck security experts were the social engineering methods used by the threat actors and how effective they were in bypassing security controls and technologies.

CherryBlos is a rather interesting family of Android malware that can plunder your cryptocurrency accounts - with a little help from your photos.

Top tips is a weekly column where we highlight what’s trending in the tech world today and list out ways to explore these trends. This week we’re looking into how your organization can recover from a ransomware attack. It’s well known at this point that ransomware attacks are an inevitability. With around 493.33 million ransomware attempts in 2022 alone, it’s not a question of if you’ll fall victim to a ransomware attack, but rather it’s a question of when.

CrowdStrike Counter Adversary Operations has been investigating a series of cyberattacks and strategic web compromise (SWC) operations targeting organizations in the transportation, logistics and technology sectors that occurred in October 2023. Based on a detailed examination of the malicious tooling used in these attacks, along with additional reporting and industry reports, CrowdStrike Intelligence attributes this activity to the IMPERIAL KITTEN adversary.

Cyber resilience goes beyond mere security tools or yearly employee training. While both are crucial, a multi-layered cybersecurity approach is essential for the most robust protection. You might be asking “Where is the best place to start?” Or “Is what I am doing enough?” I think we all recognize that cybercrime is on the rise. Recent research indicates that cybercrime is indeed up 300% since 2020.

As ransom payments reach an all-time high, it’s time to look at attacks from a data perspective and find the greatest opportunities to stop these attacks. Every quarter, I’ve been covering the Quarterly Ransomware Reports from ransomware response company Coveware. In their latest report covering Q3 of this year, we get a greater sense of what trends their security researchers are seeing from the data: This last one is interesting.

Say hello to Ruby, your new Generative AI companion for the Rubrik Security Cloud. Ruby is designed to simplify and automate cyber detection and recovery, something that IT and Security teams struggle with as cyber incidents are getting wildly frequent and the attacks are evolving quickly. A study by Rubrik Zero Labs revealed that 99% of IT and Security leaders were made aware of at least one incident, on average of once per week, in 2022.

Lazarus Group targets a software vendor, a link shortening service abuses the.US top-level domain, and hackers target crypto experts with KANDYKORN malware.

The ever-changing universe of LEGO dominates the toy industry; LEGO is one of the most recognizable toy brands in the world, a perk of which is die-hard fans. LEGO fanatics flock to BrickLink, a privately owned website where individuals can design, sell, and buy block sets. LEGO also features some designs following community voting. An estimated 1.4 million people have registered accounts with the platform, including sellers and consumers.

Ransomware works by exploiting vulnerabilities in a computer system's security. Criminals typically use email phishing or other deceptive tactics to install malicious software on the victim's computer. Once the ransomware has infiltrated the system, it will begin to lock down files and encrypt them using advanced cryptography techniques, making them inaccessible. The cybercriminal will then demand payment for a decryption key that will allow the victim to regain access to their files.

Ransomware is a scourge that is on track to inflict over $30 billion in damages in 2023. Businesses and organizations that are hit by a ransomware attack face a potentially devastating data breach, with system downtime, recovery, negative publicity and the likelihood of a ransom payment to deal with. Many small businesses are unable to recover from the ordeal and end up permanently shutting their doors within months of being hit.

An analysis of ransomware attacks on healthcare organizations from 2016 through October of 2023 shows the healthcare sector is likely to continue to suffer as a viable ransomware target. In the last seven years, there have been 539 confirmed ransomware attacks on U.S. hospitals, costing a total of around $77 billion. Consumer tech comparison website Comparitech performed an analysis of these attacks to show the trends – with both positive and negative results.

The Allied Pilots Association (APA) is the collective pilot agent for American Airlines; it provides a range of services to 15,000 members, including acting as a bargaining entity. On October 30th, the APA experienced a network disturbance—a ransomware cyberattack potentially exposing members.

LiveAction Incorporated is a software company specializing in analytics, network monitoring, and application management tools. They’ve reported a revenue of over $5 million and provide services to companies in various industries; technical manufacturers, hospitals, biotechnology, and transportation professionals all use LiveAction services. Earlier this year, LiveAction suffered a ransomware attack where hackers took significant consumer information.

Deer Oaks Behavioral Health is a national provider of mental health based in San Antonio, Texas. They offer the nation long-term care focused on psychiatry and psychology. Deer Oaks hosts more than 1,500 facilities nationwide. Their services include medication and medical treatment planning while spearheading new techniques for rural tele-behavioral health.

An often-heard concern in cybersecurity is the amount of tools a single organization has to manage to protect its environment from malicious actors, both internal and external. The environments cybersecurity professionals need to secure have grown a lot more complex over the years, as we have adopted new architectural principles and hybrid and multi-cloud infrastructures in the race for a competitive edge.

Read also: Nigeria dismantles cybercrime recruiting and mentoring hub, two Russians charged over JFK taxi dispatch hack, and more.

In the past month, the Netskope Threat Labs team observed a considerable increase of SharePoint usage to deliver malware caused by an attack campaign abusing Microsoft Teams and SharePoint to deliver a malware named DarkGate. DarkGate (also known as MehCrypter) is a malware that was first reported by enSilo (now Fortinet) in 2018 and has been used in multiple campaigns in the past months.