Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Read also: Greece’s natural gas supplier DESFA hit with ransomware, an advanced BEC campaign targets high-ranking executives, and more.

On August 4, 2022, Advanced – a major software provider for the UK’s National Health System (NHS) and other healthcare customers – suffered a ransomware attack from a group that is still unknown to the public. The attack disrupted NHS services including ambulance dispatch, appointment bookings, patient referrals and emergency prescriptions.

The Hive Gang is a Ransomware as a Service (RaaS) providers first identified in June 2021. Although relatively new, their aggressive tactics and ever evolving malware variants have made them one of the most successful RaaS groups of its kind. Find out how the group has risen through the ranks with their advanced ransomware kit, API based portal and negotiation services.

In Part 1 of this four-part blog series examining wiper malware, we introduced the topic of wipers, reviewed their recent history and presented common adversary techniques that leverage wipers to destroy system data. In Part 2, CrowdStrike’s Endpoint Protection Content Research Team discusses how threat actors have used legitimate third-party drivers to bypass the visibility and detection capabilities of security mechanisms and solutions.

Learn to protect data from ransomware Explore real-life cybercrime examples Dive into the future of data security Learn to protect data from ransomware Register Now About half of CISOs say that their organisation is unprepared to cope with a coordinated attack. So they’re investing heavily to manage the risk. Deloitte reported that firms spend over 10% of their annual IT budget on cybersecurity. That works out at about $2-5 million per year for a typical enterprise.

Splunk SURGe recently released a whitepaper, blog and video that outline the encryption speeds of 10 different ransomware families. The outcome of this research was that it is unlikely that a defender will be able to do anything once the encryption has started. Ransomware today is also mostly “human-operated” where many systems are sought out and compromised before any encryption activities occur and, once they do, the encryption is just too fast to meaningfully affect the damage done.