While everyone understandably raises alarms about the possible impact of a ransomware attack, let us never forget that simple, stupid, careless, willful, or just human errors can create significant safety risks for people. A foster family in Missouri is raising concerns about what may be two separate breaches that pose safety risks to them and…
Category: Commentaries and Analyses
English High Court Clarifies Appropriate Causes of Action in Data Claim Where Defendant Was a Victim of Third-Party Cyber-Attack
Steven Baker, Vishnu V. Shankar, and Julia Bihary of Proskauer write: In the recent and significant Warren v DSG Retail Ltd [2021] EWHC 2168 (QB) decision the High Court in England clarified the limited circumstances in which claims for breach of confidence, misuse of private information and the tort of negligence might be advanced by individuals for…
Threat actors sometimes name the wrong victims — so why are you just repeating their claims?
Since March, 2021, data exfiltrated from Butler County Sheriff’s Office has been dumped on the dark web and clear net, but those affected may never have known that because the threat actors named the wrong victim. Relying too much on the word of criminals, researchers and compilations also misidentified the victim. Researchers and journalists should…
New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
Amitai Ben Shushan Ehrlick reports: SentinelLabs has been tracking the activity of Agrius, a suspected Iranian threat actor operating in the Middle East, throughout 2020 and 2021 following a set of destructive attacks starting December 2020. Since we last reported on this threat actor in May 2020, Agrius lowered its profile and was not observed conducting destructive…
When the charm offensive didn’t work, threat actors just opted to be offensive
In 2020, those of us who report on ransomware attacks witnessed what some described as a “charm offensive” — spokespeople for ransomware groups granting interviews to journalists in which the threat actors tried to make themselves sound like professionals who have an ethics code and who are just trying to provide for their families. Those…
City of Dallas calls IT protocols ‘inadequate’ in 131-page report on police data loss
Ryan Osborne reports: Dallas’ city information technology department sent a 131-page report to city council on Thursday, detailing the massive data loss involving police records earlier this year and attributing the issue to “inadequate” protocols among IT staff. The report confirmed that 22 terabytes of data, involving more than 8 million records, were deleted in…