Lawrence Abrams reports: Backups are one the most, if not the most, important defense against ransomware, but if not configured properly, attackers will use it against you. Recently the DoppelPaymer Ransomware operators published on their leak site the Admin user name and password for a non-paying victim’s Veeam backup software This was not meant to expose the…
Category: Commentaries and Analyses
UK: Cathay Pacific Airways Limited fined £500,000 for failing to secure its customers’ personal data
From the ICO: The Information Commissioner’s Office (ICO) has fined Cathay Pacific Airways Limited £500,000 for failing to protect the security of its customers’ personal data. Between October 2014 and May 2018 Cathay Pacific’s computer systems lacked appropriate security measures which led to customers’ personal details being exposed, 111,578 of whom were from the UK, and…
OCR settles complaint against doctor for failure to have appropriate risk assessment and security controls, despite technical assistance
OCR has settled a complaint against a covered entity for violations that first occurred prior to November, 2013, but continued thereafter. Yes, 2013. That’s when Steven A. Porter, M.D., first reported a breach to OCR that involved his business associate Elevation43. According to the complaint Porter filed at the time, and as described by OCR,…
NZ: Tuia 250 privacy breach: Tech boss signed off on government website with no testing
Craig McCulloch of RNZ reports: A top tech boss at the Ministry of Culture and Heritage (MCH) reviewed the Tuia 250 website’s security and declared it “fit for purpose” just two months before a major breach was uncovered, new correspondence shows. […] Correspondence obtained by RNZ under the Official Information Act shows the website –…
New PwndLocker Ransomware Targeting U.S. Cities, Enterprises
Lawrence Abrams reports: Driven by the temptation of big ransom payments, a new ransomware called PwndLocker has started targeting the networks of businesses and local governments with ransom demands over $650,000. This new ransomware began operating in late 2019 and has since encrypted a stream of victims ranging from local cities to organizations. Read more on…
Ransomware victims are paying out millions a month. One particular version has cost them the most.
Steve Ranger reports: Ransomware victims have paid out more than $140 million to crooks over the last six-and-a-half years, according to calculations by the FBI. […] Ryuk was the leading ransomware variant, generating roughly $61m between February 2018 and October 2019. Crysis/Dharma was the second most lucrative ransomware, generating $24m between November 2016 and November 2019. Third on the…