Experts agree that a ban on ransom payments should decrease ransomware attacks, but concerns about implementing any ban are not trivial. Here are two ideas to consider. Proposal 1: Increasing the Sanctions List Expanding the sanctions list to include every ransomware group with a leak site might make threat actors less likely to threaten victims…
Category: Malware
Scranton School District hit by cyber attack
Sarah Hofius Hall reports: The Scranton School District is the target of a ransomware attack, the acting superintendent confirmed Friday. Third-party forensic specialists are investigating the source of the incident and the impact on district systems and will “restore full functionality to the system as soon as possible,” according to the statement from Acting Superintendent…
Banning Ransom Payments: Calls Grow to ‘Figure Out’ Approach
Mathew J. Schwartz reports: How might banning ransomware victims from paying a ransom to their attacker work in practice? As ransomware groups are causing massive damage and disruption and showing no signs of stopping, Ciaran Martin, the former head of Britain’s National Cyber Security Center, said “it’s time to figure out how to make a ransomware payments…
Hamilton’s ransomware attack, week two: What we know and what we don’t
Grant LaFleche reports: On Feb. 25, a sprawling cyberattack hit the City of Hamilton’s digital network, disrupting phone lines, emails, and databases the municipality uses every day. The crisis is almost two weeks old, and the city remains largely locked out of its systems. Phone lines remain down, council meetings have been postponed, registration to recreation programs…
Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1)
Developing: Someone claiming to be an “affiliate plus” for AlphV claims they were responsible for the Change Healthcare attack but that AlphV stole the payment Change Healthcare had made and suspended the affiliate’s account. The affiliate’s claims appeared on Ramp Forum and have been circulating since then. The post can be seen below, via @vx-underground:…
Fulton County, Security Experts Call LockBit’s Bluff
Brian Krebs reports: The ransomware group LockBit told officials with Fulton County, Ga. they could expect to see their internal documents published online this morning unless the county paid a ransom demand. LockBit removed Fulton County’s listing from its victim shaming website this morning, claiming the county had paid. But county officials said they did not pay, nor…