Maze has seemingly done such a good job getting media attention that we’re also seeing more analyses of their methods. This week, check out this report from FireEye: Navigating the MAZE: Tactics, Techniques and Procedures Associated With MAZE Ransomware Incidents and this report from Sophos: Maze ransomware: extorting victims for 1 year and counting In…
Category: Of Note
Paying the Ransom Doubles Cost of Recovering from a Ransomware Attack, According to Sophos
One of the interesting things I learned this past week at the Privacy+Security Forum Spring Academy was that 75% of a prominent law firm’s clients were able to recover from a ransomware attack without having to pay ransom. I was surprised to hear that statistic, as I would have guessed a higher percentage paid ransom….
Washington, D.C. Adds Security Requirements in New Data Breach Notification Law
Rachel Marmor of Davis Wright Tremaine writes: Washington, D.C. amended its data breach notification law (D.C. Act 23-268) on March 26, 2020, expanding the definition of personal information covered by the law and requiring businesses collecting data from D.C. residents to implement “reasonable security safeguards.” Because D.C. law already provides a private right of action…
Managed Service Providers Face Threats From Hackers and Clients
James Rundle reports: With wide-ranging client bases and trusted access to their computer systems, managed service providers are attractive targets for hackers seeking to ransom data or steal information. But they also face threats from their clients, who may have had patchy security in place for years. It only took a few months for Clear…
15-year-old hacker and crew of ‘evil geniuses’ accused of $24 million crypto theft
Bob Van Voris of Bloomberg reports: A 15-year-old hacker and his crew of “evil computer geniuses” stole nearly $24 million in cryptocurrency from an adviser to blockchain companies, according to a lawsuit filed in New York. Michael Terpin claims his phone was hacked and his money stolen in 2018 by a ring led by Westchester…
Shiny Hunters’ bursts onto dark web scene following breaches, Microsoft data theft claims
Bradley Barth reports: A malicious actor known as Shiny Hunters has emerged as a serious dark web player following a spate of high-profile breaches, and now the hacker or hackers is claiming to have stolen data from Microsoft’s private GitHub repositories and is threatening to release the code for free. According to researchers from ZeroFOX Alpha Team,…