Ransomware is a type of malware in which hackers access files and encrypt them, demanding payment to restore access. Coverage includes ransomware attacks on cities, states, schools and public utilities, as well as legislative efforts to curb the threat and set policy on how to respond.
Improving national cybersecurity means requiring organizations to report incidents — and giving these requirements enforcement teeth, said CISA Director Jen Easterly and National Cyber Director Chris Inglis.
A health-care company in Monroe County, Mich., suffered a sophisticated ransomware attack in July. Although there was concern that hackers could have compromised medical data, only financial info was affected.
CISA Cybersecurity Advisor Domingo Rivera said organizations preparing against ransomware should adopt strong practices for maintaining backups and decide ahead of time everything from who to contact to whether to pay.
Late last month, a class-action action lawsuit was filed against St. Joseph's/Candler Hospital Health System, which suffered a ransomware attack that could have exposed the data of more than a million people.
A newly formed joint committee is looking for innovative — and effective — ways to crack down on ransomware payments, bolster localities’ cybersecurity defenses and meet widening gaps in the workforce.
Some state and local governments are turning to managed security service providers to shore up the substantial gaps in the cybersecurity workforce. The shift away from a more traditional hiring strategy has its benefits.
The proposal instructs agencies to use “phishing-resistant” multifactor authentication, segment networks and increase encryption. The public comment period on the proposal closes later this month.
The university’s network was shut down Tuesday and classes were canceled following a ransomware attack. Officials said they don’t have evidence that personal information was exposed, but the investigation is ongoing.
For more than a decade there have been calls to merge physical and cybersecurity in global organizations. Is this the right time? What are the benefits?
A two-year study concluded that deep-water drilling rigs are not prepared in general to protect themselves against cyber attacks. Rigs need more than firewalls and antivirus software to be secure, the study found.