Ransomware

As insurance costs and requirements rise, some municipalities are looking to self-insurance and service providers’ cyber incident warranties to help in cases of ransomware and other incidents.

In early May 2021, the world was shocked into attention by a ransomware attack that brought down gas lines. What have we learned — or not — one year later?

Log4Shell, Microsoft Exchange and several patchable flaws top the list of 2021’s most commonly exploited vulnerabilities. The lesson may be a well-worn one: patch systems promptly or work with partners that can.

States still don’t know how much cyber crime actually occurs or how residents are trying to protect themselves. A research team in Virginia is hoping to fill in the knowledge gap with a newly launched study.

A press conference lasting less than 10 minutes was held Friday to address the April 16 cyber attack, but it remains unclear if any data was breached or when all city services will come back online.

The newly formed alliance will serve as a resource to help public safety organizations in the U.S. with sharing, learning about and reacting to cyber threat intelligence from a number of partner entities.

Ransomware continues to disrupt — and even paying up doesn’t spare victims from data loss. One report predicts turning the corner on ransomware soon, but other experts aren’t seeing strong evidence yet.

Far from being too small for notice, special districts can be tempting targets for cyber criminals and adversaries. Former CISA Director Chris Krebs explains risks and advice, and districts share their cyber concerns.

The Cybersecurity and Infrastructure Security Agency has designated 16 sectors — ranging from banks and financial institutions to hospitals and election systems — as critical. But not all sectors have the same defense capabilities.

Staff at Bernalillo County’s accounts payable department became the dupes in a fraudulent “confidence trick” in late 2019 by paying out $447,372 to what they thought was an approved county vendor.

Federal lawmakers are asking how to better help the critical infrastructure sector defend against cyber threats. The answer may involve tailored, actionable intelligence and minimum cybersecurity requirements.

Experts say schools are unlikely to be direct targets of Russia, but they could be caught up in broader attacks against the U.S. Many districts are upgrading firewalls, monitoring networks and testing backup procedures.

As tensions between the U.S. and Russia mount, Cyberspace Solarium Commission members and critical infrastructure owners discussed the work ahead to collaborate more effectively on cyber defense.

According to data from CyberSeek, there are about 600,000 unfilled cybersecurity positions throughout the United States. With cyber threats on the rise, the shortage could make it easier for hackers to thrive.

A ransomware group called Hive is claiming to have stolen private data for 850,000 members of Partnership HealthPlan of California, a nonprofit that manages health care for Medi-Cal patients in 14 counties.

Over 2,000 employees who work at the Cheyenne Regional Medical Center were either overpaid or underpaid thanks to a December ransomware attack that targeted payroll company Kronos.

Arizona CISO Tim Roemer and Virginia CISO Mike Watson discuss how zero trust can ease cybersecurity concerns over remote work and insider threats, and Watson highlights complicated privacy questions facing states.

Criminal hacking organizations such as Russia-based REvil often use phishing to lure unsuspecting employees into opening innocuous-looking emails containing malicious code that provides access to computer systems.