Ransomware

The new Center for Internet Security (CIS) research measures its cybersecurity recommendations’ effectiveness at thwarting the common techniques used in attacks to guide organizations on maximizing cyber investments.

What if paying a ransom was illegal? While opinions vary widely, some policymakers believe preventing ransomware victims from making payments would remove the incentive for the crime in the first place.

The cyber landscape has evolved to an almost unrecognizable degree in the past twenty years. We look at recent history, analyze policy changes aimed at battling today’s threats and consider what the future may hold.

Connecticut’s Stonington Public School system was the target of a ransomware attack earlier this week. The police department was also reportedly working to protect itself from a similar attack.

In February, company Hawaii Payroll Services suffered a ransomware attack. The company believes the attack was carried out by a criminal who somehow compromised a client's account.

Improving national cybersecurity means requiring organizations to report incidents — and giving these requirements enforcement teeth, said CISA Director Jen Easterly and National Cyber Director Chris Inglis.

A health-care company in Monroe County, Mich., suffered a sophisticated ransomware attack in July. Although there was concern that hackers could have compromised medical data, only financial info was affected.

CISA Cybersecurity Advisor Domingo Rivera said organizations preparing against ransomware should adopt strong practices for maintaining backups and decide ahead of time everything from who to contact to whether to pay.

Late last month, a class-action action lawsuit was filed against St. Joseph's/Candler Hospital Health System, which suffered a ransomware attack that could have exposed the data of more than a million people.

A newly formed joint committee is looking for innovative — and effective — ways to crack down on ransomware payments, bolster localities’ cybersecurity defenses and meet widening gaps in the workforce.

Some state and local governments are turning to managed security service providers to shore up the substantial gaps in the cybersecurity workforce. The shift away from a more traditional hiring strategy has its benefits.

The proposal instructs agencies to use “phishing-resistant” multifactor authentication, segment networks and increase encryption. The public comment period on the proposal closes later this month.

The university’s network was shut down Tuesday and classes were canceled following a ransomware attack. Officials said they don’t have evidence that personal information was exposed, but the investigation is ongoing.

For more than a decade there have been calls to merge physical and cybersecurity in global organizations. Is this the right time? What are the benefits?

A two-year study concluded that deep-water drilling rigs are not prepared in general to protect themselves against cyber attacks. Rigs need more than firewalls and antivirus software to be secure, the study found.

Criminals will keep using ransomware as long as its profitable, but outright banning all payments could be deeply painful for critical sectors and small businesses. The road ahead is full of policy hurdles.

Senior federal officials met with education, insurance, critical infrastructure and technology organizations to talk expanding the cybersecurity workforce, defending essential systems and designing more secure tech products.

On Aug. 7, a ransomware attack, perhaps brought about by phishing, led to the shutdown of multiple systems in Twin Falls County, Idaho. Between 2018 and 2020, governments have seen 246 cases of ransomware.