Ransomware

By almost any measure, the breadth, depth and impact of data breaches have dramatically increased during the COVID-19 pandemic. Here’s a roundup of the numbers.

Public- and private-sector speakers during the Massachusetts Municipal Cybersecurity Summit highlighted local agencies’ particular vulnerability to ransomware as well as key strategies and resources to help.

An audit of IT security in K-12 schools by the Kansas Legislature revealed most respondents weren't following recommended best practices, and half of them reported funding as a barrier to doing so.

Officials in Pottawatomie County, Kan., negotiated a much-reduced ransom with the criminals behind a cyber attack that took the county's computer systems offline for close to two weeks.

The new Center for Internet Security (CIS) research measures its cybersecurity recommendations’ effectiveness at thwarting the common techniques used in attacks to guide organizations on maximizing cyber investments.

What if paying a ransom was illegal? While opinions vary widely, some policymakers believe preventing ransomware victims from making payments would remove the incentive for the crime in the first place.

The cyber landscape has evolved to an almost unrecognizable degree in the past twenty years. We look at recent history, analyze policy changes aimed at battling today’s threats and consider what the future may hold.

Connecticut’s Stonington Public School system was the target of a ransomware attack earlier this week. The police department was also reportedly working to protect itself from a similar attack.

In February, company Hawaii Payroll Services suffered a ransomware attack. The company believes the attack was carried out by a criminal who somehow compromised a client's account.

Improving national cybersecurity means requiring organizations to report incidents — and giving these requirements enforcement teeth, said CISA Director Jen Easterly and National Cyber Director Chris Inglis.

A health-care company in Monroe County, Mich., suffered a sophisticated ransomware attack in July. Although there was concern that hackers could have compromised medical data, only financial info was affected.

CISA Cybersecurity Advisor Domingo Rivera said organizations preparing against ransomware should adopt strong practices for maintaining backups and decide ahead of time everything from who to contact to whether to pay.

Late last month, a class-action action lawsuit was filed against St. Joseph's/Candler Hospital Health System, which suffered a ransomware attack that could have exposed the data of more than a million people.

A newly formed joint committee is looking for innovative — and effective — ways to crack down on ransomware payments, bolster localities’ cybersecurity defenses and meet widening gaps in the workforce.

Some state and local governments are turning to managed security service providers to shore up the substantial gaps in the cybersecurity workforce. The shift away from a more traditional hiring strategy has its benefits.

The proposal instructs agencies to use “phishing-resistant” multifactor authentication, segment networks and increase encryption. The public comment period on the proposal closes later this month.

The university’s network was shut down Tuesday and classes were canceled following a ransomware attack. Officials said they don’t have evidence that personal information was exposed, but the investigation is ongoing.

For more than a decade there have been calls to merge physical and cybersecurity in global organizations. Is this the right time? What are the benefits?