We must challenge the conventional wisdom of security: every new threat vector requires a new solution. That you must keep adding new tools, new methodologies — and more people — to protect users, devices, apps, and networks.
Incident Response Lessons From Recent Maze Ransomware Attacks
This post authored by JJ Cummings and Dave Liebenberg This year, we have been flooded with reports of targeted ransomware attacks. Whether it’s a city, hospital, large- or medium-sized enterprise — they are all being targeted. These attacks can result in significant damage, cost, and have many different initial infection vectors. Recently, Talos Incident Response has been engaged […]
Hunting For LolBins
Attackers’ trends tend to come and go. But one popular technique we’re seeing at this time is the use of living-off-the-land binaries — or “LoLBins”. LoLBins are used by different actors combined with fileless malware and legitimate cloud services to improve chances of staying undetected within an organisation, usually during post-exploitation attack phases. Living-off-the-land tactics […]
What you — and your company — should know about cyber insurance
It’s no longer a question of “if” any given company or organization is going to be hit with a cyber attack — it’s when. And when that attack comes, who...
Should governments pay extortion payments after a ransomware attack?
When it comes to ransomware attacks this year, it’s been a tale of three cities. In May, the city of Baltimore suffered a massive ransomware attack that took many of its...
Practical Ways to Reduce Ransomware Impact: Actions You Can Take Today
During the past year, Cisco Security Incident Response Services has provided emergency incident response services for many customers dealing with incidents that sometimes become a ransomware event. In...
Sodinokibi Ransomware Exploits WebLogic Server Vulnerability
Attackers are actively exploiting a recently disclosed vulnerability in Oracle WebLogic to install a new variant of ransomware called "Sodinokibi," which attempts to encrypt user data and then deletes shadow copy backups to make data recovery more difficult.
Ransomware or Wiper? LockerGoga Straddles the Line
LockerGoga is a ransomware variant that, while lacking sophistication, can still cause extensive damage to organizations or individuals. Talos has also seen wiper malware impersonate ransomware, such as NotPetya.