We’re back with this week’s edition of “Weekend Reading.” Below are some of the data stories from this week that you just can’t miss. I know that I found each of them beneficial (and equally interesting!) in my role as a Chief Information Security Officer (CISO). When you have a few minutes this weekend, be sure to check out these important stories. Enjoy!
Computer ransomware that locks out users flourishes in pay-to-make-it-go-away – The Japan Times
Will Japanese victims pay more to get their data back? Masakatsu Morii, a professor of information and telecommunications engineering at Kobe University’s Graduate School of Engineering, believes that might be the case.
The top issues your company needs to consider before implementing file-sharing services – TechRepublic
This is a great video that everyone who is considering cloud-based file-sharing services should watch. Ronen Vengosh, VP of business development at Egnyte, talks about how businesses can still maintain security when sharing files with individuals across (and outside of) an organization.
EU companies need to prepare for more malware and ransomware attacks, Europol report finds – The Merkle
Europe’s leading intelligence agency, Europol, recently released its new report on organized crime within the European Union. The report claims that malware and ransomware will continue to be a major concern for EU companies in the coming year.
How to protect yourself from ransomware – Fortune
I love seeing security being discussed outside of the echo chamber and this quick video (and blog post) from Fortune
does just that. This is the kind of article that you can share with your non-technical staff, peers, friends and family to help them understand the threat of ransomware
PetrWrap ransomware is a Petya offspring used in targeted attacks – BleepingComputer
PetrWrap, a new strain of the Petya ransomware created by a malware group named Janus Secretary, is renting access to Petya, Mischa and GoldenEye ransomware via a Ransomware-as-a-Service (RaaS) portal available on the Dark Web. Kaspersky
researchers Fedor Sinitsyn and Anton Ivanov say the new threat actor took one of these Petya binaries and modified it to work independently from the Petya RaaS backend.
City erases, re-installs server after ransomware attack – Baxter Bulletin
The Mountain Home Water Department in Arkansas refused to pay ransom after being hit with a cyber attack on one of its servers, instead wiping the machine clean. The server was re-installed from a backup created the night before and no information was lost or stolen.
Revenge ransomware, a CryptoMix variant, being distributed by RIG exploit kit – BleepingComputer
Broad Analysis recently discovered Revenge, a new variant of CryptoMix (or CryptFile2), which is being distributed via the RIG exploit kit. Both BroadAnalysis.com
and Brad Duncan of Malware-Traffic-Analysis.net
Protecting your practice from ransomware – Diagnostic Imaging (blog)
This article shares great advice about how to respond to a ransomware attack on patient protected health information (PHI) if you’re in the medical field. Read on for tips about how to protect data and be HIPAA compliant
Ransomware authors burying payloads deeper in installer packages – The Stack
Microsoft’s security labs found ransomware creators are becoming more innovative in their tactics, burying malicious payloads inside regular and valid installer mechanisms. According to Microsoft, there has been a rapid increase in cyberattackers’ adoption of the technique, which is expected to grow even more.
Richmond housing agency computers hit by ransomware attack – News & Observer
A Richmond, Indiana housing agency was the victim of a ransomware attack that demanded $8,000 to restore the agency’s access to the file. The agency lost approximately one month’s worth of data as a result of the incident, which was believed to be carried out by a group from India.
Data breach 101, part I: Data breach notification laws – The National Law Review
Another great article from The National Law Review for those looking to learn a bit more about data breach notification laws. Stay tuned for part II of the series! I hope it covers even more global laws, as well as those in development.
Star Trek themed Kirk ransomware brings us Monero and a Spock Decryptor! – BleepingComputer
Is nothing sacred? For possibly the first time, with the release of Kirk Ransomware, Monero
has been introduced as a ransom payment. For the first two days, crooks are demanding 50 Monero or roughly $1,072. The fee doubles every few days if victims fail to cave. According to the ransom note, if no payment is made by the 31st day, the decryption key gets permanently deleted.
Eastern Iowans experience tax fraud after data breach – KCRG
Marion, Iowa tax company, Classic Tax, suffered a data breach in which more than 20 percent of the company’s 1,200 clients were affected. With tax season in full swing, how confident are you that your accountant can protect your data?