Windows TCO: HardBit, Other Ransomware, and More
-
The Register UK ☛ Ransomware costs at critical infrastructure orgs soar
According to Sophos' latest figures, released today, the median ransom payments rose to $2.54 million – a whopping 41 times last year's sum of $62,500. The mean payment for 2024 is even higher at $3.225 million, although this represents a less dramatic 6x increase.
IT, tech, and telecoms were the least likely to pay mega bucks to cybercriminals with an average payment of $330,000, while lower education and federal government orgs reported the highest average payments at $6.6 million.
The numbers are based only on ransomware victims that were willing to disclose the details of their blunders, so do not present the complete picture.
-
Security Week ☛ Ransomware Attack Disrupts Bassett Furniture Manufacturing Facilities
Virginia-based furniture manufacturer and retailer Bassett Furniture was recently targeted in a ransomware attack that caused significant disruptions, including in the company’s manufacturing facilities.
-
Scoop News Group ☛ Ransomware attacks are hitting energy, oil and gas sectors especially hard, report finds
The report looks at ransomware impacts to critical infrastructure organizations and is based on more than 200 responses from a wider survey of 5,000 cybersecurity and IT leaders taken in January and February. Sophos said that the ransomware attack rate appears to be falling globally, but researchers found that recovery times for energy, oil and natural gas, and utilities have been steadily increasing since at least 2022.
-
Sophos ☛ A Sophos Whitepaper. July 2024: The State of Ransomware in Critical Infrastructure 2024 [PDF]
Prevention. The best ransomware attack is the one that didn’t happen because the adversaries couldn’t get into your organization. With around half of the attacks (49%) starting with the exploitation of unpatched vulnerabilities in energy, oil/gas and utilities, it’s important to take control of your attack surface and deploy risk-based prioritization of patching. The use of MFA to limit credential abuse should also be a priority for every single organization. Ongoing user training on how to detect phishing and malicious emails remains essential.
-
Wired ☛ The US Supreme Court Kneecapped US Cyber Strategy
Biden’s marquee cyber regulation may also be his most endangered: a pending requirement for critical infrastructure organizations to report cyberattacks within 72 hours and ransomware payments within 24 hours.
The regulation, authorized by the 2022 Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA), is meant to close massive gaps in the government’s awareness of the cyberattacks plaguing US companies every day. But when the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released the proposed rule in April, the business community slammed it for going further than lawmakers intended. By the time the public comment period closed earlier this month, many companies and trade groups had urged CISA to pare back the rule—with some of them even citing the Loper Bright ruling.
-
Tripwire ☛ HardBit Ransomware - What You Need to Know
Yes, security researchers have reported that HardBit 4.0 has been designed to be harder for malware experts to analyse. The new version of HardBit incorporates passphrase protection. When the ransomware is run, a passphrase has to be entered correctly in order for it to execute properly. The intention appears to be to make it more difficult for researchers who do not know the passphrase to analyse how the ransomware works. In addition, HardBit 4.0 comes in two flavours: a command-line version of the ransomware and another version that has a user interface. It appears that the option is being offered to make the ransomware more attractive to operators with different technical skill levels.
-
Federal News Network ☛ Safeguarding critical infrastructure: Addressing threats to the water sector
Despite being designated as critical infrastructure, many of the nation’s public water and wastewater facilities are considered antiquated and outdated due to resource constraints, even as they adopt digital infrastructure like sensors and network-connected systems. This gap leaves systems vulnerable to attacks, with inadequate incident response coordination and information sharing increasing the risks.