Newsletter

05.10.2021 | 5'' read

Ransomware on the front pages

by Ryan Naraine

[ EDITOR’S NOTE: Security Conversations thanks the following sponsors who generously support the creation and production of our high-signal, low-noise coverage of the cybersecurity industry: UptycsEclypsium and SecurityWeek ]

Was this newsletter forwarded to you?  Sign up here!  Say hello on Twitter (DMs are open).


Monday blues.

I don’t have much this week. My calendar has been active with a ton of new podcast recordings (see below), new projects to decipher the future of data security (more on that later), and background work preparing for appearances at two upcoming virtual events — SecurityWeek’s threat-intel summit and the RSA Conference.

However, I can’t push out this newsletter without a quick word on this Colonial Pipeline ransomware infection dominating mainstream news headlines and bringing the ransomware epidemic to the front burner for everyone.

I’m not sure what took so long.  We’ve seen these cybercriminals target hospitals (hospitals!), universities, city governments and companies big and small. This DarkSide group (see links below) isn’t  your run-of-the-mill crimeware operation. This is the work of professionals, most certainly protected by a nation-state, that have wreaked havoc on corporate networks, encrypting all data and extorting victims for massive crypto-currency payments.

They are brazen and ruthless and operate with startling precision, even rummaging through an infected network for documents related to ransomware insurance to determine how much to extort from victims.

An unfortunate side effect of this particular incident is something I tried to flag on Twitter back in March. There are a handful of security news publications that do PR/advertising for the DarkSide ransomware gangs, participating openly in the naming-and-shaming of victims.  It may be good for clicks and headlines but I’m not sure it qualifies as journalism to do advertising for dangerous criminal gangs.

While I’m on this track, we need to figure out the nuance of describing ransomware infections as “attacks,” “cybersecurity attacks,” to “cyber-destructive” operations.  Sure, the real-world collateral damage may reach the threshold for an “attack” but words matter when government regulators get involved with only rudimentary understanding of the threat landscape.

Plus, “cyber-cyber-cyber” feeds into the ugly hype and FUD that feeds the security marketing narratives.  We could do with less of that.

On to the newsletter.  

Upcoming podcast guests.

​🎧  The podcast studio has been humming with new recordings. Check the site for new thought-provoking, long-form conversations with these cybersecurity leaders:

  • Collin Greene, engineering director and head of product security, Facebook.
  • Retired Googler Justin Schuh, who pioneered some of the earliest security work on the Chrome browser.
  • Offensive hardware researcher and embedded security expert Alex Matrosov.
  • Charles Nwatu, Security Technology and Risk, Netflix

Full conversations are available on the SecurityConversations.com home page, and on all major platforms — AppleGoogleSpotify and Amazon.


[ Uptycs sponsor message: Going on the ATT&CK versus FIN7 and Carbanak ]

The most recent MITRE ATT&CK evaluation round focused on the FIN7 and Carbanak threat groups. In this 40-minute on-demand discussion, Security Conversations editor Ryan Naraine finds out how the Uptycs platform not only detects the activity of these groups but also provides the context that analysts need to quickly understand how signals are tied together. Catch the discussion here.


Ransomware madness
Things you should already have read.
Open-source goodness.
Relatedly.
​The true costs of ransomware can add up very, very quickly when you cater for things like insurance, incident response, legal, crisis communications, IT support, ransom payment, ransom negotiator, etc., etc.

_ryan

PS: The podcast is available on all platforms (AppleGoogleSpotify and Amazon).  As the kids say, like and subscribe, like and subscribe.

|

This site uses cookies and may process personal data based on our Privacy Policy