A new global cyber attack is underway. It seems to have begun in the Ukraine and is rapidly spreading throughout Europe and Asia. It’s not WannaCry and it’s not, as originally reported, Petya either. Instead, it’s a new variant of ransomware dubbed NotPetya. And unfortunately, this attack is much more sophisticated and clever than its minimalistic moniker suggests.
The Shadow Brokers are at it again this morning!
The hacking group who allegedly stole and released the exploits from the CIA that were behind the WannaCry, ETERNAL ROCKS and other recent high profile cyber-attacks, announced their new TheShadowBrokers Monthly Dump Service that they teased was coming soon just a few weeks ago.
I’m a big fan of password managers. In my opinion, it’s probably the easiest and most effective thing you can do to secure your devices and digital stuff. I’m also a big fan of 1Password for a number of reasons. It’s technically awesome, easy to use and like me, it’s Canadian!
Think you got off scot-free in regards to this whole WannaCry business? Well, it turns out that you might be immune to infection by WannaCry because you’ve already been infected by Monero cryptocoin mining Adylkuzz. #irony
Last week the WannaCry ransomware attack made headlines around the world as it spread rapidly at an unprecedented and almost mindboggling pace, infecting thousands of computers worldwide. But the next wave of attacks using the same tactics and techniques is already underway. In fact, it’s been active for weeks now. And it’s quietly getting bigger too.
That’s the err… $61,614.02 question!
The worldwide WannaCry ransomware attack has been making the news since Friday afternoon when it began to run ramped at hospitals in the UK, causing manufacturing plant shut downs across Europe propagating and encrypting everything it could get it’s hands on from ATM’s to marketing display panels.
On Friday afternoon, the UK’s National Health System (NHS) began reporting infections of a new ransomware strain known as WannaCry. Throughout Friday and into Saturday morning, it spread like wildfire across the world, infecting computers in over 150 countries. In the news was account after account of PCs, Smart TVs, ATMs, and arrival and departure displays getting hit as WannaCry sought to find and infect everything it would get its hands on.
And then . . . it seemed to just . . . well . . . stop.
An unprecedented cyber-attack by a ransomware variant known as WannaCry, which encrypts a computer’s files and then demands payment to unlock them, has propagated at a speed never before seen by cybersecurity researchers and is impacting targets worldwide. So far it has taken a major toll on operational services at targets including Telefonica in Spain, the National Health Service in the UK, and FedEx in the US with European countries, including Russia, being among the worst hit.
If you haven’t already, then at some point you’ll need to have “the talk” with the business.
Introducing cyber security risk management to non-technical executives can be difficult, awkward and excruciatingly tiring. Unfortunately… the number one and arguably most important thing missing from most corporate cyber security risk management programs is senior leadership’s approval.
My first post on Infosec Island is live today and more importantly, I’m one more step closer to my bucket list dream of being published in Wired ! In it, I cover my thoughts on what cyber security professionals are doing wrong when the communicate to senior leadership and the board and what they can do to fix it.
So check out my top 5 boardroom presentation hacks and find out how I somehow managed to make fun of stock clipart and work in references to War Games, The Matrix, Sneakers, Sword Fish, Hackers, and The Net!
In light of the countless cyber incidents reported daily—including high-profile database breaches that have impacted millions of patients—the question of risk responsibility is more front and center than ever before. To date, there’s remained a troubling tendency to view cyber security as fundamentally different and separate from other organizational risks. Or, it’s simply viewed as an “IT problem” best left handled by those with the requisite experience and operational subject matter expertise.
In healthcare, there can often be a disconnect between IT and executive leadership when it comes to prioritization of cybersecurity risk management. Finding ways to bridge this gap has been a prevailing theme at both this week’s HIMSS 2017 Conference and Exhibition and last quarter’s HIMSS Privacy and Security Forum.
Your organization has been hit with a catastrophic ransomware attack. Most of the critical digital systems that your business needs in order to function—at the most basic level—are offline. Your CEO has received a ransom note demanding money. If no payment is sent, the attack will continue indefinitely, and the company may never regain access to much or all of the compromised data.