Unfortunately ransomware attacks have taken another victim. The City of Dallas recently confirmed that their police department suffered a ransomware attack. This attack shutdown essential services along with some 911 dispatch systems. This was announced in a statement by the city in a press release. "Wednesday morning, the City’s security monitoring tools notified our Security Operations Center (SOC) that a likely ransomware attack had been launched within our environment.

The City of Dallas, Texas, is the ninth largest in the United States currently, with a population of more than 2.6 million people. This massive city was just hit by a substantial ransomware attack by the Royal ransomware gang. The attack interfered with policy response time, 911 services, the police website, the city's court system, and more. With such significant interference occurring in the city's system of government, it's a serious issue for everyone in Dallas.

Software developers build approximately 80% of software applications using open-source code, which opens up a world of opportunity for today’s threat actors. Code package repositories such as npm and RubyGems allow anyone to store or publish packages, and unfortunately that can include packages containing malware. These are known as malicious packages — the malware of the software supply chain. As the name implies, a malicious package is software that is created with malicious intent.

Recently, a new trend has emerged in the world of ransomware: intermittent encryption, the partial encryption of targeted files. Many ransomware groups, such as BlackCat and Play, have adopted this approach. However, intermittent encryption is flawed. In this blog post, I will introduce White Phoenix, a tool my team built that takes advantage of the fact that those files aren’t entirely encrypted and can, in the right circumstances, salvage some content from the unencrypted parts of the files.

560,000 new pieces of malware are detected daily and over 1 billion malware programs exist currently. The first half of 2022 alone saw 236.7 million ransomware attacks globally with an average cost of $4.54 million per incident. This Blog Includes show Top Malware Attack Statistics Malware statistics 2023 How Many Malware Are Detected Every Day?

CommScope is a massive tech company with more than 30,000 employees. The organization works with companies around the world and helps to establish network infrastructure systems for hospitals, schools, federal agencies, and more. CommScope is based out of Hickory, North Carolina, and has been in business since 1976. The massive company has an annual revenue of 9.23 billion USD and manages substantial networks for businesses throughout the United States.

The most common route for malware infections remains social engineering in its various forms: phishing, vishing, etc. Such approaches take advantage of users’ deliberately cultivated willingness to trust communications they receive and to follow the instructions and links such malicious communications carry.

March saw a huge jump in ransomware compared to January and February, signifying that organizations should expect to see a lot more of these attacks this year. With security solutions getting good at spotting and stopping malware on endpoints and servers, you’d think that ransomware attacks would be dwindling. But, according to the NCC Group’s Cyber Threat Report for March 2023, it feels a lot more like 2023 is going to be a repeat of 2022, but at significantly higher attack levels.

The annual RSA Conference always brings exciting product innovations, new partnerships, and lots of debate across cybersecurity and risk practitioners, and last week’s event was no different. RSAC comes on the heels of the recently released National Cybersecurity Strategy which outlined heightened security aspirations for technology providers and organizations that maintain personal data.

CrossLock is a ransomware group that emerged in April 2023, targeting a large digital certifier company in Brazil. This ransomware was written in Go, which has also been adopted by other ransomware groups, including Hive, due to the cross-platform capabilities offered by the language. CrossLock operates in the double-extortion scheme, by threatening to leak stolen data on a website hosted on the deep web if the ransom isn’t paid by the victim.