The article emphasizes preparation and effective response strategies in cybersecurity, particularly during ransomware incidents, advocating for clear roles for CIOs and CISOs. Essential first steps post-attack include confirming the issue, containing the threat, and prioritizing business-critical functions for recovery. Proper preparation, with flexible incident-response components, enhances organizational resilience.
Ransomware attacks in the US and UK have shifted the focus of cybersecurity from a technical issue to a matter of national security. High-profile incidents in both countries have caused significant disruptions and financial losses, prompting increased government scrutiny and calls for closer cooperation with the private sector. Policy proposals, such as banning ransom payments and disrupting crypto-enabled money flows, are under consideration, underscoring the need for both improved defenses and financial countermeasures.
https://www.databreachtoday.com/ransomware-reshaping-cyber-as-national-security-priority-a-30160
Ransomware actors are increasingly shifting focus from on-premises systems to cloud assets, particularly Amazon S3 buckets. They exploit misconfigured access controls, weak permissions, and cloud-native features to target mission-critical backups, storage, databases, and container images. Five primary S3 ransomware variants include the use of attacker-controlled KMS keys, customer-supplied encryption (SSE-C), mass data exfiltration and deletion, external KMS key material, and external key stores (XKS). Attackers favor buckets without versioning, object lock, or MFA Delete, often accessing them via overly broad IAM roles or leaked credentials. Trend Vision One™ helps detect these threats by analyzing CloudTrail logs and performing posture checks. Proactive defense includes strict permissions, enabling immutability features, isolating backups, restricting the use of custom keys, automated monitoring, and regular recovery tests. AWS supports customers via guided best practices and policy enforcement.
https://www.trendmicro.com/en_us/research/25/k/s3-ransomware.html
CISA and FBI released guidance on protecting against Akira ransomware, targeting small and medium businesses. The advisory includes indicators of compromise and recommended actions for organizations, emphasizing swift measures for data protection.
Ransomware profits are falling, forcing cybercriminals to adopt new tactics and target different victims.
https://www.databreachtoday.com/ransomware-hackers-look-for-new-tactics-amid-falling-profits-a-29867
Kaspersky's 2024 ransomware report reveals an 18% decrease in detections but an increased focus on targeted attacks. Ransomware-as-a-Service (RaaS) remains prevalent. Average ransom payments rose despite overall payments dropping by 35%. The report highlights a shift towards data exfiltration strategies alongside encryption. Major groups faced disruptions, yet new actors emerged, utilizing AI tools and custom toolkits. The report warns of evolving threats including Bring Your Own Vulnerable Driver (BYOVD) attacks. Recommendations stress proactive defense, incident response planning, and education against phishing to combat the changing ransomware landscape.
Ransomware attacks hit a record high in early 2025, with reported incidents up 81% from the previous year, but payouts are decreasing, down 35% annually. This suggests victims are resisting payments or negotiating lower sums. Criminal organizations face challenges, including reduced affiliate loyalty and increased law enforcement efforts. Despite these issues, ransomware remains a significant threat, urging businesses to enhance protective measures.
https://www.tripwire.com/state-of-security/ransomware-reaches-record-high-payouts-are-dwindling
NSA issues guidance on Fast Flux as a national security threat.
CISA, NSA, FBI, and international partners issued a Cybersecurity Advisory on “Fast Flux,” highlighting it as a national security threat. Fast flux obscures malicious server locations via rapidly changing DNS records, complicating detection and blocking. Organizations and ISPs are urged to adopt multi-layered detection and mitigation strategies, particularly through Protective DNS services, to safeguard national security and critical infrastructure.
Ransomware's financial impact has reached $276 billion in five years, highlighting a major cybersecurity threat. The Cyentia Institute's report outlines trends, targeted industries, and a distinction between attack attempts and incidents. Ransomware causes high losses, especially in transportation, education, and healthcare sectors, with mid-size firms facing the greatest proportional impacts. The report also identifies top ransomware groups and techniques used in attacks, emphasizing the need for stronger defenses and collaboration to mitigate risks.
