Ransomware
June 2025
June 2025
Vol. 8, Iss. 26
Robin’s Newsletter #367
WhatsApp banned on House-issued devices. Patient death linked to Qilin ransomware attack. Canadian telco compromised by Salt Typhoon.
Vol. 8, Iss. 24
Robin’s Newsletter #365
Whole Foods supplier disruption. Google outage caused by poor error handling. DarkGaboon ransoming Russian companies. US ATC runs on Win95.
Vol. 8, Iss. 22
Robin’s Newsletter #363
German authorities ID Trickbot, Conti ringleader. Australia passes law requiring ransom payment notifications. Vietnam blocks Telegram.
May 2025
May 2025
Vol. 8, Iss. 21
Robin’s Newsletter #362
Global infostealer, ransomware infrastrucutre takedown. TCS investigating role in M&S incident. Anthropic's AI blackmails developer in test.
Vol. 8, Iss. 19
Robin’s Newsletter #360
China 'becoming a cyber superpower'. SignalGate twist: it wasn't Signal. SK Telecom breach could result in $5B revenue loss.
March 2025
March 2025
Vol. 8, Iss. 9
Robin’s Newsletter #350
FBI points finger at North Korea for $1.5B crypto-heist. US deprioritises Russia cyber threat. 7,000 people freed from scam centres in Myanmar.
February 2025
February 2025
Vol. 8, Iss. 8
Robin’s Newsletter #349
Apple disables ADP in UK amidst E2EE fight with UK gov. Trump seeks control of independent agencies. $1.4B stolen from Bybit cryptocurrency exchange.
Vol. 8, Iss. 6
Robin’s Newsletter #347
UK demands Apple break iCloud encryption. Hurricane-style categorisation of cyber incidents. Meta torrented pirated books to train AI models.
January 2025
January 2025
Vol. 8, Iss. 3
Robin’s Newsletter #344
UK launches ransomware consultation. FTC takes action against GoDaddy for poor security practices. Doom PDF.
Vol. 8, Iss. 1
Robin’s Newsletter #342
UN approves cybercrime convention. Clop threatens Cleo breach names. Sanctions for Chinese firm links to Flax Typhoon. Doom as a CAPTCHA.
December 2024
December 2024
Vol. 7, Iss. 50
Robin’s Newsletter #339
File transfer systems attacked. FCC funding to replace Chiense telco equipment. Romania nnuls election results over suspected interference.
Vol. 7, Iss. 48
Robin’s Newsletter #337
Blue Yonder causes supply chain disruption. Incidents at two UK hospitals. $17M stolen from Urgana's central bank.
November 2024
November 2024
Vol. 7, Iss. 45
Robin’s Newsletter #334
Okta auth bypass for long usernames. Copyright infringement notices used to drop infostealers. Schneider Electric attacker wants payment in baguettes.
August 2024
August 2024
Vol. 7, Iss. 31
Robin’s Newsletter #320
Electoral Commission slammed for 'basic errors'. CrowdStrike faces multiple legal challenges. $75 million record-breaking ransomware payment.
June 2024
June 2024
Vol. 7, Iss. 26
Robin’s Newsletter #315
TeamViewer says it was compromised by Cozy Bear. Thousands arrested in law enforcement crackdown on scammers. Two critical MOVEit vulnerabilities.
Vol. 7, Iss. 25
Robin’s Newsletter #314
Updates on significant healthcare incidents. US gov bans Kaspersky. Spoofing Microsoft.com emails.
Vol. 7, Iss. 24
Robin’s Newsletter #313
Six years! Wow. Thanks for subscribing 😊 (now go donate blood to help the NHS respond to a ransomware attack)
Vol. 7, Iss. 23
Robin’s Newsletter #312
Ransomware attack at NHS London supplier disrupts operations. Microsoft recalls Recall, promises improved security and privacy. Plus a puzzle for you.
May 2024
May 2024
Vol. 7, Iss. 21
Robin’s Newsletter #310
Microsoft Recall is a 'privacy nightmare'. UK/China threat not being takn seriously. FBI says Scattered Spiter is ~1,000 people.
Vol. 7, Iss. 18
Robin’s Newsletter #307
Microsoft ties exec pay to security. Change Healthcare paid $22M ransom. The UK bans default passwords for smart tech.
April 2024
April 2024
Vol. 7, Iss. 16
Robin’s Newsletter #305
Significant breach at data analytics firm Sisense. UK trade unions targeted. Perfect 10 vulnerability in Palo's GlobalProtect VPN product.
March 2024
March 2024
Vol. 7, Iss. 10
Robin’s Newsletter #299
ALPHV pulls an exit scam after Change Healthcare seems to make ransom payment.
February 2024
February 2024
Vol. 7, Iss. 8
Robin’s Newsletter #297
LockBit comprehensively pwned by UK, US and EU law enforcement. Leak at Chiense security copmany gives insight into outsourcing of government attacks.
Vol. 7, Iss. 7
Robin’s Newsletter #296
FBI disrupts GRU botnet. Dozens of Romanian hospitals impacted by ransomware. European court rules on encryption backdoors.
Vol. 7, Iss. 5
Robin’s Newsletter #294
FBI disrupted Volt Typhoon activity. Moody's downgrades UK water sector due to cyber threat. Stolen FTX millions linked to US SIM swapping ring.
January 2024
January 2024
Vol. 7, Iss. 3
Robin’s Newsletter #292
Microsoft email accounts compromised by Russian espionage group. Bumper password dump added to HIBP? Gaza phone services out for a week.
Vol. 7, Iss. 1
Robin’s Newsletter #290
Sandworm was in Kyivstar for at least seven months. British Library will spend 40% of reserves rebuilding after ransomware attack. Mandiant Twitter account compromised.
December 2023
December 2023
Vol. 6, Iss. 53
Robin’s Newsletter #289
Chinese group still targeting Barracuda ESGs. Kaspersky details on 'Trangulation' operation. A look back on 2023.
Vol. 6, Iss. 52
Robin’s Newsletter #288
Predatory Sparrow disrupts 70% of Iran's petrol pumps. New SEC breach rules come into force. Authories seize APLHV dark web site.
November 2023
November 2023
Vol. 6, Iss. 48
Robin’s Newsletter #284
Warning over Lazarus software supply-chain attacks. Australia cyber security strategy published.
Vol. 6, Iss. 47
Robin’s Newsletter #283
Australian port operations disrupted by cyber-attack. 16 Danish CNI orgs hit simultaneously earlier this year. Ransomware group files SEC complaint.
Vol. 6, Iss. 45
Robin’s Newsletter #281
SEC charges SolarWinds CISO. Countries vow not to pay ransomware demands. Major updates to CVSS.
October 2023
October 2023
Vol. 6, Iss. 43
Robin’s Newsletter #279
Five Eyes security chiefs warn of espionage threat. Two ransomware gangs taken out. Thousands of Cisco devices compromised.
Vol. 6, Iss. 40
Robin’s Newsletter #276
Ukraine says Russia is going after war crimes data. US, Japan says China targeting routers for persistence. UK logistics firm goes under following ransomware attack.
September 2023
September 2023
Vol. 6, Iss. 39
Robin’s Newsletter #275
International Criminal Court breached by attackers. Cisco set to acquire Splunk in largest-ever acquisition. Agreement on UK-US data flows.
Vol. 6, Iss. 38
Robin’s Newsletter #274
Ransomware groups target Save the Children, and Las Vegas casinos, and the Sri Lankan government.
August 2023
August 2023
Vol. 6, Iss. 35
Robin’s Newsletter #271
Lapsus$ group pair court verdict. Ransomware dwell times are down. Cloud providers looses all their customers data in ransomware incident.
July 2023
July 2023
Vol. 6, Iss. 27
Robin’s Newsletter #263
SEC issues noticed to SolarWinds CFO, CISO. Apple opposed Online Safety Bill. US Supreme Court rejects cyberstalking case.
June 2023
June 2023
Vol. 6, Iss. 26
Robin’s Newsletter #262
More organisations caught up in MOVEit. Alphv/BlackCat has been all up in a lot of business. PlugWalkJoe gets 5-year sentence for Twitter crypto scam.
Vol. 6, Iss. 25
Robin’s Newsletter #261
More MOVEit victims and a $10 million bounty on Clop. Fortinet VPN vulnerability. A couple of cool side-channel techniques.
Vol. 6, Iss. 24
Robin’s Newsletter #260
Clop ransomware beaches MOVEit file transfer systems. Barracuda urges rip-and-replace of their email security gateways. Snowden leaks, ten years on.
May 2023
May 2023
Vol. 6, Iss. 21
Robin’s Newsletter #257
Montana bans TikTok. Ransomware as activitsm. Fallout from Capita breaches escalate.
March 2023
March 2023
Vol. 6, Iss. 13
Robin’s Newsletter #249
TikTok bans continue, Russia bans iPhones from Putin’s inner circle, China & Russia set sights on tech sovereignty
February 2023
February 2023
Vol. 6, Iss. 9
Robin’s Newsletter #245
USSOCCOM Email server left exposed. Critical vulnerability in another file transfer app. Signal says it would exit UK market.
Vol. 6, Iss. 7
Robin’s Newsletter #243
Sanctions for TrickBot as ransomware declared tier 1 national security risk. Hacking ChatGPT with prompt injection attacks. ESXiArgs ransomare spree continues. Dutch police bring down Exclu encrypted phone service.
January 2023
January 2023
Vol. 6, Iss. 5
Robin’s Newsletter #241
Hive ransomware infrastructure seized by FBI. The concentration of the illicit crypto-currency market. GoTo confirms customer data stolen during November breach.
Vol. 6, Iss. 4
Robin’s Newsletter #240
Ransomware payments fell 40% in 2022. T-Mobile suffers *another* breach; 37 million accounts affected. Credential stuffing attacks against Norton Password Manager, PayPal.
Vol. 6, Iss. 1
Robin’s Newsletter #237 — 2023 Forecast
My thoughts on the broad outlook and specific predictions for the world of cyber in 2023.
December 2022
December 2022
Vol. 5, Iss. 49
Robin’s Newsletter #233
UK managed security businesses to be regulated. Medibank attackers release data. Anker's Eufy smart camera 'local only' claims disputed.
November 2022
November 2022
Vol. 5, Iss. 47
Robin’s Newsletter #231
Crypto-exchange FTX's governance failures. Medibank attackers release stolen mental health data. Majority of UK COBRA meetings are about ransomware.
Vol. 5, Iss. 45
Robin’s Newsletter #229
Slovkia's parliamentary business suspended. Mondelez & Zurich settle NotPetya insurance claim. US Treasury says ransomware losses are over $1 billion.
August 2022
August 2022
Vol. 5, Iss. 34
Robin’s Newsletter #218
Cl0p ransomware gang mistakes attack on South Staffs Water for Thames Water. DigitalOcean caught up in latest Mailchimp breach. Apple security vulnerabilities.
Vol. 5, Iss. 33
Robin’s Newsletter #217
Twilio, Cloudflare & Cisco attacks also targeted employee's personal devices and accounts. NHS 111 outage may last weeks. Sanctions for Tornado Cash.
May 2022
May 2022
Vol. 5, Iss. 20
Robin’s Newsletter #204
Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.
Vol. 5, Iss. 18
Robin’s Newsletter #202
Conti ransomware gang targets Costa Rica following election. Timeline of Russian cyberatacks against Ukraine. Facebook doesn't know where your data flows.
March 2022
March 2022
Vol. 5, Iss. 13
Robin’s Newsletter #197
The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.
Vol. 5, Iss. 12
Robin’s Newsletter #196
Russia/Ukraine roundup. Mysterious incident affecting satcom terminals. Ransomware group adds wiper capability. Law firm gets GDPR fine for not patching.
February 2022
February 2022
Vol. 5, Iss. 7
Robin’s Newsletter #191
Slovenian TV disruption. 500 ecommerce sites compromised by MageCart. 2021 was a bumper year for cyber M&A.
January 2022
January 2022
Vol. 5, Iss. 5
Robin’s Newsletter #189
Activists ransomware Belarus' state-woned railway company. New UK cyber strategy for government. Let's Encrypt re-issuing 2M certs.
Vol. 5, Iss. 3
Robin’s Newsletter #187
Russian authorities scoop up members of REvil. Google Analytics and GDPR. Using a cyberattack to accelerate dgitial transformation.
Vol. 5, Iss. 2
Robin’s Newsletter #186
Potential FTC legal action over Log4shell. Phishing using Google Docs. New UK Information Commissioner. Reframing cybersecurity.
October 2021
October 2021
Vol. 4, Iss. 43
Robin’s Newsletter #175
US bans sales of offensive cyber tools to authoritarian governments. REvil taken offline in multi-national operation. The MoD's economic warefare unit.
Vol. 4, Iss. 42
Robin’s Newsletter #174
White House ransomware summit attended by over 30 countries. Client-side scanning (such as for CSAM) may undermine democracy. Don't view-source on Missouri state websites
Vol. 4, Iss. 40
Robin’s Newsletter #172
Azure AD wasn't logging all failed SSO requests. Ransomware crew gets pissy. 'Monoculture' cyber risk.
September 2021
September 2021
Vol. 4, Iss. 39
Robin’s Newsletter #171
'Releasing the hounds' on ranomware actors, though FBI involvement in Kaseya shows offnseive operations may already be underway.
July 2021
July 2021
Vol. 4, Iss. 28
Robin’s Newsletter #160
More on Kaseya. The PrintNightmare continues. Farmers win 'right to repair' and Kaspersky's not-so-random number generator.
Vol. 4, Iss. 27
Robin’s Newsletter #159
Kaseya VSA used to launch 'over 1,000' ransomware attacks. Security researchers cause PrintNightmare. EU grants UK data protection adequacy decision.
June 2021
June 2021
Vol. 4, Iss. 25
Robin’s Newsletter #157 — 3rd Birthday Edition 🥳
Suspected Cl0p members arrested. Ransomware is an 'urgent' threat to U.K. Balancing cyber supply and demand. And, Dear Intern...
Vol. 4, Iss. 24
Robin’s Newsletter #156
EA games source code stolen. Apple's news privacy and security features. The FBI ran An0m encrypted comms app. Ransomware thinking.
Vol. 4, Iss. 23
Robin’s Newsletter #155
The U.S. continues beef with Russian ransomware gangs. Colonial Pipeline was result of compromised creds. FireEye to divest name, products business.
May 2021
May 2021
Vol. 4, Iss. 21
Robin’s Newsletter #153
Lots of ransomware: Ireland's HSE will not pay. Colonial coughed up $4.4M'. But there are Technology Detection Dogs. And they're very good dogs!
Vol. 4, Iss. 20
Robin’s Newsletter #152
All the stats: it's DBIR time. Colonial Pipeline paid ransom, restored service and DarkSide disappeared. Being better at security engagement.
Vol. 4, Iss. 19
Robin’s Newsletter #151
Responsible cyber power. Colonial Pipline shut down due to ransomware. Injecting malware C2 into legitimate traffic. Authentication using a severed thumb.
Vol. 4, Iss. 18
Robin’s Newsletter #150
Babuk ransomware operators demand $50M from DC police. BoJo's phone number available online. Emotet deactivated. And, burrowing beavers.
April 2021
April 2021
Vol. 4, Iss. 17
Robin’s Newsletter #149
Ransomware in Apple's supply chain. Facebook seeks to 'normalise' scraping. The balkanisation of the Internet has intelligence agencies worried. Cellebrite's iPhone unlocking system is full of vulnerabilities.
Vol. 4, Iss. 16
Robin’s Newsletter #148
FBI gets a warrant to fix Hafnium web shells, becomes an MSSP. Sanctions for Russia over SolarWinds. Plus you cheddar believe there are some cheese puns.
Vol. 4, Iss. 14
Robin’s Newsletter #146
The long-tail of ransomware recovery. PHP source code compromise. Exploiting 'safe' file formats. Risk margins and early risk management decisions.
March 2021
March 2021
Vol. 4, Iss. 13
Robin’s Newsletter #145
FatFace IR comms 'confidential' while loosing 200GB data. Cyber insurer CNA may have been targeted for policy info. OSINT on the Ever Given.
February 2021
February 2021
Vol. 4, Iss. 6
Robin’s Newsletter #138
SolarWinds caught up in second campaign against U.S. gov tied to China. Plus an interview with a ransomware operator and Canada declares Clearview AI is 'illegal'.
November 2020
November 2020
Vol. 3, Iss. 45
Robin’s Newsletter #125
Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.
October 2020
October 2020
Vol. 3, Iss. 43
Robin’s Newsletter #123
DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.
Vol. 3, Iss. 41
Robin’s Newsletter #121
Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.
Vol. 3, Iss. 40
Robin’s Newsletter #120
US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.
September 2020
September 2020
Vol. 3, Iss. 38
Robin’s Newsletter #118
Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(
August 2020
August 2020
Vol. 3, Iss. 35
Robin’s Newsletter #115
Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.
Vol. 3, Iss. 31
Robin’s Newsletter #111
Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.
July 2020
July 2020
Vol. 3, Iss. 30
Robin’s Newsletter #110
Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.
June 2020
June 2020
Vol. 3, Iss. 23
Robins Newsletter #103
REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.
May 2020
May 2020
Vol. 3, Iss. 20
Robins Newsletter #100
Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers
Vol. 3, Iss. 19
Robins Newsletter #99
Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems
Vol. 3, Iss. 18
Robins Newsletter #98
Mobile device management as a vector, turning antivirus against itself and ransomware's long game
April 2020
April 2020
Vol. 3, Iss. 5
Robin’s Newsletter #85
Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.