Ransomware

May 2022

May 2022


Vol. 5, Iss. 20
Robin’s Newsletter #204
Vol. 5, Iss. 20

Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.


Vol. 5, Iss. 18
Robin’s Newsletter #202
Vol. 5, Iss. 18

Conti ransomware gang targets Costa Rica following election. Timeline of Russian cyberatacks against Ukraine. Facebook doesn't know where your data flows.

March 2022

March 2022


Vol. 5, Iss. 13
Robin’s Newsletter #197
Vol. 5, Iss. 13

The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.


Vol. 5, Iss. 12
Robin’s Newsletter #196
Vol. 5, Iss. 12

Russia/Ukraine roundup. Mysterious incident affecting satcom terminals. Ransomware group adds wiper capability. Law firm gets GDPR fine for not patching.

February 2022

February 2022


Vol. 5, Iss. 7
Robin’s Newsletter #191
Vol. 5, Iss. 7

Slovenian TV disruption. 500 ecommerce sites compromised by MageCart. 2021 was a bumper year for cyber M&A.

January 2022

January 2022


Vol. 5, Iss. 5
Robin’s Newsletter #189
Vol. 5, Iss. 5

Activists ransomware Belarus' state-woned railway company. New UK cyber strategy for government. Let's Encrypt re-issuing 2M certs.


Vol. 5, Iss. 3
Robin’s Newsletter #187
Vol. 5, Iss. 3

Russian authorities scoop up members of REvil. Google Analytics and GDPR. Using a cyberattack to accelerate dgitial transformation.


Vol. 5, Iss. 2
Robin’s Newsletter #186
Vol. 5, Iss. 2

Potential FTC legal action over Log4shell. Phishing using Google Docs. New UK Information Commissioner. Reframing cybersecurity.

October 2021

October 2021


Vol. 4, Iss. 43
Robin’s Newsletter #175
Vol. 4, Iss. 43

US bans sales of offensive cyber tools to authoritarian governments. REvil taken offline in multi-national operation. The MoD's economic warefare unit.


Vol. 4, Iss. 42
Robin’s Newsletter #174
Vol. 4, Iss. 42

White House ransomware summit attended by over 30 countries. Client-side scanning (such as for CSAM) may undermine democracy. Don't view-source on Missouri state websites


Vol. 4, Iss. 40
Robin’s Newsletter #172
Vol. 4, Iss. 40

Azure AD wasn't logging all failed SSO requests. Ransomware crew gets pissy. 'Monoculture' cyber risk.

September 2021

September 2021


Vol. 4, Iss. 39
Robin’s Newsletter #171
Vol. 4, Iss. 39

'Releasing the hounds' on ranomware actors, though FBI involvement in Kaseya shows offnseive operations may already be underway.

July 2021

July 2021


Vol. 4, Iss. 28
Robin’s Newsletter #160
Vol. 4, Iss. 28

More on Kaseya. The PrintNightmare continues. Farmers win 'right to repair' and Kaspersky's not-so-random number generator.


Vol. 4, Iss. 27
Robin’s Newsletter #159
Vol. 4, Iss. 27

Kaseya VSA used to launch 'over 1,000' ransomware attacks. Security researchers cause PrintNightmare. EU grants UK data protection adequacy decision.

June 2021

June 2021


Vol. 4, Iss. 25
Robin’s Newsletter #157 — 3rd Birthday Edition 🥳
Vol. 4, Iss. 25

Suspected Cl0p members arrested. Ransomware is an 'urgent' threat to U.K. Balancing cyber supply and demand. And, Dear Intern...


Vol. 4, Iss. 24
Robin’s Newsletter #156
Vol. 4, Iss. 24

EA games source code stolen. Apple's news privacy and security features. The FBI ran An0m encrypted comms app. Ransomware thinking.


Vol. 4, Iss. 23
Robin’s Newsletter #155
Vol. 4, Iss. 23

The U.S. continues beef with Russian ransomware gangs. Colonial Pipeline was result of compromised creds. FireEye to divest name, products business.

May 2021

May 2021


Vol. 4, Iss. 21
Robin’s Newsletter #153
Vol. 4, Iss. 21

Lots of ransomware: Ireland's HSE will not pay. Colonial coughed up $4.4M'. But there are Technology Detection Dogs. And they're very good dogs!


Vol. 4, Iss. 20
Robin’s Newsletter #152
Vol. 4, Iss. 20

All the stats: it's DBIR time. Colonial Pipeline paid ransom, restored service and DarkSide disappeared. Being better at security engagement.


Vol. 4, Iss. 19
Robin’s Newsletter #151
Vol. 4, Iss. 19

Responsible cyber power. Colonial Pipline shut down due to ransomware. Injecting malware C2 into legitimate traffic. Authentication using a severed thumb.


Vol. 4, Iss. 18
Robin’s Newsletter #150
Vol. 4, Iss. 18

Babuk ransomware operators demand $50M from DC police. BoJo's phone number available online. Emotet deactivated. And, burrowing beavers.

April 2021

April 2021


Vol. 4, Iss. 17
Robin’s Newsletter #149
Vol. 4, Iss. 17

Ransomware in Apple's supply chain. Facebook seeks to 'normalise' scraping. The balkanisation of the Internet has intelligence agencies worried. Cellebrite's iPhone unlocking system is full of vulnerabilities.


Vol. 4, Iss. 16
Robin’s Newsletter #148
Vol. 4, Iss. 16

FBI gets a warrant to fix Hafnium web shells, becomes an MSSP. Sanctions for Russia over SolarWinds. Plus you cheddar believe there are some cheese puns.


Vol. 4, Iss. 14
Robin’s Newsletter #146
Vol. 4, Iss. 14

The long-tail of ransomware recovery. PHP source code compromise. Exploiting 'safe' file formats. Risk margins and early risk management decisions.

March 2021

March 2021


Vol. 4, Iss. 13
Robin’s Newsletter #145
Vol. 4, Iss. 13

FatFace IR comms 'confidential' while loosing 200GB data. Cyber insurer CNA may have been targeted for policy info. OSINT on the Ever Given.

February 2021

February 2021


Vol. 4, Iss. 6
Robin’s Newsletter #138
Vol. 4, Iss. 6

SolarWinds caught up in second campaign against U.S. gov tied to China. Plus an interview with a ransomware operator and Canada declares Clearview AI is 'illegal'.

November 2020

November 2020


Vol. 3, Iss. 45
Robin’s Newsletter #125
Vol. 3, Iss. 45

Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.

October 2020

October 2020


Vol. 3, Iss. 43
Robin’s Newsletter #123
Vol. 3, Iss. 43

DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.


Vol. 3, Iss. 41
Robin’s Newsletter #121
Vol. 3, Iss. 41

Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.


Vol. 3, Iss. 40
Robin’s Newsletter #120
Vol. 3, Iss. 40

US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.

September 2020

September 2020


Vol. 3, Iss. 38
Robin’s Newsletter #118
Vol. 3, Iss. 38

Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(

August 2020

August 2020


Vol. 3, Iss. 35
Robin’s Newsletter #115
Vol. 3, Iss. 35

Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.


Vol. 3, Iss. 31
Robin’s Newsletter #111
Vol. 3, Iss. 31

Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.

July 2020

July 2020


Vol. 3, Iss. 30
Robin’s Newsletter #110
Vol. 3, Iss. 30

Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.

June 2020

June 2020


Vol. 3, Iss. 23
Robins Newsletter #103
Vol. 3, Iss. 23

REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.

May 2020

May 2020


Vol. 3, Iss. 20
Robins Newsletter #100
Vol. 3, Iss. 20

Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers


Vol. 3, Iss. 19
Robins Newsletter #99
Vol. 3, Iss. 19

Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems


Vol. 3, Iss. 18
Robins Newsletter #98
Vol. 3, Iss. 18

Mobile device management as a vector, turning antivirus against itself and ransomware's long game

April 2020

April 2020


Vol. 3, Iss. 5
Robin’s Newsletter #85
Vol. 3, Iss. 5

Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.