Ransomware

September 2023

September 2023


Vol. 6, Iss. 38
Robin’s Newsletter #274
Vol. 6, Iss. 38

Ransomware groups target Save the Children, and Las Vegas casinos, and the Sri Lankan government.

August 2023

August 2023


Vol. 6, Iss. 35
Robin’s Newsletter #271
Vol. 6, Iss. 35

Lapsus$ group pair court verdict. Ransomware dwell times are down. Cloud providers looses all their customers data in ransomware incident.

July 2023

July 2023


Vol. 6, Iss. 27
Robin’s Newsletter #263
Vol. 6, Iss. 27

SEC issues noticed to SolarWinds CFO, CISO. Apple opposed Online Safety Bill. US Supreme Court rejects cyberstalking case.

June 2023

June 2023


Vol. 6, Iss. 26
Robin’s Newsletter #262
Vol. 6, Iss. 26

More organisations caught up in MOVEit. Alphv/BlackCat has been all up in a lot of business. PlugWalkJoe gets 5-year sentence for Twitter crypto scam.


Vol. 6, Iss. 25
Robin’s Newsletter #261
Vol. 6, Iss. 25

More MOVEit victims and a $10 million bounty on Clop. Fortinet VPN vulnerability. A couple of cool side-channel techniques.


Vol. 6, Iss. 24
Robin’s Newsletter #260
Vol. 6, Iss. 24

Clop ransomware beaches MOVEit file transfer systems. Barracuda urges rip-and-replace of their email security gateways. Snowden leaks, ten years on.

May 2023

May 2023


Vol. 6, Iss. 21
Robin’s Newsletter #257
Vol. 6, Iss. 21

Montana bans TikTok. Ransomware as activitsm. Fallout from Capita breaches escalate.

March 2023

March 2023


Vol. 6, Iss. 13
Robin’s Newsletter #249
Vol. 6, Iss. 13

TikTok bans continue, Russia bans iPhones from Putin’s inner circle, China & Russia set sights on tech sovereignty

February 2023

February 2023


Vol. 6, Iss. 9
Robin’s Newsletter #245
Vol. 6, Iss. 9

USSOCCOM Email server left exposed. Critical vulnerability in another file transfer app. Signal says it would exit UK market.


Vol. 6, Iss. 7
Robin’s Newsletter #243
Vol. 6, Iss. 7

Sanctions for TrickBot as ransomware declared tier 1 national security risk. Hacking ChatGPT with prompt injection attacks. ESXiArgs ransomare spree continues. Dutch police bring down Exclu encrypted phone service.

January 2023

January 2023


Vol. 6, Iss. 5
Robin’s Newsletter #241
Vol. 6, Iss. 5

Hive ransomware infrastructure seized by FBI. The concentration of the illicit crypto-currency market. GoTo confirms customer data stolen during November breach.


Vol. 6, Iss. 4
Robin’s Newsletter #240
Vol. 6, Iss. 4

Ransomware payments fell 40% in 2022. T-Mobile suffers *another* breach; 37 million accounts affected. Credential stuffing attacks against Norton Password Manager, PayPal.


Vol. 6, Iss. 1
Robin’s Newsletter #237 — 2023 Forecast
Vol. 6, Iss. 1

My thoughts on the broad outlook and specific predictions for the world of cyber in 2023.

December 2022

December 2022


Vol. 5, Iss. 49
Robin’s Newsletter #233
Vol. 5, Iss. 49

UK managed security businesses to be regulated. Medibank attackers release data. Anker's Eufy smart camera 'local only' claims disputed.

November 2022

November 2022


Vol. 5, Iss. 47
Robin’s Newsletter #231
Vol. 5, Iss. 47

Crypto-exchange FTX's governance failures. Medibank attackers release stolen mental health data. Majority of UK COBRA meetings are about ransomware.


Vol. 5, Iss. 45
Robin’s Newsletter #229
Vol. 5, Iss. 45

Slovkia's parliamentary business suspended. Mondelez & Zurich settle NotPetya insurance claim. US Treasury says ransomware losses are over $1 billion.

August 2022

August 2022


Vol. 5, Iss. 34
Robin’s Newsletter #218
Vol. 5, Iss. 34

Cl0p ransomware gang mistakes attack on South Staffs Water for Thames Water. DigitalOcean caught up in latest Mailchimp breach. Apple security vulnerabilities.


Vol. 5, Iss. 33
Robin’s Newsletter #217
Vol. 5, Iss. 33

Twilio, Cloudflare & Cisco attacks also targeted employee's personal devices and accounts. NHS 111 outage may last weeks. Sanctions for Tornado Cash.

May 2022

May 2022


Vol. 5, Iss. 20
Robin’s Newsletter #204
Vol. 5, Iss. 20

Costa Rica declares state of emergency over ransomware incidents. Civil penalties proposed for Colonial Pipeline over safety breaches.


Vol. 5, Iss. 18
Robin’s Newsletter #202
Vol. 5, Iss. 18

Conti ransomware gang targets Costa Rica following election. Timeline of Russian cyberatacks against Ukraine. Facebook doesn't know where your data flows.

March 2022

March 2022


Vol. 5, Iss. 13
Robin’s Newsletter #197
Vol. 5, Iss. 13

The rise, and fall?, of Lapsus$ as Okta confirm breach. US CNI cyberattack warning. Build capabilities, not plans for resilience.


Vol. 5, Iss. 12
Robin’s Newsletter #196
Vol. 5, Iss. 12

Russia/Ukraine roundup. Mysterious incident affecting satcom terminals. Ransomware group adds wiper capability. Law firm gets GDPR fine for not patching.

February 2022

February 2022


Vol. 5, Iss. 7
Robin’s Newsletter #191
Vol. 5, Iss. 7

Slovenian TV disruption. 500 ecommerce sites compromised by MageCart. 2021 was a bumper year for cyber M&A.

January 2022

January 2022


Vol. 5, Iss. 5
Robin’s Newsletter #189
Vol. 5, Iss. 5

Activists ransomware Belarus' state-woned railway company. New UK cyber strategy for government. Let's Encrypt re-issuing 2M certs.


Vol. 5, Iss. 3
Robin’s Newsletter #187
Vol. 5, Iss. 3

Russian authorities scoop up members of REvil. Google Analytics and GDPR. Using a cyberattack to accelerate dgitial transformation.


Vol. 5, Iss. 2
Robin’s Newsletter #186
Vol. 5, Iss. 2

Potential FTC legal action over Log4shell. Phishing using Google Docs. New UK Information Commissioner. Reframing cybersecurity.

October 2021

October 2021


Vol. 4, Iss. 43
Robin’s Newsletter #175
Vol. 4, Iss. 43

US bans sales of offensive cyber tools to authoritarian governments. REvil taken offline in multi-national operation. The MoD's economic warefare unit.


Vol. 4, Iss. 42
Robin’s Newsletter #174
Vol. 4, Iss. 42

White House ransomware summit attended by over 30 countries. Client-side scanning (such as for CSAM) may undermine democracy. Don't view-source on Missouri state websites


Vol. 4, Iss. 40
Robin’s Newsletter #172
Vol. 4, Iss. 40

Azure AD wasn't logging all failed SSO requests. Ransomware crew gets pissy. 'Monoculture' cyber risk.

September 2021

September 2021


Vol. 4, Iss. 39
Robin’s Newsletter #171
Vol. 4, Iss. 39

'Releasing the hounds' on ranomware actors, though FBI involvement in Kaseya shows offnseive operations may already be underway.

July 2021

July 2021


Vol. 4, Iss. 28
Robin’s Newsletter #160
Vol. 4, Iss. 28

More on Kaseya. The PrintNightmare continues. Farmers win 'right to repair' and Kaspersky's not-so-random number generator.


Vol. 4, Iss. 27
Robin’s Newsletter #159
Vol. 4, Iss. 27

Kaseya VSA used to launch 'over 1,000' ransomware attacks. Security researchers cause PrintNightmare. EU grants UK data protection adequacy decision.

June 2021

June 2021


Vol. 4, Iss. 25
Robin’s Newsletter #157 — 3rd Birthday Edition 🥳
Vol. 4, Iss. 25

Suspected Cl0p members arrested. Ransomware is an 'urgent' threat to U.K. Balancing cyber supply and demand. And, Dear Intern...


Vol. 4, Iss. 24
Robin’s Newsletter #156
Vol. 4, Iss. 24

EA games source code stolen. Apple's news privacy and security features. The FBI ran An0m encrypted comms app. Ransomware thinking.


Vol. 4, Iss. 23
Robin’s Newsletter #155
Vol. 4, Iss. 23

The U.S. continues beef with Russian ransomware gangs. Colonial Pipeline was result of compromised creds. FireEye to divest name, products business.

May 2021

May 2021


Vol. 4, Iss. 21
Robin’s Newsletter #153
Vol. 4, Iss. 21

Lots of ransomware: Ireland's HSE will not pay. Colonial coughed up $4.4M'. But there are Technology Detection Dogs. And they're very good dogs!


Vol. 4, Iss. 20
Robin’s Newsletter #152
Vol. 4, Iss. 20

All the stats: it's DBIR time. Colonial Pipeline paid ransom, restored service and DarkSide disappeared. Being better at security engagement.


Vol. 4, Iss. 19
Robin’s Newsletter #151
Vol. 4, Iss. 19

Responsible cyber power. Colonial Pipline shut down due to ransomware. Injecting malware C2 into legitimate traffic. Authentication using a severed thumb.


Vol. 4, Iss. 18
Robin’s Newsletter #150
Vol. 4, Iss. 18

Babuk ransomware operators demand $50M from DC police. BoJo's phone number available online. Emotet deactivated. And, burrowing beavers.

April 2021

April 2021


Vol. 4, Iss. 17
Robin’s Newsletter #149
Vol. 4, Iss. 17

Ransomware in Apple's supply chain. Facebook seeks to 'normalise' scraping. The balkanisation of the Internet has intelligence agencies worried. Cellebrite's iPhone unlocking system is full of vulnerabilities.


Vol. 4, Iss. 16
Robin’s Newsletter #148
Vol. 4, Iss. 16

FBI gets a warrant to fix Hafnium web shells, becomes an MSSP. Sanctions for Russia over SolarWinds. Plus you cheddar believe there are some cheese puns.


Vol. 4, Iss. 14
Robin’s Newsletter #146
Vol. 4, Iss. 14

The long-tail of ransomware recovery. PHP source code compromise. Exploiting 'safe' file formats. Risk margins and early risk management decisions.

March 2021

March 2021


Vol. 4, Iss. 13
Robin’s Newsletter #145
Vol. 4, Iss. 13

FatFace IR comms 'confidential' while loosing 200GB data. Cyber insurer CNA may have been targeted for policy info. OSINT on the Ever Given.

February 2021

February 2021


Vol. 4, Iss. 6
Robin’s Newsletter #138
Vol. 4, Iss. 6

SolarWinds caught up in second campaign against U.S. gov tied to China. Plus an interview with a ransomware operator and Canada declares Clearview AI is 'illegal'.

November 2020

November 2020


Vol. 3, Iss. 45
Robin’s Newsletter #125
Vol. 3, Iss. 45

Nothing cyber happened in the US election. Corporate VOIP systems being targeted. Don't pay ransomware gangs to not leak your data.

October 2020

October 2020


Vol. 3, Iss. 43
Robin’s Newsletter #123
Vol. 3, Iss. 43

DOJ charges Fancy Bear, Doubts over Trump's Twitter password, and digital dilemmas for charity donations.


Vol. 3, Iss. 41
Robin’s Newsletter #121
Vol. 3, Iss. 41

Integrity in the UK Test & Trace scheme; ransomware attacks up 50%; a different type of lock-down.


Vol. 3, Iss. 40
Robin’s Newsletter #120
Vol. 3, Iss. 40

US Treasury issues advisory over ransomware payments; Huawei code quality still really bad; and Singapore's consumer security labels.

September 2020

September 2020


Vol. 3, Iss. 38
Robin’s Newsletter #118
Vol. 3, Iss. 38

Domain admin for EVERYONE! APT41/Winnti charged for cyber-espionage and activities against computer games companies. First death leading directly from cyber-attack :-(

August 2020

August 2020


Vol. 3, Iss. 35
Robin’s Newsletter #115
Vol. 3, Iss. 35

Attempted $1M bribe of Tesla employee in ransomware campaign. NZX trading suspended for four days due to DDOS. Supply and demand in security budgets.


Vol. 3, Iss. 31
Robin’s Newsletter #111
Vol. 3, Iss. 31

Ransomware payments encourage more ransomware attacks. EU cyber sanctions. Three charged in Twitter crypto-scam.

July 2020

July 2020


Vol. 3, Iss. 30
Robin’s Newsletter #110
Vol. 3, Iss. 30

Garmin 'ran somewhere.' UK Test & Trace doesn't have a DPIA. Emotet serving up Hackerman memes.

June 2020

June 2020


Vol. 3, Iss. 23
Robins Newsletter #103
Vol. 3, Iss. 23

REvil launch auction site, while Maze and LockBit team up to pool resources, know-how. Plus inside a BEC scam and DROP DATABASE tickets.

May 2020

May 2020


Vol. 3, Iss. 20
Robins Newsletter #100
Vol. 3, Iss. 20

Pricing cyber risk from external data, attack on 'UK electricity system' and mining crypocurrency with supercomputers


Vol. 3, Iss. 19
Robins Newsletter #99
Vol. 3, Iss. 19

Contact tracing apps, password reuse stats, law firm ransomware, and the integrity of systems


Vol. 3, Iss. 18
Robins Newsletter #98
Vol. 3, Iss. 18

Mobile device management as a vector, turning antivirus against itself and ransomware's long game

April 2020

April 2020


Vol. 3, Iss. 5
Robin’s Newsletter #85
Vol. 3, Iss. 5

Jumpshot reminds us security isn't privacy; whopping REvil ransom demands; and keep calm/cary on for DPOs.