It's now a commonplace that ransomware gangs threaten to dox their victims as well as render their data encrypted and inaccessible. A report this week from Microsoft's Microsoft Threat Protection Intelligence Team concludes that even the gangs who don't threaten to steal information are doing it anyway. The data represent another revenue stream. The report also concludes that ransomware attackers don't necessarily leave a victim's networks even after a victim has paid. Instead they'll maintain persistence as long as possible, the better to position themselves for subsequent attacks. Redmond offers a good deal of advice on how an organization could protect itself. Security teams might start by watching for malicious use of penetration-testing tools, signs of credential theft, and tampering with a security event log.
Bogus scareware threats have been around for years. These usually tell users that some law enforcement organization (usually the FBI) has found the users to be up to no good, and that the users must pay a fine to avoid further trouble. The scare is usually delivered by email or displayed in a browser. But CyberScoop says there's a new wrinkle: ransomware is encrypting Android devices and delivering a note impersonating the FBI that offers decryption once the fine is paid. Most of the victims have been in Eastern Europe, and the ransomware itself has been traded in Russian-speaking criminal markets. Needless to say, the Bureau doesn't collect fines this way.
The Verdict publishes advice on how Huawei can be excluded from core British infrastructure.