ransomware
3 articles with this tag
What is ransomware? How it works, how it gets in, and how to avoid paying
Ransomware is malware that encrypts your files and demands payment to get them back. Modern attacks add double extortion — they steal data first and threaten to leak it, so decryption alone doesn't stop the breach. Main entry routes: phishing, weak/no-MFA VPN/RDP, and unpatched internet-facing flaws. The single most important defense is offline/immutable backups plus restore tests — being able to recover without paying. Also close the entry (MFA, patching) and limit blast radius (least privilege, segmentation).
Backup essentials: the 3-2-1 rule and a recovery plan that survives ransomware
'I have a backup' isn't enough — only a backup you've verified you can restore is real. The basics: the 3-2-1 rule (three copies, two media types, one offsite). For ransomware you also need at least one 'offline or immutable' copy — an always-connected backup gets encrypted along with the original. Cloud sync is not a backup (it replicates deletions and encryption too). Versioning and a periodic restore test complete the practice.
MOVEit mass breach (2023) — how a SQL injection zero-day reached 2,700+ orgs, and how to defend
The entry was a SQL injection zero-day (CVE-2023-34362) in the internet-facing MOVEit Transfer. A web shell (LEMURLOOT) was planted and data was bulk-stolen from the backing database, hitting 2,700+ orgs and ~93.3M people. Most victims were pulled in indirectly because a vendor used MOVEit. In your environment: KEV fast-patching, minimize exposure, web↔DB least privilege and segmentation, vendor inventory and data minimization.