“HR management platform Kronos has been hit with a ransomware attack, revealing that information from many of its high-profile customers may have been accessed.  UKG, Kronos’ parent company, said the vital service will be out for “several weeks” and urged customers to “evaluate and implement alternative business continuity protocols related to the affected UKG solutions.”

“A new ransomware reporting bill introduced to the House of Representatives proposes putting new requirements on financial institutions, some of which are likely to be controversial.  The lead item is that any payment of over $100,000 would require the victim to first obtain special permission from the US Treasury.”

“The volume of suspected ransomware payments flagged by U.S. banks has surged this year, on pace to nearly double last year’s, the Treasury Department said Friday, highlighting the scale of a problem that governments across the world have described as a critical national security threat. Nearly $600 million in transactions were linked to possible ransomware payments in so-called Suspicious Activity Reports financial services firms filed to the U.S. government in the first six months of this year, according to a Treasury Department report. That is more than 40% more than the total for all of 2020.”

“The average ransom paid by victim organisations has increased by 82% since 2020 to a record  $570,000, as cyber criminals intensify their ransomware efforts with increasingly aggressive tactics, according to data from Palo Alto Networks Unit 42 security consulting group. Unit 42 also found that the average ransom demand increased by 518% from the 2020 average of $847,000, to $5.3m, in the first half of 2021.”

“Amazon , Google and Microsoft are among several tech companies that have agreed to join a government effort to fight ransomware as cyber attacks have become regular threats to U.S. organizations. The Department of Homeland Security’s new Joint Cyber Defense Collaborative (JCDC) will coordinate national cyber defense planning across agencies and with the private sector, according to prepared remarks from Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly at Thursday’s Black Hat cybersecurity conference.”

“Congress should not attempt to address the threat of ransomware by making ransom payments to cybercriminals illegal, a top FBI official told US lawmakers Tuesday. Banning ransom payments could inadvertently create opportunities for further extortion by ransomware gangs, said Bryan Vorndran, assistant director of the FBI’s cyber division.”

“The State Department will offer rewards up to $10 million for information leading to the identification of anyone engaged in foreign state-sanctioned malicious cyber activity, including ransomware attacks , against critical U.S. infrastructure. A task force set up by the White House will coordinate efforts to stem the ransomware scourge. The Biden administration is also out with a website, stopransomware.gov , that offers the public resources for countering the threat and building more resilience into networks, a senior administration official told reporters.”

“Jack Cable, a security architect at Krebs Stamos Group who previously worked for the U.S. Cybersecurity and Infrastructure Agency (CISA), is looking to solve that problem with the launch of a crowdsourced ransom payments tracking website, Ransomwhere …The website keeps a running tally of ransoms paid out to cybercriminals in bitcoin, made possible thanks to the public record-keeping of transactions on the blockchain. As the site is crowdsourced, it incorporates data from self-reported incidents of ransomware attacks, which anyone can submit.”

“Enterprise tech firm Kaseya has confirmed that around than 1,500 businesses were impacted as a result of an attack on its remote device management software, which was used to spread ransomware.  It appears that the attackers carried out a supply chain ransomware attack by leveraging a vulnerability in Kaseya’s VSA software against multiple managed service providers (MSP) – and their customers.”

“If your business falls victim to ransomware and you want simple advice on whether to pay the criminals, don’t expect much help from the U.S. government. The answer is apt to be: It depends. “It is the position of the U.S. government that we strongly discourage the payment of ransoms,” Eric Goldstein, a top cybersecurity official in the Department of Homeland Security, told a congressional hearing last week. But paying carries no penalties and refusing would be almost suicidal for many companies, especially the small and medium-sized. Too many are unprepared. The consequences could also be dire for the nation itself. Recent high-profile extortive attacks led to runs on East Coast gas stations and threatened meat supplies .”

“As ransomware attacks surge, the FBI is doubling down on its guidance to affected businesses: Don’t pay the cybercriminals. But the U.S. government also offers a little-noticed incentive for those who do pay: The ransoms may be tax deductible. The IRS offers no formal guidance on ransomware payments, but multiple tax experts interviewed by The Associated Press said deductions are usually allowed under law and established guidance. It’s a “silver lining” to ransomware victims, as some tax lawyers and accountants put it. But those looking to discourage payments are less sanguine. They fear the deduction is a potentially problematic incentive that could entice businesses to pay ransoms against the advice of law enforcement. At a minimum, they say, the deductibility sends a discordant message to businesses under duress.”

“The Justice Department has formed a task force to curtail the proliferation of ransomware cyberattacks, in a bid to make the popular extortion schemes less lucrative by targeting the entire digital ecosystem that supports them. In an internal memorandum issued this week, Acting Deputy Attorney General John Carlin said ransomware poses not just an economic threat to businesses but “jeopardizes the safety and health of Americans.” By identifying ransomware as a priority, the task force will increase training and dedicate more resources to the issue, seek to improve intelligence sharing across the department, and work to identify “links between criminal actors and nation-states,” according to the memorandum.”

“Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.”

“Ransomware attacks have been accelerating during the pandemic, as cybercriminals take advantage of the security vulnerabilities and disruption caused by the massive movement toward working from home and they find ransomware increasingly profitable. According to a report published Tuesday by the security company Arctic Wolf, the banking sector saw a 520% increase in phishing and ransomware attacks between March and June of this year. Arctic Wolf has 250 bank and credit union customers.”

“Companies that assist victims of ransomware attacks in making payments to criminal hackers could face penalties, according to a new advisory from the U.S. Department of the Treasury.    The civil penalties would apply to those who assist in making ransom payments on behalf of victim companies or governments hacked by criminal groups that have been sanctioned by the Treasury Department. The new advisory, from the department’s Office of Foreign Assets Control, could fundamentally change the calculus for companies — and their advisers — after they’ve been infected with ransomware.”

“For the past weeks, a criminal gang has launched DDoS attacks against some of the world’s biggest financial service providers and demanded Bitcoin payments as extortion fees to stop their attacks. Just this week, the group has attacked YesBank India, Worldpay , PayPal , Braintree , and Venmo , a source involved in the DDoS mitigation field has told ZDNet. The New Zealand stock exchange (NZX), which halted trading for the third day in a row today, is also one of the group’s victims.”

“Business-to-business payments provider Billtrust is still recovering from a ransomware attack that began last week.  The company said it is in the final stages of bringing all of its systems back online from backups.”

““Our insurance company made [the decision] for us,” city spokesman Michael Lee, a sergeant in the Lake City Police Department, said. “At the end of the day, it really boils down to a business decision on the insurance side of things: them looking at how much is it going to cost to fix it ourselves and how much is it going to cost to pay the ransom.””