5 min
Ransomware
The Ransomware Killchain
How does a machine go from one that's working perfectly fine to one that's inoperable due to ransomware? This post takes a close look.
8 min
Ransomware
The Rise of Disruptive Ransomware Attacks: A Call To Action
Ransomware attacks are on the rise. In this post, we examine the dynamics of this trend and where it might be headed.
4 min
Threat Intel
What It Was Like to Attend Black Hat USA 2021 and DEF CON 29 in Person
I attended Black Hat USA 2021 and DEF CON 29, marking the fifth time that I made this annual pilgrimage to Las Vegas for cybersecurity professionals.
8 min
Ransomware
Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever
Ransomware remains a significant problem, partly because the incentives for everyone, including victims, are there to increase the number of ransomware attacks.
7 min
Ransomware
The Ransomware Task Force: A New Approach to Fighting Ransomware
The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.
3 min
Ransomware
Decrypter FOMO No Mo’: Five Years of the No More Ransom Project
The amazing No More Ransom Project celebrates its fifth anniversary today and so we just wanted to take a moment to talk about what it has accomplished and why you should tell all your friends about it.
3 min
Research
PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs
Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks.
3 min
Ransomware
Ransomware Payments and Sanctions - U.S. Treasury Advisory
The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery.
3 min
COVID-19
The Healthcare Security Pro's Guide to Ransomware Attacks
In this blog, we discuss the best practices to defend against ransomware attacks in the healthcare industry.
5 min
Ransomware
WannaCry, Two Years On: Current Threat Landscape
In this blog, we take a look at the current attacker landscape related to EternalBlue and ransomware, along with some lessons that have not been learned since WannaCry.
2 min
Vulnerability Management
What WannaCry Taught Me About the Benefits of Agents in VM Programs
In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.
4 min
Ransomware
Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010
A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day,
affecting organizations in several European countries and the US. It is believed
that the ransomworm may achieve its initial infection via a malicious document
attached to a phishing email, and that it then leverages the EternalBlue
[https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue]and
DoublePulsar [https://www.rapid7.com/security-response/doublepulsar/]exploits to
spread laterally. Once in
4 min
Microsoft
Petya-like Ransomware Explained
TL;DR summary (7:40 PM EDT June 28): A major ransomware attack started in
Ukraine yesterday and has spread around the world. The ransomware, which was
initially thought to be a modified Petya variant, encrypts files on infected
machines and uses multiple mechanisms to both gain entry to target networks and
to spread laterally. Several research teams are reporting that once victims'
disks are encrypted, they cannot be decrypted
[https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware
4 min
Ransomware
Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose
*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available
in Metasploit for testing your compensating controls and validating
remediations. More info: EternalBlue: Metasploit Module for MS17-010
[/2017/05/20/metasploit-the-power-of-the-community-and-eternalblue]. Also
removed steps 5 and 6 from scan instructions as they were not strictly necessary
and causing issues for some customers.
*Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts
that ar
6 min
Ransomware
WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them (Port 445 Exploit)
WannaCry Overview
Last week the WannaCry ransomware worm, also known as Wanna Decryptor, Wanna
Decryptor 2.0, WNCRY, and WannaCrypt started spreading around the world, holding
computers for ransom at hospitals, government offices, and businesses. To recap:
WannaCry exploits a vulnerability in the Windows Server Message Block (SMB) file
sharing protocol. It spreads to unpatched devices directly connected to the
internet and, once inside an organization, those machines and devices behind the
firew