Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Special Features

Malware Month

Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight

On the plus side, infosec's a good bet for a long, stable career

Iain Thomson Wed 8 May 2024  //  07:31 UTC

Interview This year is an unfortunate anniversary for information security: We're told it's a decade since ransomware started infecting corporations.

Extortionists had been hitting normal folk in the early 2010s with file-scrambling malware. Eventually criminals figured out that there was much more money to be made hitting business networks and demanding big bucks. Since then, attacks have soared, show no sign of letting up, and the computer security industry still hasn't found a full and final fix.

Mikko Hyppönen, chief research officer at WithSecure and all-round infosec industry veteran, will give a keynote talk at the RSA Conference in San Francisco today on just this topic – and he's not optimistic. Growth in both the number of attacks and the value of Bitcoin has created criminal unicorns with net worth in the billions, as he explains in the video below.

He argued that while certain sectors such as government and healthcare are certainly attractive to extortionists, these criminals will go for the lowest-hanging fruit, meaning poorly secured IT environments are just as tempting. And it's increasingly hard for victims not to pay up when they see their stolen corporate data leaking online.

There is one bright light on the horizon, for security folks at least: If you work in the industry, and you're good at it, then it looks like you've got a job for life. ®
Send us news
24 Comments

Cicada ransomware may be a BlackCat/ALPHV rebrand and upgrade

Researchers find many similarities, and nasty new customizations such as embedded compromised user credentials

Ransomware batters critical industries, but takedowns hint at relief

Whether attack slowdown continues downward trend is the million dollar question that security researchers can't answer

Alleged Karakut ransomware scumbag charged in US

Plus: Microsoft issues workaround for dual-boot crashes; ARRL cops to ransom payment, and more

RansomHub hits 210 victims in just 6 months

The ransomware gang recruits high-profile affiliates from LockBit and ALPHV

Brain Cipher claims attack on Olympic venue, promises 300 GB data leak

French police reckon financial system targeted during Summer Games

RansomHub-linked EDR-killing malware spotted in the wild

Also: Your external-facing NetSuite sites need a review; five popular malware varieties for Q2, and more

Six ransomware gangs behind over 50% of 2024 attacks

Plus many more newbies waiting in the wings

Feds bust minor league Radar/Dispossessor ransomware gang

The takedown may be small but any ransomware gang sent to the shops is good news in our book

US accuses man of being 'elite' ransomware pioneer they've hunted for years

Authorities allege 'J.P. Morgan' practiced ‘extreme operational and online security’

Enzo Biochem ordered to cough up $4.5 million over lousy security that led to ransomware disaster

Three state attorneys general probed the company and found plenty to chastise

DEF CON Franklin project enlists hackers to harden critical infrastructure

Voting village reports have been so successful, says Jeff Moss, that the whole of DEF CON will now be included

Ransomware groups are better at web app security than you, says researcher

Could we please start taking this seriously?