Ransomware: In the Healthcare Sector


It is hard to ignore the recent increase in reporting of hospitals victimized by ransomware. Ransomware has become such an issue that the MS-ISAC, along with our partners at the National Health Information Sharing and Analysis Center (NH-ISAC) and Financial Services Information Sharing and Analysis Center (FS-ISAC), teamed up to host trainings around the country on how to defend against it.

This entry was posted in ransomware on October 10, 2016 by MS-ISAC

Ransomware: Facts, Threats, and Countermeasures

By: Stacey Wright (Intel Program Manager) & Ben Spear (Senior Cyber Intelligence Analyst)


Ransomware is a type of malware that has become a significant threat to U.S. businesses and individuals during the past year. General ransomware incidents surged in 2016 and continue to infect victims with overwhelming success. Most of the current ransomware variants encrypt files on the infected system/network (crypto ransomware), although a few variants are known to erase files or block access to the system using other methods (locker ransomware). Once access to the system is blocked, the ransomware demands a ransom in order to unlock the files, frequently $200 - $1000 in bitcoins, though other currencies, gift cards, and ransoms of several thousand dollars are occasionally reported. Ransomware variants almost always opportunistically target business and home users, infecting an array of devices from computers to smartphones.

Victims are at risk of losing their files, but may also experience financial loss due to paying the ransom, lost productivity, IT costs, legal fees, network modifications, and/or the purchase of credit monitoring services for employees/customers.

This entry was posted in ransomware, MS-ISAC on August 17, 2016 by Kimberly K

Malware Analysis Report: Numecod Ransomware

By: NYC DoITT SOC & Richard Vargas, CIS SOC Analyst


Nemucod is a Trojan that downloads potentially malicious files to an infected computer. According to Symantec, Nemucod was first discovered in December of 2015 and was associated with downloading malware including Teslacrypt, a variant of ransomware.

This entry was posted in Threats & Vulnerabilities, ransomware on July 25, 2016 by Kimberly K

2016: The Year of Ransomware

By: Katelyn Bailey

Since the beginning of 2015, ransomware infections have been on an upward climb, with no foreseeable slowdown. March, April, and May each broke the record set by the previous month for the highest number of ransomware notifications ever issued by the MS-ISAC, based on our state, local, tribal, and territorial (SLTT) government monitoring. We attribute this continued growth in 2016 to the new-found popularity of ransomware as a money-making enterprise and the strength of the distribution campaigns, as well as ever diversifying tactics, techniques, and procedures (TTPs) by cyber threat actors.

This entry was posted in Threats & Vulnerabilities, ransomware on June 30, 2016 by Kimberly K

CryptoWall 3.0

Kevin Moran, MS-ISAC NCCIC Partner Liaison

This entry was posted in Threats & Vulnerabilities, Malware Analysis, ransomware, threats, CryptoWall, Cyber security on February 23, 2015 by Amanda B


Written by:  Matthew Stephen, Computer Emergency Response Team (CERT) Analyst

This entry was posted in Threats & Vulnerabilities, ransomware, RIG exploit kit, CryptoWall on June 10, 2014 by Chad R

Cyber Alert - Cryptolocker Indicators

Written by Adnan BaykalDirector of CIS Computer Emergency Response Team (CERT)

This entry was posted in Threats & Vulnerabilities, ransomware, CryptoLocker malware on October 31, 2013 by kwolfner