The Coalfire Blog

Welcome to the Coalfire Blog, a resource covering the most important issues in IT security and compliance. You'll also find information on Coalfire's insights into the unique cybersecurity issues that impact the industries we serve, including Cloud Service Providers, RetailFinancial Services, Healthcare, Higher Education, Payments, Government, Restaurants, and Utilities.

The Coalfire blog is written by the company's leadership team and our highly-credentialed security assessment experts. We look forward to your comments, so please join the conversation.


  • Petya/NotPetya: What It Is, and What You Can Do Right Now

    June 27, 2017, Mike Weber, Vice President, Coalfire Labs

    Just when we thought there were no more tears left in the wake of WannaCry, it’s time to pull out the tissues yet again for the latest global cyber incident: introducing “NotPetya,” the most recent ransomware variant to creep across continents and affect companies across many industries. Please read on for helpful information on how to prevent a NotPetya attack, as well as minimize propagation across the network.

    Read more
  • Ransomware: the anatomy of paying a ransom to decrypt hostage files

    May 25, 2017, Bryce Bearchell, Security Consultant

    Ransomware is on the rise and clients seeking to understand the process can learn from this client’s story about being a victim of ransomware as to what can be expected and how to handle a ransomware attack. Recently a company facing a malware infection approached us to help them deal with the encryption of most of their servers across their domain. This also included systems that held online backups - and there was no offline backup solution (that’s a topic for a whole different blog post). The company had discovered a ransom note on their affected systems, along with data files that had been deleted and new files created in the format of <original_filename>.whereisyourfile that appeared to be encrypted.

    Read more
  • Information and guidance for dealing with WannaCry

    May 15, 2017, Mark Lucas, Vice President, Chief Information Security Officer, Coalfire

    Coalfire continues to closely monitor the WannaCry ransomware attack.  Much has been written over the past few days about the attack.  For those of you who may not have had time to review in detail and assess appropriate actions for your organization, we wanted to provide summary information.  

    Read more
  • Ransomware Response: To Pay or Not to pay

    April 17, 2017, Doug Hudson, Senior Director, Cyber Risk Advisory, Coalfire

    Recently, I was speaking with a CISO friend of mine and he mentioned that his company suffered a breach.  I asked if it was a ransomware attack, and sadly, that was the case.  Malware had infected nearly every connected computer.  Clearly there was a breakdown in protective controls,  but I’ll get to that in another post.  Digging deeper, I inquired if the amount was under $2,000.  Another “yes”. Reported to the FBI….” yes” again!

    Read more
  • What does the FBI have to say about ransomware

    October 03, 2016, Tom Glaser, Healthcare Solutions Architect, Coalfire

    The FBI provided guidance on ransomware at a recent FBI/US Secret Service/ISAC event.  They defined ransomware as a type of malware that is commonly transmitted through malicious email, which is disguised to look normal.  Once the email link has been clicked on, or an email attachment has been opened, the malware installs on the computer.  After installation is completed, files on the computer become locked using encryption and cannot be opened without the key.  A ransom message is then displayed with information on how to pay the ransom.

    Read more

Recent Posts

Post Topics

Archives

RSS Feed

The Coalfire BlogSubscribe to Feed
Chrome users will need to install RSS Subscription Extension (by Google)

Tags