Addressing two major items from the weekly reporting period, our Threat and Risk Analysis Cell honed in on a few primary areas of concern in this week’s Threat Dashboard. Continuing a focus from 
this week’s blog post (Hipara. Ransomware, Solved), our team received the generous input of Brett Cunningham, Founder and Lead Developer of Hipara, to address the menace of ransomware. Additionally, following the tragic attack at Ohio State, we briefly address hostile events and organizational preparedness. We explore both matters in this week’s Torpedo Report.
After addressing some background on ransomware (and recent data breaches), we note that the “first ransomware is believed to be the AIDS Trojan from 1989 in which infected diskettes were distributed to participants at the International AIDS Conference. Since 2005, there have been over 7,600 known infections, a number greater than the number of data breaches over the same time. Ransomware is not going away and has been adapted to Mac OSX, Linux and mobile devices. So far in 2016, the number of ransomware attacks have already increased four times over last year. In fact, ransomware now makes up 97% of all phishing emails… The threat will continue to change as it is employed in new directions, attacking additional communities and critical infrastructure, especially as attackers realize the monetary value certain targets represent and the potential disruptions they can cause. The Healthcare industry continues to be (and will likely remain) a prime target, but it is not the only target. Over the Thanksgiving weekend, ransomware targeted the San Francisco subway 
system leading the transit provider to allow free fare for passengers. This attack was opportunistic. The attacker found themselves on the transit provider’s systems, including the provider’s payment processing systems and payroll systems. Realizing this, the attacker focused on the crippling potential and put pressure on the transit provider to pay a ransom of $73,000 USD. With high confidence, we expect that attackers will continue to shape ransomware to target a variety of entities, and much like the healthcare industry, we should expect critical infrastructure systems and controls to be high on the target list.” The team provides seven preparedness and operational considerations for organizations to give thought to.
Addressing the low-tech terrorism attack at Ohio State, we look back to some recent guidance we’ve provided for understanding the threat environment. We also note that our team is updating our Hostile Events Preparedness Series and integrating in some awesome capabilities from trusted partners to be able to provide a complete preparedness solution. A short note can be read here and more information on that will be forthcoming on our website.
The complete Torpedo Report includes additional background and analysis as well as some preparedness and operational ideas for leaders to consider. This week’s reports and previous releases can be linked to from the “Reports” tab of this website. 
To help leaders maintain active threat situational awareness, we distribute our (free!) daily paper and the above mentioned weekly products. Our team hopes they can help you achieve a sound background as you assess your organizational risks and then apply a threat-informed, risk-based and prioritized approach to preparedness and operations. If you’re not already signed-up, subscribe to our free products and receive them directly! Free reports include our daily paper, the Gate 15 SUN, with additional detail, focus and analysis in the weekly Threat Dashboard and Torpedo Report.
Follow our Gate 15 team on Twitter: @Gate_15_Analyst, subscribe to our free products and find us on LinkedIn (and check out our brand new Gate 15 page on LinkedIn – we’d love to have you “follow” us there!).
