"ZFS snapshots as poor man's ransomware recovery"

It holds up. Better than you'd think.

Ransomware hits a server? I roll back to a snapshot taken 10 minutes ago. Immutable, local, instant.

No restore wizard. No cloud latency. No vendor lock-in.

Just:

zfs rollback pool/dataset@safe

Gone. Like it never happened.

You want real ransomware defense?

🧊 Immutable local snapshots

📦 Offsite ZFS send/mirror

🔐 Key-based SSH, no password logins

🎯 Restore script you actually test

ZFS isn’t "enterprise." It’s survival-grade.

#ZFS#Ransomware#DisasterRecovery#Unix#Sysadmin#Infosec#BSD#SnapshotsSaveLives

Finally!

> [UK] Public sector bodies and operators of critical national infrastructure, including the NHS, local councils and schools [are to] be banned from paying ransom demands to criminals

and

> businesses not covered by the ban would be required to notify the government of any intent to pay a ransom

https://www.gov.uk/government/news/uk-to-lead-crackdown-on-cyber-criminals-with-ransomware-measures

#ransomware #cybersecurity #uk

M&S head Archie Norman won’t say if he authorized #DragonForce #ransomware hacker payday.

British shopping titan M&S is still dealing with the mess caused by April’s #ransomware attack. There’s at least three months more work ahead says the firm’s chairman, Archie Norman (pictured).

But there are persistent rumors M&S paid #ScatteredSpider’s ransom demand. In #SBBlogwatch, Norman will neither confirm nor deny.

@TheFuturumGroup @TechstrongGroup @SecurityBlvd: https://securityboulevard.com/2025/07/marks-spencer-archie-norman-ransom-richixbw/

⚠️ IT company Ingram Micro says ransomware targeted internal systems

｢ The company reported $48 billion in sales over the last fiscal year through its position as a connector between organizations and technology manufacturers that provide hardware, software and cloud services. Ingram Micro has more than 50 offices across the Americas, Europe, Asia and the Middle East ｣

#ransomware #cyberattack #cybersecurity
https://therecord.media/ingram-micro-ransomware-attack

Ingram Micro have filed an 8-K for ransomware.

Some incredible wordsmithing here - rather than say when the incident began, they say when they issued a press release. Which was days later than when the incident began. I think this is because they missed SEC reporting deadlines.

https://www.sec.gov/ix?doc=/Archives/edgar/data/1897762/000162828025034372/ingm-20250705.htm

#ransomware

"Britain’s drug gangs and Moscow’s hackers were just two nodes in a vast criminal super-network [that] included sanctioned oligarchs, Russian intelligence operatives and an Irish crime family."

(and of course that network also now includes the #Trump administration, because Howard Lutnick is/was Tether's money manager)

* #TheEconomist: https://www.economist.com/1843/2025/07/04/how-tether-became-money-launderers-dream-currency
* no paywall: https://archive.ph/NiCRD

#moneylaundering #crime#corruption #crypto #cryptocurrency #iran #russia #uspol#howardLutnick #economist #economics #finance #uk #ukpol #garantex #threatintel #ransomware #cybersecurity #vladimirputin #oligarchs #putin #ukraine #kinahans #kinahan

2 and a bit days in and Ingram Micro still haven’t admitted what is happening, instead saying “Maintenance”

They’re both a large MSP and MSSP who sell anti-ransomware services.

#threatintel #ransomware

Bleeping Computer confirms: https://www.bleepingcomputer.com/news/security/ingram-micro-outage-caused-by-safepay-ransomware-attack/

#threatintel #ransomware

Cybercrime: Lösegeldverhandler zwackte sich wohl Provisionen ab

Ein für das Aushandeln von Lösegeld bei aussichtslosen Ransomware-Vorfällen angestellter Experte hat sich wohl Provisionen zahlen lassen.

https://www.heise.de/news/Cybercrime-Loesegeldverhandler-zwackte-sich-wohl-Provisionen-ab-10474413.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon

#Cybercrime#IT#Ransomware#Security #news

Espionage 🤝 Cybercrime :: TA829 🤝 UNK_GreenSec

Our extensive visibility into the threat landscape has led us to conclude that there is very likely a link between TA829 (a cybercriminal actor also conducting #espionage in line with Russian state interests) & UNK_GreenSec (a #cybercriminal cluster observed deploying #malware and #ransomware).

See our research blog for a technical analysis of the intriguing overlap between the threat actor clusters. https://brnw.ch/21wTN3n

🐨 Australian ransomware victims now must tell the government if they pay up

“The Australian Institute of Criminology indicates that only one in five victims of a ransomware attack report the attack. As a result, government lacks visibility of the economic and social impact of ransomware in Australia.”

https://therecord.media/australia-ransomware-victims-must-report-payments

#ransomware #australia #cybersecurity