How to handle a ransomware attack: key takeaways

We hear it all the time: “MFA is inconvenient. It slows me down. Do we really need it?” That pushback comes from C-suite executives all the way down to employees. But here’s the reality—on the other side, cybercriminals are protecting their own accounts with MFA. Yes, you read that right. As someone who tracks ransomware groups, I’ve seen firsthand that some crews enforce MFA internally to safeguard their stolen data and access. If the bad guys see enough value in MFA to protect their operations, what excuse do we have for not using it to protect our businesses? MFA isn’t an annoyance. It’s a necessity. If the adversaries are doing it, so should you.

Did you know? Over 90% of cyberattacks begin with a simple email. What looks like an ordinary message could be the doorway to ransomware, data theft, or a major breach. At SkillWeed, we emphasize best practices that keep inboxes safe: secure gateways, sender verification, and the golden rule—don’t click what you don’t trust. ✅The question is: Are your daily email habits protecting you—or exposing you?

Ransomware Shutdown in Nevada Underscores Risks to Access, Economic Flow, and Licensing Transparency In the last two weeks, I have experienced delays, non-responses, and a general lack of transparency impacting my work, so a bit of digging was warranted. Nevada’s state systems have now been crippled by a ransomware attack for over a week, and the fallout is far more than technical—it’s tangible. Since August 24, 2025, state services, including DMV branches, websites, and phone lines, have been offline. While 911 and emergency services remain intact, essential functions like driver’s license issuance and benefit access are caught in a limbo of uncertainty. This prolonged outage isn’t just inconvenient—it’s economically disruptive. Local businesses, such as vehicle sellers, cannot complete VIN inspections, halting sales and straining cash flow. The broader community faces cascading delays in registering businesses, renewing rights, or accessing social services via SNAP and Medicaid, where digital portals have failed. Even more troubling is the opacity maintained by state officials. Citizens and professionals—private investigators, compliance officers, consumer advocates—are left navigating an unclear landscape. What happened? What data was stolen? When will services resume? The state remains vague. Governor Lombardo and the Technology Office have avoided giving specifics, saying only that “systems must be validated before we reconnect them,” even as they confirmed data exfiltration. For private investigation licensing and verification, the implications are profound. PI firms and their clients rely on DMV and regulatory databases to validate credentials, track ownership, check backgrounds, and confirm compliance. With these systems offline, due diligence stalls, licensing backlogs mount, and consumer protections erode. This incident is a warning shot. Ransomware isn’t just about encryption—it’s a systemic denial of civic function. And when transparency is sacrificed, trust and economic continuity are jeopardized. Sources KTNV - https://lnkd.in/dnjj4h7u Hoodline -https://lnkd.in/deEYqxqH The Nevada Independent - https://lnkd.in/dBDmyTUT CBS News - https://lnkd.in/dCtcW56a SecurityWeek - https://lnkd.in/dczVpAkC Las Vegas Review-Journal - https://lnkd.in/dfHa5Kdp #DueDiligence #BusinessContinuity #EconomicImpact #PrivateInvestigators #FraudPrevention #Verification #GovernmentTransparency #PublicTrust #Ransomware #CyberSecurity #CyberAttack

"US posts $10M bounty for alleged crimeware admin US authorities have posted a $10 million bounty for Volodymyr Tymoshchuk, the accused admin of the infamous LockerGoga, MegaCortex, and Nefilim ransomware attacks that operated between December 2018 and October 2021. The US Attorney’s Office had already indicted Tymoshchuk. “Volodymyr Tymoshchuk is charged for his role in ransomware schemes that extorted more than 250 companies across the United States and hundreds more around the world,” stated the Department of Justice's acting assistant Attorney General Matthew Galeotti. "In some instances, these attacks resulted in the complete disruption of business operations until encrypted data could be recovered or restored. This prosecution and today’s rewards announcement reflects our determination to protect businesses from digital sabotage and extortion and to relentlessly pursue the criminals responsible, no matter where they are located." The announcement follows a similar $10 million bounty for the arrest of three men accused of hacking US critical infrastructure systems and described as members of Russian intelligence services. Bounties of this sort are almost always PR exercises, as the accused are based in Russia and arresting them is therefore impossible unless they do something very stupid like entering a country that has an extradition treaty with the USA. Some people do get caught, however. Liridon Masurica, 33, a Kosovan national, has pleaded guilty to being the lead administrator of BlackDB.cc forum, that bought and sold online credentials and financial information. He was arrested in the Balkans and handed over to US prosecutors." https://lnkd.in/gVW95muy

On August 24, 2025, the State of Nevada was hit with a ransomware attack that disrupted critical services and raised urgent questions about data security. While emergency services remained operational, many agencies—including DMV, Insurance, and state websites—faced disruptions as investigators worked to assess the damage. Federal partners like the FBI and CISA have joined Nevada’s Office of Emergency Management to contain the threat, restore systems, and determine whether sensitive data was compromised. Why should this matter to you? Because the same tactics used against government agencies are now being deployed against small businesses, schools, and families. Cybercriminals don’t discriminate—every organization is a target. In my latest article, I break down what happened in Nevada, the lessons leaders must take away, and what steps you can take to avoid becoming the next victim. This is more than news—it’s a roadmap to resilience. 👉 [Read the full article below]

Fifteen Ransomware Gangs “Retire,” Future Unclear. Fifteen well-known ransomware groups, including Scattered Spider, ShinyHunters and Lapsus$, have announced that they are shutting down their operations. The collective announcement was posted on Breachforums, where the groups claimed they had achieved their goals of exposing weaknesses in digital infrastructure rather than profiting through extortion. The announcement struck a defiant tone, noting that members still in custody would not be forgotten. The groups vowed to work toward their release and hinted at retaliation against law enforcement. Despite the claims of retirement, analysts have raised doubts about whether this marks a permanent end. “It’s safest to consider this announcement as more of a PR stunt than a genuine farewell,” said Casey Ellis, founder at Bugcrowd. “Historically, cybercriminals rarely retire in the traditional sense. Instead, they rebrand, regroup or pivot to new tactics and operations, or they get caught.” Whether the announcement reflects a turning point in cybercrime or a reshaping of old threats into new forms remains to be seen. For now, the sudden withdrawal of several notorious groups signals a shift in the underground ransomware landscape but offers little reassurance that the danger has truly passed.... Credits to Infosecurity Magazine by Alessandro Mascellino. [Source in the comments section]

John Anthony Smith, CSO and Co-founder of Fenix24, highlights the rise of extortion-only attacks and stresses that immutable backups are key to successful post-ransomware recovery. Learn more about securing data in law firms: https://okt.to/81eWVd

Did you know that cyber incidents rose 𝟮𝟮% 𝘆𝗲𝗮𝗿-𝗼𝘃𝗲𝗿-𝘆𝗲𝗮𝗿 in 2024 alone. That’s 1,200+ reported incidents in the U.S. alone, from ransomware to regulatory investigations. Yet, while ransom payments fell 77%, the number of midsized companies filing claims 𝘀𝗽𝗶𝗸𝗲𝗱, over half of all incidents came from this group. This shows us that 𝗻𝗼 𝗰𝗼𝗺𝗽𝗮𝗻𝘆 𝗶𝘀 “𝘁𝗼𝗼 𝘀𝗺𝗮𝗹𝗹” 𝘁𝗼 𝗯𝗲 𝗮 𝘁𝗮𝗿𝗴𝗲𝘁, and financial losses aren’t the only danger. Class action lawsuits, regulatory probes, and long-term reputational damage often outweigh immediate ransom costs. When I guide clients through cyber risk consulting, we don’t stop at “what’s likely.” We map scenarios that ripple into 𝘀𝗵𝗮𝗿𝗲𝗵𝗼𝗹𝗱𝗲𝗿 𝗰𝗼𝗻𝗳𝗶𝗱𝗲𝗻𝗰𝗲, 𝗰𝘂𝘀𝘁𝗼𝗺𝗲𝗿 𝘁𝗿𝘂𝘀𝘁, 𝗮𝗻𝗱 𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗼𝗿𝘆 𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴. Because resilience today means preparing for the second and third-order effects, not just the first breach.

John Anthony Smith, CSO and Co-founder of Fenix24, highlights the rise of extortion-only attacks and stresses that immutable backups are key to successful post-ransomware recovery. Learn more about securing data in law firms: https://okt.to/5DRmhy

A ransomware payment ban will focus minds, but will it fix the problem? - The UK Government has recently stated it intends to advance a proposal that would prohibit ransomware payments by public sector organisations and operators of critical national infrastructure (CNI). https://lnkd.in/ebYA2fGJ Protection Magazine