Is this email difficult to read? View it in a web browser. ›
The Wall Street Journal ProThe Wall Street Journal Pro

CybersecurityCybersecurity

Sponsored by Zscaler logo.

Ransomware Attacks Get More Vicious as Defenses Improve

By James Rundle
 

Good day. Hackers are shifting tactics as companies shore up their digital defenses, threatening to trash networks and halt operations if they don't pay up.

Cybersecurity specialists say that they have noticed a marked increase in the number of attacks they respond to where hackers’ goals aren’t simply to lock up data and extort victims for its release, but to disrupt their businesses. Sometimes that means wrecking the infrastructure companies rely on.

Read more in our newsletter extra below.

Also today:

  • Cyberattack cripples Ohio hospital network
  • CISA appoints second in command
  • Justice Department probes Coinbase breach
 

‏‏‎ ‎
CONTENT FROM: Zscaler
See you at ZenithLive '25. Cybersecurity event of the year.

One Epic Week. AI Ignited. Zero Trust Elevated. Security Operations Reinvented. Join and bring your team to the premier learning conference that brings together industry experts to share insights on zero trust, hands-on training, and certifications to protect and enable your organization to thrive. WSJ readers enjoy an exclusive 50% discount with code [WSJZL25]—don’t miss this opportunity!

Register Now

 

Regulation & Enforcement

PHOTO: PAUL J. RICHARDS/AFP/GETTY IMAGES

CISA Appoints Gottumukkala as Deputy Director. The Cybersecurity and Infrastructure Security Agency appointed Madhu Gottumukkala as its new deputy director, while the agency waits for the Senate to confirm Sean Plankey as its next director. Gottumukkala was previously the commissioner and chief information officer of the state of South Dakota, where Home Security Secretary Kristi Noem was governor until 2025. (Security Week)

PHOTO: ELISE AMENDOLA/ASSOCIATED PRESS

Mass. Lawmakers Propose Cyber Bill. State senators in Massachusetts have proposed a bill that would largely codify much of the state’s existing cybersecurity arrangements. The bill ties together various activities that exist as a patchwork of other legislation and executive orders, covering areas such as incident reporting, and the status of the state’s emergency response team. (Government Technology)

Justice Department Probes Coinbase Attack. The U.S. Justice Department has opened an investigation into a data breach at Coinbase, the world’s largest cryptocurrency exchange. The breach may affect up to nearly 100,000 people, the exchange said. Insiders are being blamed for the leak, which Coinbase estimates may cost up to $400 million. (Reuters)
 

Newsletter Extra

PHOTO: JEENAH MOON/REUTERS

Hackers have long relied on poor defenses to extort their victims. But companies are improving, and that means hackers are becoming more aggressive.

Victims were able to restore their data from their own backups in about 49.5% of incidents last year that Palo Alto Networks’ Unit 42 incident-response unit worked on, the company said in a March report. That was up from 28% in 2023 and 11% in 2022.

This means hackers are getting frustrated and resorting to destructive threats. Sam Rubin, head of consulting and threat intelligence at Unit 42, said he has seen increasingly aggressive behavior from criminals. In one incident the company recently worked on, he said, attackers destroyed about 250 virtual servers.

“Now, it's like they're going to bring as much pain as possible, so it's going to be unavoidable for [victims] not to pay them something,” said Wendi Whitmore, chief security intelligence officer at Palo Alto.

Other experts have noticed similar trends. Derek Manky, global vice president of threat intelligence with cybersecurity company Fortinet’s FortiGuard Labs unit, said he has seen an increasing use of destructive malware. This has risen sharply since Russia invaded Ukraine, he said, as malware transitions from the battlefield to the internet.

Manky said that wiper malware, which just erases data from systems rather than locks it up, often shows up quickly after its use in Ukraine.

Christopher Ahlberg, chief executive of Mastercard’s Recorded Future threat intelligence business, said he notices more belligerent behavior from hackers.

“[Hackers] will either say they’ll hit destroy—knowing that a lot of companies may not have as good backups as they think, or people will get nervous about how good their backups are—or they’ll proactively destroy things,” he said.                                                                               —James Rundle
 

Cyberattacks

PHOTO: FRED TANNEAU/AFP/GETTY IMAGES

Ohio Medical Centers Hit by Hackers. A large network of a dozen medical centers in Ohio is experiencing severe system outages after a cyberattack, forcing hospitals to cancel procedures. Kettering Health, which operates 14 facilities across the state, released a statement saying its call centers were down and that it had canceled some inpatient and outpatient procedures, though its emergency rooms were open. (Dayton Daily News)
 

About Us

The WSJ Pro Cybersecurity team is Deputy Editor Kim S. Nash (on X @knash99), reporter James Rundle and reporter Catherine Stupp (@catstupp). Follow us on X @WSJCyber. Reach the team by replying to any newsletter you receive or by emailing Kim at kim.nash@wsj.com.
 
Share this email with a friend.
Forward ›
Forwarded this email by a friend?
Sign Up Here ›
 
Desktop, tablet and mobile. Desktop, tablet and mobile.
Access WSJ‌.com and our mobile apps. Subscribe
Apple app store icon. Google app store icon.
Unsubscribe   |    Newsletters & Alerts   |    Contact Us   |    Privacy Notice   |    Cookie Notice
Dow Jones & Company, Inc. 4300 U.S. Ro‌ute 1 No‌rth Monm‌outh Junc‌tion, N‌J 088‌52
You are currently subscribed as [email address suppressed]. For further assistance, please contact Customer Service at pro‌newsletter@dowjones.com or 1-87‌7-975-6246.
Copyright 2025 Dow Jones & Company, Inc.   |   All Rights Reserved.
Unsubscribe