He ransomware, she ransomware, they all ransomware!

Yup, you guessed it: this week's episode is all about ransomware. We start with Garmin's interesting handling of their recent tryst with WastedLocker, which largely involved them saying nothing at all to anyone. Then we move on to Blackbaud, who took the opposite stance by telling everyone everything and promising that absolutely on no account has the breached data gone any further than the cybercriminals responsible. Because criminals are renowned for their honesty, right?

Staying on the ransomware theme, we wonder whether Garmin could – or should – have learned lessons from Travelex's new year nightmare and Norsk Hydro's run in with LockerGoga in 2019.

We also take a look at app sec with Sean Wright, Mr App Sec himself at Immersive Labs and our guest for this week.

Incidentally, Immersive Labs released three new labs on WastedLocker this week, so if you want to learn more about how it works and the part it played in the Garmin hack, head over to this blog. If you already have a license (alright, no need to boast), log in here.

Garmin WastedLocker attack

https://www.forbes.com/sites/leemathews/2020/07/23/garmins-alleged-ransomware-wastedlocker-evil-corp

Blackbaud pay the ransom

https://www.computerweekly.com/news/252486910/List-of-Blackbaud-breach-victims-tops-120