Zero-Day Newsletter: Cybersecurity reports, news, and insights for IT professionals
The cheekiest cybersecurity newsletter on the planet.
Cybersecurity news doesn't have to be boring. Comparitech's Zero-Day Newsletter is focused on giving IT professionals weekly updates on cybersecurity alerts, ransomware news, industry insights, and IT product recommendations.
Hitting your screens this week are a number of dubious titles involving a dragon, mutiny, and a former chipmunk.
These titles feature various A-listers (in the ransomware world at least), including Qilin and Fog. But making a Play for the starring role this month is, well, Play. Of the 90 attacks we've tracked throughout May so far, 16 of these come from Play. Qilin follows closely behind with nine, while two new groups (J Group and IMN Crew) are trying to break the industry with eight and seven victims each, respectively.
For now, however, these two newbies remain Z-listers as none of these attacks have been confirmed by the entities involved, leaving their "talent" unconfirmed. Perhaps with those names, they'd be better off as boy bands rather than ransomware gangs, anyway.
Here to learn more about "reset" and "reboot"? Check the last section!
May the (Dragon) Force (not) be with you
If there’s one ransomware gang making a name for itself this month, it’s DragonForce. Not only was it the strain of ransomware used in the ongoing attack on UK retailer Marks & Spencer (via the group Scattered Spider), but it’s also alleged to be behind the attacks on two other UK retailers – Co-op and Harrods.
While DragonForce may not be the most prolific ransomware gang as far as numbers go (we’ve tracked 55 attacks via this group this year so far), it’s certainly hitting the headlines with these latest attacks.
Qilin came forward to claim the recent attack on Georgia’s Cobb County. It alleged to have stolen more than 150 GB of data, posting various documents and photographs of ID as proof. Cobb County had confirmed an attack back in March 2025, which shut down a number of county services, including courthouse filing, the jail database, and wi-fi access. A month later, it notified 10 people of a potential data breach.
With the average data breach following a ransomware attack via Qilin involving around 75,000 people, it remains to be seen whether this figure of 10 rises following Qilin’s claim.
Alvin Independent School District is notifying at least 47,606 people of a data breach following an attack almost a year ago in June 2024. Social Security numbers, credit and debit card numbers, financial account numbers, medical info, and state-issued ID numbers were among the data affected.
Ransomware gang Fog claimed this attack at the time, allegedly stealing 60 GB of data from the Texan school district.
Restart vs reset vs reboot: An IT professional's nightmare when end-users and customers get it wrong
We witnessed a discussion out in the wilds of the IT forum world that was as hilarious as it was disappointing. An MSP briefly explained that a customer used a paper clip to factory reset a firewall...because they thought that it needed to be restarted.
If you're reading this and you're confused, well, that's the part of the problem.
Your average IT person might cringe at this incident, but it's a surprisingly common confusion for lay people (and let's face it, some IT professionals). "Restart," "reset," and "reboot," are extremely similar terms. While they have very specific meanings among technical crowds, the differences are easily lost in non-technical discussions.
Google Trends and Google Ngram Reader tell part of the story
Google Trends data shows that for the last 20 years, the terms "device reset" and "device reboot" were the most popularly used to describe changing the "on/off" state of a device (which both resetting and restarting will do, but with different purposes and end results).
Google Search trends for "restart device," "reboot device," and "reset device."
Notably fewer people were using "device restart."
Then 2020 happened. People shifted to remote work en masse. That meant far more people needed to use or relearn to use a variety of devices that they may not have used to connect into work from home.
The pandemic seemingly caused a massive shift in which of these terms people were using in Google searches. "Reboot" was out. "Restart" and "reset" were in.
Of the three, the concept of "resetting a device" has been part of the English lexicon for over 100 years. At the time, it made the most sense. "Reset" was already a known and used term in English. The more specific meaning of "cause a device to return to a former condition" arose in 1847.
In typical fashion, computer engineers weren't elegant with word choice
The onset and normalization of computers in the 1980s led to the neologism that is "reboot", a completely new word specifically related to turning a computer off and on again. It also renewed usage of the less-commonly-used term "restart," which essentially carries the same meaning (and unsurprisingly, trended upward in written texts alongside "reboot"). Those two are at least interchangeable, while "reset" carries a distinct and essential purpose.
To review:
Reset: The act of restoring a device to an earlier state to resolve errors.
Reboot: The act of turning a device off and on again.
Restart: Also the act of turning a device off and on again.
IT professionals and MSPs often underestimate the way in which these words have been generalized and their meanings muddled for the average Joe. It doesn't help that each of these words is exceptionally similar with many common letters (particularly with the prefix "re" leading each one).
This is where we find that what's obvious (and therefore, easily ignored) to IT professionals may not be obvious to someone who uses computers and other devices, but does not administer or program them.
There can be a high cost to getting "restart", "reset", and "reboot" wrong
Take the earlier mentioned incident: an MSP's customer resetting, instead of restarting or rebooting, a firewall. That's a headache for both parties involved. And potentially expensive, depending on the situation.
A firewall reset reverts the device to its original state, erasing all custom configurations, rules, and logs. In some cases this can lead to network downtime until restoration is restored, but it's overall not a big deal as long as there's a plan in place for it. In this case, however, the firewall was likely a custom preconfigured device purchased by the MSP on behalf of the customer. It may also have had hardware-specific configurations or license and activation dependencies that neither the MSP nor the customer could handle without vendor support. Multiple costs can come into play when someone gets the terminology wrong:
Hardware replacement costs: A small business can get away with a cheap firewall under $100, but some enterprise-level next-gen firewalls easily push past $200,000 with complex, vendor-assisted configuration.
Professional setup costs: These can easily set you back $1,000 to $5,000 or more.
Downtime costs: Firewalls can lead to costly network downtime, to the tune of $25,000/hr even for small businesses, and millions in losses per hour for enterprise businesses.
Thankfully, accidentally resetting a device instead of rebooting it isn't normally that costly. But depending on the situation, it could be. Especially if it leads to hardware replacements, data recovery, and lost productivity hours. So what's the key takeaway? Make sure your customers and any end users who have access to devices know the difference between rebooting, restarting, and resetting devices.
Until next week! Let's keep that zero day at zero.
Suite 3 Falcon Court Business Centre, College Road, Maidstone, Kent ME15 6TF Unsubscribe · Preferences
The cheekiest cybersecurity newsletter on the planet.
Cybersecurity news doesn't have to be boring. Comparitech's Zero-Day Newsletter is focused on giving IT professionals weekly updates on cybersecurity alerts, ransomware news, industry insights, and IT product recommendations.