The Week in Ransomware - February 2nd 2024 - No honor among thieves

Trending 1 month ago

Hospital ward

Attacks connected hospitals continued this week, pinch ransomware operations disrupting diligent attraction arsenic they unit statement to respond to cyberattacks.

While many, for illustration LockBit, declare to person policies successful spot to debar encryping hospitals, we proceed to spot affiliates targeting healthcare pinch complete disregard to nan disruption they are causing patients successful trying to person care.

LockBit says that affiliates tin only bargain information and not encrypt hospitals, yet they purposely disregard nan truth that attacking an statement will origin them to move disconnected IT strategy to forestall nan dispersed of nan attack.

For hospitals, this intends that they nary longer person entree to aesculapian charts, can't prescribe physics prescriptions, respond to patients done online portals, aliases successful immoderate cases, entree aesculapian diagnostic reports.

It feels for illustration we perceive of a caller attacks connected hospitals each week, learning this week astir an onslaught connected Lurie Children's Hospital successful Chicago and an onslaught connected Saint Anthony Hospital successful December, pinch nan second claimed by LockBit.

Ransomware gangs are fond of saying, "It’s not personal, it’s business. We conscionable attraction astir your money."

However, having to postpone your child's bosom surgery, judge feels personal.

Tweet astir children's surgery

Contributors and those who provided caller ransomware accusation and stories this week include: @Seifreed, @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @BleepinComputer, @billtoulas, @demonslay335, @serghei, @fwosar, @CyberArk, @coveware, @pcrisk, @USGAO, @Jon__DiMaggio, @ThierryBreton, @Truesec, @Analyst1, @AhnLab_SecuInfo, @RakeshKrish12, @Netenrich, @jgreigj, and @AJVicens.

January 27th 2024

Ottawa-based cyberfraudster sentenced to 2 years

An Ottawa man convicted connected charges related to a ransomware onslaught affecting hundreds of victims was sentenced to 2 years down bars connected Friday.

January 29th 2024

Ransomware payments driblet to grounds debased arsenic victims garbage to pay

The number of ransomware victims paying ransom demands has dropped to a grounds debased of 29% successful nan last 4th of 2023, according to ransomware speech patient Coveware.

Energy elephantine Schneider Electric deed by Cactus ransomware attack

Energy guidance and automation elephantine Schneider Electric suffered a Cactus ransomware onslaught starring to nan theft of firm data, according to group acquainted pinch nan matter.

Akira Ransomware and exploitation of Cisco Anyconnect vulnerability CVE-2020-3259

In respective caller incident consequence missions, nan Truesec CSIRT squad made forensic observations indicating that nan aged vulnerability CVE-2020-3259 is apt to beryllium actively exploited by nan Akira ransomware group.

Unveiling Alpha Ransomware: A Deep Dive into Its Operations

Alpha ransomware, a chopped group not to beryllium confused pinch ALPHV ransomware, has precocious emerged pinch nan motorboat of its Dedicated/Data Leak Site (DLS) connected nan Dark Web and an first listing of six victims’ data. As a processing story, I will proceed to supply updates.

New Phobos ransomware variant

PCrisk recovered a caller Phobos ransomware version that appends nan .Ebaka extension.

New Chaos ransomware variant

PCrisk recovered a caller Chaos ransomware version that appends nan .NOOSE hold and drops a ransom ntoe named OPEN_ME.txt.

New Secles ransomware

PCrisk recovered a caller ransomware that appends nan .secles hold and drops a ransom statement named ReadMe.txt.

January 30th 2024

Online ransomware decryptor helps retrieve partially encrypted files

CyberArk has created an online type of 'White Phoenix,' an open-source ransomware decryptor targeting operations utilizing intermittent encryption.

Critical Infrastructure Protection:Agencies Need to Enhance Oversight of Ransomware Practices and Assess Federal Support

Most national agencies that lead and negociate consequence for 4 captious sectors—manufacturing, energy, healthcare and nationalist health, and proscription systems—have assessed aliases scheme to measure risks associated pinch ransomware. But agencies haven't afloat gauged nan usage of starring cybersecurity practices aliases whether national support has mitigated risks efficaciously successful nan sectors.

Ransomware Diaries Volume 4: Ransomed and Exposed – The Story of RansomedVC

RansomedVC stands retired arsenic 1 of nan astir unconventional ransomware operations I’ve investigated. Its activity strategically employs propaganda, power campaigns, and misinformation strategies to summation fame and notoriety wrong nan criminal community. While I whitethorn person my appraisal of RansomedVC, I cannot contradict nan effectiveness of its tactics. It besides rubbed galore group nan incorrect way, including different criminals.

Trigona Ransomware Threat Actor Uses Mimic Ransomware

AhnLab SEcurity intelligence Center (ASEC) has precocious identified a caller activity of nan Trigona ransomware threat character installing Mimic ransomware. Like past cases, nan precocious detected onslaught targets MS-SQL servers and is notable for exploiting nan Bulk Copy Program (BCP) inferior successful MS-SQL servers during nan malware installation process.

Ransomware’s PLAYing a Broken Game

The Play ransomware group is 1 of nan astir successful ransomware syndicates today. All it takes is simply a speedy peek pinch a disassembler to cognize why this group has go infamous. This is because reverse engineering nan malware would beryllium a Sisyphean task afloat of anti-analysis techniques. That said, it mightiness travel arsenic a astonishment that nan malware crashes rather often erstwhile running. In this blog post, we will screen immoderate of nan anti-analysis techniques utilized by Play and look astatine nan process nan malware uses to encrypt web drives and really that tin origin nan malware to crash.

New Silent Anonymous ransomware

PCrisk recovered a caller ransomware called Silent Anonymous that appends nan .SILENTATTACK hold and drops a ransom statement named Silent_Anon.txt.

New Chaos ransomware variant

PCrisk recovered a caller Chaos ransomware version that appends nan .slime extension.

January 31st 2024

Johnson Controls says ransomware onslaught costs $27 million, information stolen

Johnson Controls International has confirmed that a September 2023 ransomware onslaught costs nan institution $27 cardinal successful expenses and led to a information breach aft hackers stole firm data.

EU and United States heighten practice connected cybersecurity

Together pinch our American partners, we are acting pinch velocity and ambition to antagonistic nan increasing threat from malicious cyber actors connected each fronts. Firstly, pinch nan Joint Cyber Safe Product Action Plan successful place, we will now activity concretely together to foster a transatlantic marketplace for trusted integer products and beforehand our precocious cybersecurity standards globally. Furthermore, we make a patient committedness that neither nan EU institutions, bodies and agencies, nor our Member States' nationalist authorities authorities, will salary ransom to specified cyber criminals.

Pentagon investigating theft of delicate files by ransomware group

The ransomware group ALPHV is threatening to leak information obtained from a Virginia IT services institution that contracts pinch nan U.S. military.

December cyberattack connected Chicago organization infirmary claimed by LockBit gang

A precocious announced cyberattack connected a ample organization infirmary successful Chicago was claimed by nan LockBit ransomware gang.

New Phobos ransomware variant

PCrisk recovered a caller Phobos ransomware version that appends nan .dx31 extension.

February 2nd 2024

BTC-e server admin indicted for laundering ransom payments, stolen crypto

Aliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted successful nan U.S. for his engagement successful an world cybercrime money laundering operation.

Interpol cognition Synergia takes down 1,300 servers utilized for cybercrime

An world rule enforcement cognition code-named 'Synergia' has taken down complete 1,300 bid and power servers utilized successful ransomware, phishing, and malware campaigns.

New Dharma ransomware variant

PCrisk recovered a caller Phobos ransomware version that appends nan .Mr hold and drops a ransom statement named info-MIRROR.txt.

That's it for this week! Hope everyone has a bully weekend!