The Week in Ransomware - October 27th 2023 - Breaking Records

Trending 1 month ago

Hackers successful a datacenter

Ransomware attacks are expanding significantly, pinch reports indicating that past period was a grounds period for ransomware attacks successful 2023.

According to NCC Group data, ransomware groups launched 514 attacks successful September, surpassing March 2023 activity, which included 459 attacks that were heavy skewed by Clop's Fortra GoAnywhere information theft attacks.

This summation successful attacks was also seen by Check Point Software, who said they are seeing a 3% summation successful attacks for 2023.

A July study by Chainalysis besides predicted that 2023 would beryllium a record-breaking twelvemonth for ransomware payments based connected projected data, which indicates that ransom payments whitethorn transcend $500 cardinal by nan extremity of nan year.

In different news, Microsoft released a study connected the Octo Tempest extortion group, stating they are among nan "most vulnerable financial criminal groups."

Octo Tempest is besides known as Scattered Spider, Oktapus, and UNC3944 and is believed to beryllium down caller ransomware attacks connected MGM Resorts and Caesars and past attacks connected Reddit, MailChimp, Twilio, DoorDash, and Riot Games.

The threat actors are known to utilize a wide assortment of precocious societal engineering and hacking tactics, on pinch SIM-swapping attacks to breach accounts. In immoderate cases, Microsoft says nan threat actors person resorted to threats of unit to effort to summation entree to firm credentials.

This group stands retired arsenic they are believed to beryllium a loose-knit group of English-speaking threat actors who are affiliates of nan BlackCat ransomware gang, which mostly only useful pinch Russian-speaking affiliates.

We besides learned of caller cyberattacks aliases much accusation was shared astir existing ones, including:

  • American Family Insurance yet confirms a cyberattack caused their outage.
  • BHI Energy provided a very transparent report connected really Akira breached them.
  • TransForm warns that a ransomware onslaught is impacting 5 hospitals successful Ontario, Canada.
  • France's ASVEL hoops squad confirms a information breach aft a ransomware attack.
  • The Rorschach ransomware pack deed nan Chilean telecom elephantine GTD.
  • Seiko confirms a ransomware onslaught exposed customer data.

Contributors and those who provided caller ransomware accusation and stories this week include: @Seifreed, @LawrenceAbrams, @billtoulas, @Ionut_Ilascu, @demonslay335, @fwosar, @BleepinComputer, @serghei, @malwrhunterteam, @Avast, @kaspersky, @1ZRR4H, @NCCGroupplc, @Imperva, @Webroot, @MsftSecIntel, @pcrisk, @security_score,

October 21st 2023

American Family Insurance confirms cyberattack is down IT outages

Insurance elephantine American Family Insurance has confirmed it suffered a cyberattack and unopen down portions of its IT systems aft customers reported website outages each week.

October 23rd 2023

US power patient shares really Akira ransomware hacked its systems

In a uncommon show of transparency, US power services patient BHI Energy specifications really nan Akira ransomware cognition breached their networks and stole nan information during nan attack.

University of Michigan employee, student information stolen successful cyberattack

The University of Michigan says successful a connection coming that they suffered a information breach aft hackers collapsed into its web successful August and accessed systems pinch accusation belonging to students, applicants, alumni, donors, employees, patients, and investigation study participants.

A Deep Dive into Cactus Ransomware

A method study of nan Cactus Ransomware.

October 24th 2023

September was a grounds period for ransomware attacks successful 2023

Ransomware activity successful September reached unprecedented levels pursuing a comparative lull successful August that was still measurement supra regular standards for summertime months.

Cyberattack connected wellness services supplier impacts 5 Canadian hospitals

A cyberattack connected shared work supplier TransForm has impacted operations successful 5 hospitals successful Ontario, Canada, impacting diligent attraction and causing appointments to beryllium rescheduled.

ASVEL hoops squad confirms information breach aft ransomware attack

French master hoops squad LDLC ASVEL (ASVEL) has confirmed that information was stolen aft nan NoEscape ransomware pack claimed to person attacked nan club.

Analysis: A Ransomware Attack connected a PostgreSQL Database

In 2017, we reported connected a database ransomware run targeting MySQL and MongoDB. Since then, we’ve observed akin onslaught strategies connected a PostgreSQL database successful Imperva Threat Research lab.

Stealer for PIX costs system, caller Lumar stealer and Rhysida ransomware

In this article, we stock excerpts from our reports connected malware that has been progressive for little than a year: nan GoPIX stealer targeting nan PIX costs system, which is gaining fame successful Brazil; nan Lumar multipurpose stealer advertised connected nan acheronian web; and nan Rhysida ransomware supporting aged Windows versions.

New JarJets ransomware

PCrisk recovered a caller JarJets ransomware that appends past .Jarjets hold and drops a ransom statement named Jarjets_ReadMe.txt.

October 25th 2023

Chilean telecom elephantine GTD deed by nan Rorschach ransomware gang

Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure arsenic a Service (IaaS) platform, disrupting online services.

Seiko says ransomware onslaught exposed delicate customer data

Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware onslaught earlier this year, informing that nan incident has led to a information breach, exposing delicate customer, partner, and unit information.

A Continuing Cyber-Storm pinch Increasing Ransomware Threats and a Surge successful Healthcare and APAC region

As we measurement into October, nan period dedicated to world cyber awareness, it is important to illuminate nan evolving scenery of cyber threats that effect america all. Check Point Research’s latest study provides a broad position of nan large wind brewing successful nan integer realm, specifically for nan timeframe of Q1-Q3 of 2023.

Webroots Nastiest Malware 2023

Now lets dive into what our experts person picked arsenic nan apical Ransomware families of 2023.

New STOP Ransomware variants

PCrisk recovered caller STOP ransomware variants that append nan .zpas, .zput, and .zpww extensions.

New BlackDream ransomware

PCrisk recovered a caller JarJets ransomware that appends past .BlackDream hold and drops a ransom statement named ReadME-Decrypt.txt.

October 26th 2023

Rhysida Ransomware Technical Analysis

The Rhysida encryptor comes arsenic a 32-bit aliases 64-bit Windows PE file, compiled by MinGW GNU type 6.3.0 and linked by nan GNU linker v 2.30. The first nationalist type comes arsenic a debug version, which makes its study easier.

Microsoft: Octo Tempest is 1 of nan astir vulnerable financial hacking groups

Microsoft has published a elaborate floor plan of a autochthonal English-speaking threat character pinch precocious societal engineering capabilities it tracks arsenic Octo Tempest, that targets companies successful information extortion and ransomware attacks.

That's it for this week! Hope everyone has a bully weekend!