The Week in Ransomware - April 19th 2024 - Attacks Ramp Up
While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. [...]
LockBit is a ransomware operation covered through reported incidents, technical analysis, disruption efforts, and guidance to defend systems and data.
Search across headline titles and summaries.
Background for this topic.
LockBit is a ransomware family and associated cybercrime operation—not an unrelated product or project—that has been reported in attacks where malware encrypts files on compromised systems and disrupts access. Coverage under this tag includes technical analysis of LockBit variants, reported incidents, infrastructure or law-enforcement disruption, and claims about stolen data or extortion; individual reports may differ in what is verified.
For defenders, the material risks are rapid encryption across reachable systems and possible exposure of data taken before encryption. Priorities include promptly addressing internet-facing vulnerabilities and exposed credentials, restricting lateral movement with segmentation and least privilege, and maintaining tested offline or otherwise isolated backups. Monitor for suspicious administrative activity and mass file changes, preserve logs and affected systems for investigation, and use threat intelligence on LockBit indicators to support containment. A suspected incident requires coordinated isolation, recovery, and assessment of privacy or regulatory obligations rather than assuming that paying restores systems or prevents disclosure.
While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. [...]
Also: Congress Weighs in on Change Healthcare Saga; Hot Topics at ISMG’s AI SummitIn the latest weekly update, ISMG editors discussed the rise of criminal groups using leaked LockBit ransomware for global cyberattacks, Congress's recent hearing on the cyberattack targeting Change Healthcare and takeaways from ISMG’s Cybersecurity Implications of AI Summit
Experts See Surge in Attacks, Including in Russia, Using Leaked LockBit CodeWhat do a German healthcare network, a Russian security company and an American bridal clothing retailer have in common? All seem to have been compromised in recent months by attackers who wielded LockBit crypto-locking malware - but who weren't tied to the actual LockBit operation.
Kaspersky researchers discovered the new variant after responding to a critical incident targeting an organization in West Africa.
Kaspersky also uncovered the use of the SessionGopher script to extract saved passwords