The Week in Ransomware - July 8th 2022 - One down, many to go
While we continue to see new ransomware operations launch, we also received some good news this week, with another ransomware shutting down. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
While we continue to see new ransomware operations launch, we also received some good news this week, with another ransomware shutting down. [...]
A new ransomware operation named '0mega' targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. [...]
New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom. [...]
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. [...]
Taiwan-based network-attached storage (NAS) vendor QNAP warned customers to secure their devices against attacks using Checkmate ransomware to encrypt data. [...]
APT hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. [...]
APT hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. [...]
APT hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. [...]
The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations. [...]
A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. [...]
The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they're shutting down the operation and plan to switch to cryptojacking. [...]