The Week in Ransomware - January 6th 2023 - Targeting Healthcare
This week saw a lot of ransomware news, ranging from new extortion tactics, to a ransomware gang giving away a free decryptor after attacking a children's hospital. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
This week saw a lot of ransomware news, ranging from new extortion tactics, to a ransomware gang giving away a free decryptor after attacking a children's hospital. [...]
Criminals hit 1,800 victims across 71 countries to the tune of $100m+ An international law enforcement effort has released a decryptor for victims of MegaCortex ransomware, widely used by cybercriminals to infect large corporations across 71 countries to the tune of more than $100 million in damages.…
The non-profit said its systems were compromised between August 2021 and April 2022
Microsoft has shed light on four different ransomware families – KeRanger, FileCoder, MacRansom, and EvilQuest – that are known to impact Apple macOS systems
Another ransomware variant bites the dust
Famed newspaper was hit at the end of December
Cloud services provider Rackspace on Thursday confirmed that the ransomware gang known as Play was responsible for last month's breach
The hosting services provider shared new details on the breach that took down its Hosted Exchange Email service.
Play gang blamed, ProxyNotShell cleared and hosted Exchange doomed Rackspace has confirmed the Play ransomware gang was behind last month's hacking and said it won't bring back its hosted Microsoft Exchange email service, as it continues working to recover customers' email data lost in the December 2 ransomware attack.…
Rackspace revealed on Thursday that attackers behind last month's incident accessed some of its customers' Personal Storage Table (PST) files which can contain a wide range of information, including emails, calendar data, contacts, and tasks. [...]
Antivirus company Bitdefender has released a decryptor for the MegaCortex ransomware family, making it possible for victims of the once notorious gang to restore their data for free. [...]
The findings come from eSentire’s Threat Response Unit
Incident thought to stem from 2022 ransomware attack
The hosting provider had not applied Microsoft's new patch due to publicly reported issues with the update.
Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that took down the company's hosted Microsoft Exchange environments. [...]
UK data watchdog would like a word over failure to systems Long-standing British broadsheet The Guardian has told staff to continue working from home and notified the UK's data privacy watchdog about the security breach following a suspected ransomware attack before Christmas.…
Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors,
Blame it on the affiliate Notorious ransomware gang LockBit "formally apologized" for an extortion attack against Canada's largest children's hospital that the criminals blamed on a now-blocked affiliate group, and said it published a free decryptor for the victim to recover the files.…
U.S. rail and locomotive company Wabtec Corporation has disclosed a data breach that exposed personal and sensitive information. [...]
The Royal ransomware gang has claimed responsibility for a recent cyberattack on the Queensland University of Technology and begun to leak data allegedly stolen during the security breach. [...]