The Week in Ransomware - July 8th 2022 - One down, many to go
While we continue to see new ransomware operations launch, we also received some good news this week, with another ransomware shutting down. [...]
Ransomware encrypts or steals data to disrupt operations and extort victims, making backups, access controls, and incident response essential.
Search across headline titles and summaries.
Background for this topic.
Ransomware is malware used to deny access to systems or data, usually by encrypting files and demanding payment for decryption. Many operations also steal sensitive information and threaten to publish it, so an attack can create both an availability crisis and a privacy or disclosure risk. Initial access may involve phishing, stolen credentials, exposed remote services, or exploitation of unpatched vulnerabilities; attackers may then move through the network before deploying the payload.
Defenses should combine vulnerability management, phishing-resistant authentication where practical, endpoint and network monitoring, and backups that are isolated from routine administrator access and regularly tested for recovery. Organizations should also limit privileges and segment critical systems to reduce the blast radius. An incident requires rapid containment, preservation of forensic evidence, restoration from known-good backups, and assessment of notification, legal, and regulatory obligations. Threat intelligence can help identify relevant criminal infrastructure or tactics, but it does not replace sound access control, patching, detection, and recovery practices.
While we continue to see new ransomware operations launch, we also received some good news this week, with another ransomware shutting down. [...]
A new ransomware operation named '0mega' targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. [...]
The company also provided a download link and related instructions for the tool
LockBit ransomware attacks are constantly evolving by making use of a wide range of techniques to infect targets while also taking steps to disable endpoint security solutions
Dark Reading's digest of the other don't-miss stories of the week, including a new ransomware targeting QNAP gear, and a destructive attack against the College of the Desert that lingers on.
State-sponsored actors are deploying the unique malware--which targets specific files and leaves no ransomware note--in ongoing attacks.
An open letter from the NCSC and ICO asks lawyers to do more to stop the scourge of ransomware
New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom. [...]
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. [...]
Taiwan-based network-attached storage (NAS) vendor QNAP warned customers to secure their devices against attacks using Checkmate ransomware to encrypt data. [...]
In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021
CISA, FBI, US Treasury warn Kim Jong-un's latest malware has hit healthcare orgs For the past year, state-sponsored hackers operating on behalf of North Korea have been using ransomware called Maui to attack healthcare organizations, US cybersecurity authorities said on Wednesday.…
US government warns healthcare and public-health organizations to expect continued attacks involving the manually operated "Maui" ransomware.
RaaS malware devs have been busy bees The Hive group, which has become one of the most prolific ransomware-as-a-service (RaaS) operators, has significantly changed its malware, including migrating the code to the Rust programming language and using a more complex encryption technique.…
APT hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. [...]
APT hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. [...]
APT hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. [...]
According to CISA, the threat actors have been engaging in these campaigns since May 2021
Hive is not the first ransomware written in Rust, and follows in the footsteps of BlackCat
This webinar will show you how to bounce back Webinar What’s the biggest threat to your business? Ransomware? A natural disaster? A critical infrastructure failure?…