The Week in Ransomware – Could tenth 2024


After many months of taunting regulation enforcement and providing a million-dollar reward to anybody who may reveal his id, the FBI and NCA have achieved simply that, revealing the title of LockBitSupp, the operator of the LockBit ransomware operation.

On February 19, Operation Cronos took down LockBit’s infrastructure and transformed its information leak website right into a regulation enforcement press launch website the place they launched details about the police actions.

After being inactive for months, the site went live again on Sunday, teasing new data that will be launched, together with the attainable id of the LockBit admin.

On Tuesday, the NCA, Europol, and the FBI revealed the identity of LockBitSupp, a 31-year-old Russian nationwide named Dmitry Yuryevich Khoroshev.

Since then, the LockBit operation has been on a revenge spree, leaking the names of 119 victims allegedly attacked by the ransomware operation.

Whereas LockBitSupp says they don’t seem to be going wherever and can proceed to conduct assaults, it will not be shocking to see them shut down and rebrand a brand new operation within the close to future.

In different information, an assault on healthcare giant Ascension has induced huge disruption to the healthcare system, inflicting ambulances to be diverted from a number of hospitals and techniques offline, together with medical information.

In keeping with CNN, the assault has been linked to the Black Basta ransomware operation.

Different ransomware assaults we discovered extra about this week are:

Contributors and those that offered new ransomware data and tales this week embrace: @billtoulas, @serghei, @fwosar, @LawrenceAbrams, @malwrhunterteam, @Seifreed, @Ionut_Ilascu, @BleepinComputer, @demonslay335, @snlyngaas, @pcrisk, @AJVicens, @chainalysis, @F_A_C_C_T_ , @zackwhittaker, @H4ckManac, and @JakubKroustek.

Could sixth 2024

Examining the Impact of Ransomware Disruptions: Qakbot, LockBit, and BlackCat

A historic surge of ransomware incidents and fee totals in 2023 was not with out resistance, as vital actions have been taken towards ransomware actors in 2023 and early 2024, together with notable disruptions on Qakbot malware, and the LockBit and ALPHV-BlackCat ransomware-as-a-service (RaaS) teams.

Lockbit’s seized site comes alive to tease new police announcements

The NCA, FBI, and Europol have revived a seized LockBit ransomware information leak website to trace at new data being revealed by regulation enforcement this Tuesday.

City of Wichita shuts down IT network after ransomware attack

The Metropolis of Wichita, Kansas, disclosed it was compelled to close down parts of its community after struggling a weekend ransomware assault.

New STOP ransomware variants

Jakub Kroustek discovered new STOP ransomware variants that append the .qepi, .qehu, and .baaa extensions.

Could seventh 2024

LockBit ransomware admin identified, sanctioned in US, UK, Australia

The FBI, UK Nationwide Crime Company, and Europol have unveiled sweeping indictments and sanctions towards the admin of the LockBit ransomware operation, with the id of the Russian menace actor revealed for the primary time.

New XAM ransomware

PCrisk discovered a brand new ransomware that appends the .xam extension and drops a ransom word named unlock.txt.

Darkness is coming: a new group of MorLock ransomware has increased the intensity of attacks on Russian businesses

MorLock, like many others we coated in our above-mentioned overview, is attacking Russian corporations utilizing LockBit 3 (Black) and Babuk ransomware . Within the present setting, there’s a collaboration of cyber gangs; they use comparable ways, strategies and procedures (TTPs), in addition to an arsenal of instruments. All this creates sure “interference” that makes it tough to establish attackers, however it’s nonetheless attainable to establish the attackers’ distinctive handwriting, which permits them to be attributed to a selected group.

Brandywine Realty Trust says data stolen in ransomware attack

U.S. realty belief large Brandywine Realty Belief has confirmed a cyberattack that resulted within the theft of information from its community.

Could eighth 2024

University System of Georgia: 800K exposed in 2023 MOVEit attack

The College System of Georgia (USG) is sending information breach notifications to 800,000 people whose information was uncovered within the 2023 Clop MOVEit assaults.

City of Wichita breach claimed by LockBit ransomware gang

The LockBit ransomware gang has claimed duty for a disruptive cyberattack on the Metropolis of Wichita, which has compelled the Metropolis’s authorities to close down IT techniques used for on-line invoice fee, together with courtroom fines, water payments, and public transportation.

Ascension healthcare takes systems offline after cyberattack

?Ascension, one of many largest non-public healthcare techniques in the US, has taken a few of its techniques offline to analyze what it describes as a “cyber safety occasion.”

Boeing confirms attempted $200 million ransomware extortion attempt

The cybercriminals who focused Boeing utilizing the LockBit ransomware platform in October 2023 demanded a $200 million extortion fee, the corporate mentioned Wednesday.

New STOP ransomware variant

Jakub Kroustek discovered a brand new STOP ransomware variant that appends the .qeza extension.

Could tenth 2024

Ohio Lottery ransomware attack impacts over 538,000 individuals

?The Ohio Lottery is sending information breach notification letters to over 538,000 people affected by a cyberattack that hit the group’s techniques on Christmas Eve.

Ascension redirects ambulances after suspected ransomware attack

Ascension, a serious U.S. healthcare community, is diverting ambulances from a number of hospitals resulting from a suspected ransomware assault that has been inflicting scientific operation disruptions and system outages since Wednesday.

That is it for this week! Hope everybody has a pleasant weekend!

Leave a Reply

Your email address will not be published. Required fields are marked *