There has been quite a bit of ransomware news this week, with crypto exchanges being seized for alleged money laundering and researchers providing fascinating reports on the behavior of ransomware operators.
The most fascinating report this week comes from Jon DiMaggio who spent months going undercover to learn more about the LockBit's ransomware operation and its public representative known as LockBitSupp.
For those who want to learn more about the rise of the most prominent ransomware operation at this time, you should definitely give DiMaggio's Unlocking LockBit - a Ransomware Story a read.
The US and France also conducted a law enforcement operation where they seized the domain and arrested the operator of the Bizlato crypto exchange for allegedly money laundering crypto proceeds generated from ransomware and illegal drug transaction.
We also learned more about ransomware attacks conducted this week and in the past, including:
- Vice Society ransomware leaked the data for University of Duisburg-Essen (UDE).
- A a ransomware attack on shipping software supplier DNV impacted 1,000 ships.
- Data was stolen from the KFC, Taco Bell, and Pizza Hut brand owner during an attack
- LAUSD confirming SSNs were stolen in last year’s ransomware attack
However, it's not all bad news this week, with Avast releasing a free decryptor for the BianLian ransomware.
Furthermore, reports from both Chainalysis and Coveware illustrate that ransomware payments dropped approximately 40% in 2022 as companies refuse to pay and the enterprise invests in stronger security and better backups.
Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @demonslay335, @malwrhunterteam, @Seifreed, @billtoulas, @PolarToffee, @struppigel, @serghei, @fwosar, @BleepinComputer, @Ionut_Ilascu, @chainalysis, @coveware, @BrettCallow, @jgreigj, @pcrisk, @Avast, and @Jon__DiMaggio.
January 16th 2023
Unlocking LockBit - A Ransomware Story
The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred. Although these provide insight into the attacks, I wanted to know more about the human side of the operation to learn about the insights, motivations, and behaviors of the individuals on the other side of the keyboard
Avast releases free BianLian ransomware decryptor
Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers.
Vice Society ransomware leaks University of Duisburg-Essen’s data
The Vice Society ransomware gang has claimed responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) that forced the university to reconstruct its IT infrastructure, a process that's still ongoing.
New STOP Ransomware variants
PCrisk found new STOP ransomware variants that append the .poqw and .pouu extensions.
New VoidCrypt ransomware
PCRisk found a new VoidCrypt variant that appends the .gogo extension and drops a ransom note named unlock-info.txt.
January 17th 2023
Ransomware attack on maritime software impacts 1,000 ships
About 1,000 vessels have been affected by a ransomware attack against a major software supplier for ships.
New Phobos ransomware variant
PCRisk found a Phobos variant that appends the .STEEL extension and drops a ransom note named info.txt.
January 18th 2023
Bitzlato crypto exchange seized for ransomware, drugs money laundering
The U.S. Department of Justice arrested and charged Russian national Anatoly Legkodymov, the founder of the Hong Kong-registered cryptocurrency exchange Bitzlato, with helping cybercriminals allegedly launder illegally obtained money.
Ukraine links data-wiping attack on news agency to Russian hackers
The Computer Emergency Response Team of Ukraine (CERT-UA) has linked a destructive malware attack targeting the country's national news agency (Ukrinform) to Sandworm Russian military hackers.
New Xorist ransomware variant
PCRisk found a Xorist variant that appends the .BoY extension and drops a ransom note named HOW TO DECRYPT FILES.txt.
January 19th 2023
Ransomware profits drop 40% in 2022 as victims refuse to pay
Ransomware gangs extorted from victims about $456.8 million throughout 2022, a drop of roughly 40% from the record-breaking $765 million recorded in the previous two years.
Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner
Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom.
Qulliq Energy Corporation impacted by a cybersecurity incident
Qulliq Energy Corporation (QEC) was targeted in an illegal cyberattack on January 15. QEC’s network was breached, and the corporation took immediate actions to contain the situation.
New STOP Ransomware variants
PCrisk found new STOP ransomware variants that append the .mzqw and .mzop extensions.
January 20th 2023
LAUSD says Vice Society ransomware gang stole contractors’ SSNs
Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang has stolen files containing contractors' personal information, including Social Security Numbers (SSNs).
Improved Security and Backups Result in Record Low Number of Ransomware Payments
Over the last 4 years, the propensity for victims of ransomware to pay a ransom has fallen dramatically, from 85% of victims in Q1 of 2019, to 37% of victims in Q4 of 2022. On an annual basis, 41% of victims paid in 2022 vs. 76% in 2019. Despite the best efforts of the cyber criminals rowing in the opposite direction, shaving 48 whole percentage points of this key indicator has been the result of several factors.
Costa Rica’s Ministry of Public Works and Transport crippled by ransomware attack
Costa Rica’s government has suffered another ransomware attack just months after several ministries were crippled in a wide-ranging attack by hackers using the Conti ransomware.
That's it for this week! Hope everyone has a nice weekend!
The Week in Ransomware - January 20th 2023 - Targeting Crypto Exchanges
Recommended Comments
There are no comments to display.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.