Home Cyber Security The Week in Ransomware – December twenty ninth 2023

The Week in Ransomware – December twenty ninth 2023

0
The Week in Ransomware – December twenty ninth 2023

[ad_1]

LockBit

It has been a quiet week, with even menace actors showing to take a while off for the vacations. We didn’t see a lot analysis launched on ransomware this week, with a lot of the information specializing in new assaults and LockBit associates more and more concentrating on hospitals.

These assaults embrace ones in opposition to Yakult Australia and the Ohio Lottery by the brand new DragonForce ransomware operation.

Essentially the most regarding information is that LockBit associates more and more goal hospitals in assaults, although the ransomware operation says it is in opposition to the foundations.

In December 2022, one week earlier than Christmas, a LockBit affiliate attacked the Hospital for Sick Kids (SickKids) in Toronto, inflicting diagnostic and therapy delays. The ransomware operation mentioned this was in opposition to the foundations and issued a free decryptor.

Apology to SickKids on the LockBit data leak site
Apology to SickKids on the LockBit information leak website
Supply: BleepingComputer

Nonetheless, this week, we realized that LockBit attacked three hospitals in Germany, disrupting emergency room providers.

We additionally realized about two New York hospitals searching for a courtroom order to have Boston cloud storage firm Wasabi Applied sciences return stolen information saved on one in every of its servers by the LockBit ransomware gang.

Based on a courtroom order, the Carthage Space Hospital and Claxton-Hepburn Medical Heart have been attacked in September, with the LockBit affiliate renting cloud storage at Wasabi to retailer stolen information.

The 2 hospitals now request that the courts power Wasabi to offer and delete the info from their servers. The courtroom paperwork point out that Wasabi is already working with the FBI and has shared a duplicate of the stolen information with them.

Lastly, Microsoft as soon as once more disabled the MSIX ms-appinstaller protocol handler after deactivating it in February 2022 after which enabling it once more in 2023 for some unknown cause.

Nonetheless, as malware campaigns proceed to abuse this characteristic, which may result in ransomware assaults, the characteristic has once more been disabled.

Contributors and those that offered new ransomware info and tales this week embrace: @malwrhunterteam, @serghei, @demonslay335, @BleepinComputer, @Ionut_Ilascu, @Seifreed, @fwosar, @LawrenceAbrams, @billtoulas, @MsftSecIntel, @DarkWebInformer, @BrettCallow, @pcrisk, and @Fortinet.

December twenty seventh 2023

Yakult Australia confirms ‘cyber incident’ after 95 GB information leak

Yakult Australia, producer of a probiotic milk drink, has confirmed experiencing a “cyber incident” in an announcement to BleepingComputer. Each the corporate’s Australian and New Zealand IT programs have been affected.

Ohio Lottery hit by cyberattack claimed by DragonForce ransomware

The Ohio Lottery was pressured to close down some key programs after a cyberattack affected an undisclosed variety of inner functions on Christmas Eve.

Lockbit ransomware disrupts emergency care at German hospitals

German hospital community Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that latest service disruptions at three hospitals have been attributable to a Lockbit ransomware assault.

New STOP ransomware variant

PCrisk discovered a brand new STOP ransomware variant that appends the .cdmx extension.

New ransomware variant

PCrisk discovered a brand new ransomware variant that appends the .Tisak extension and drops a ransom observe named Tisak_Help.txt.

December twenty eighth 2023

Microsoft disables MSIX protocol handler abused in malware assaults

Microsoft has once more disabled the MSIX ms-appinstaller protocol handler after a number of financially motivated menace teams abused it to contaminate Home windows customers with malware.

New Dwell Group ransomware

PCrisk discovered a brand new Dwell Group ransomware that appends the .LIVE and drops a ransom observe named FILE RECOVERY_ID_[victim’s_ID].txt.

New SNet ransomware

PCrisk discovered a brand new ransomware variant that appends the .SNet extension and drops a ransom observe named DecryptNote.txt.

Ransomware Roundup – 8base

8base is a financially motivated ransomware variant almost definitely primarily based on the Phobos ransomware. Per our FortiRecon info, the 8base ransomware first appeared in Might 2023.

December twenty ninth, 2023

Hospitals ask courts to power cloud storage agency to return stolen information

Two not-for-profit hospitals in New York are searching for a courtroom order to retrieve information stolen in an August ransomware assault that is now saved on the servers of a Boston cloud storage firm.

That is it for this week! Hope everybody has a pleasant weekend!



[ad_2]