Saturday, August 12, 2023
HomeCyber SecurityThe Week in Ransomware - August eleventh 2023

The Week in Ransomware – August eleventh 2023


Whereas some ransomware operations declare to not goal hospitals, one comparatively new ransomware gang named Rhysida would not appear to care.

Rhysida launched in Might 2023, when it rapidly began to make a reputation for itself because it made indiscriminate assaults on hospitals, the enterprise, and even authorities companies.

The group first got here to notoriety after attacking the Chilean Military (Ejército de Chile) and leaking stolen knowledge.

Now the ransomware gang is making the headlines attributable to its concentrating on of healthcare, with the group believed to be behind the assaults on Prospect Medical Group, impacting 17 hospitals and 166 clinics throughout the USA.

This led to a flurry of reviews launched by the U.S. Division of Well being and Human Providers, Pattern Micro, Cisco Talos, and Examine Level Analysis.

We additionally noticed extra reviews on ransomware about TargetCompany, code leaks impacting the RaaS ecosystem, and a brand new risk actor utilizing a personalized model of Yashma ransomware.

In different information, we proceed to see the fallout from Clop’s MOVEit data-theft assaults, with Missouri’s Division of Social Providers warning that knowledge was stolen from IBM’s MOVEit server.

Lastly, Europol and the U.S. Division of Justice introduced the takedown of the LOLEKHosted bulletproof internet hosting supplier, saying that one of many arrested admins facilitated Netwalker ransomware assaults by internet hosting storage servers for the gang.

Contributors and people who offered new ransomware data and tales this week embrace: @Seifreed, @struppigel, @Ionut_Ilascu, @serghei, @LawrenceAbrams, @malwrhunterteam, @billtoulas, @demonslay335, @BleepinComputer, @HHSGov, @TrendMicro, @TalosSecurity, @_CPResearch_, @IRS_CI, and @pcrisk.

August seventh 2023

New risk actor targets Bulgaria, China, Vietnam and different nations with personalized Yashma ransomware

Talos assesses with excessive confidence that this risk actor is concentrating on victims in English-speaking nations, Bulgaria, China and Vietnam, because the actor’s GitHub account, “nguyenvietphat,” has ransomware notes written in these nations’ languages. The presence of an English model might point out the actor intends to focus on a variety of geographic areas.

Code leaks are inflicting an inflow of recent ransomware actors

Ransomware gangs are constantly rebranding or merging with different teams, as highlighted in our 2022 12 months in Overview, or these actors work for a number of ransomware-as-a-service (RaaS) outfits at a time, and new teams are at all times rising.

TargetCompany Ransomware Abuses FUD Obfuscator Packers

We discovered energetic marketing campaign deployments combining distant entry trojan (RAT) Remcos and the TargetCompany ransomware earlier this yr. We in contrast these deployments with earlier samples and located that these deployments are implementing totally undetectable (FUD) packers to their binaries. By combining telemetry knowledge and exterior risk looking sources, we have been in a position to collect early samples of those in improvement. Just lately, we discovered a sufferer on which this method was deployed and focused particularly at.

New STOP ransomware variants

PCrisk discovered new STOP ransomware variants that append the .yyza and .yytw extensions.

New Dharma ransomware variant

PCrisk discovered a brand new Dharma variant that appends the .GPT extension.

August eighth 2023

THE RHYSIDA RANSOMWARE: ACTIVITY ANALYSIS AND TIES TO VICE SOCIETY

The Rhysida ransomware group was first revealed in Might this yr, and since then has been linked to a number of impactful intrusions, together with an assault on the Chilean Military. Just lately the group was additionally tied to an assault in opposition to Prospect Medical Holdings, affecting 17 hospitals and 166 clinics throughout the USA. After this assault, the US Division of Well being and Human Providers outlined Rhysida as a big risk to the healthcare sector.

What Cisco Talos is aware of concerning the Rhysida ransomware

Cisco Talos is conscious of the current advisory revealed by the U.S. Division of Well being and Human Providers (HHS) warning the healthcare business about Rhysida ransomware exercise.

New Xorist variant

PCrisk discovered a brand new Xorist ransomware variant that appends the .PrOToN extension and drops a ransom observe named HOW TO DECRYPT FILES.txt.

August ninth 2023

Missouri warns that well being information was stolen in IBM MOVEit knowledge breach

Missouri’s Division of Social Providers warns that protected Medicaid healthcare data was uncovered in an information breach after IBM suffered a MOVEit knowledge theft assault.

Rhysida ransomware behind current assaults on healthcare

The Rhysida ransomware operation is making a reputation for itself after a wave of assaults on healthcare organizations has compelled authorities companies and cybersecurity corporations to pay nearer consideration to its operations.

An Overview of the New Rhysida Ransomware Concentrating on the Healthcare Sector

On August 4, 2023, the HHS’ Well being Sector Cybersecurity Coordination Heart (HC3) launched a safety alert a few comparatively new ransomware known as Rhysida (detected as Ransom.PS1.RHYSIDA.SM), which has been energetic since Might 2023. On this weblog entry, we’ll present particulars on Rhysida, together with its targets and what we find out about its an infection chain.

August tenth 2023

New Harward ransomware

PCrisk discovered a brand new ransomware variant that appends the .harward extension.

August eleventh 2023

LOLEKHosted admin arrested for aiding Netwalker ransomware gang

Police have taken down the Lolek bulletproof internet hosting supplier, arresting 5 people and seizing servers for allegedly facilitating Netwalker ransomware assaults and different malicious actions.

New MedusaLocker variant

PCrisk discovered a brand new ransomware variant that appends the .alock extension.

That is it for this week! Hope everybody has a pleasant weekend!





Supply hyperlink

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Google search engine

Most Popular

Recent Comments