It has been a quiet week, with even risk actors showing to take a while off for the vacations. We didn’t see a lot analysis launched on ransomware this week, with a lot of the information specializing in new assaults and LockBit associates more and more concentrating on hospitals.
These assaults embrace ones in opposition to Yakult Australia and the Ohio Lottery by the brand new DragonForce ransomware operation.
Essentially the most regarding information is that LockBit associates more and more goal hospitals in assaults, despite the fact that the ransomware operation says it is in opposition to the principles.
In December 2022, one week earlier than Christmas, a LockBit affiliate attacked the Hospital for Sick Kids (SickKids) in Toronto, inflicting diagnostic and therapy delays. The ransomware operation stated this was in opposition to the principles and issued a free decryptor.
Nevertheless, this week, we discovered that LockBit attacked three hospitals in Germany, disrupting emergency room providers.
We additionally discovered about two New York hospitals in search of a courtroom order to have Boston cloud storage firm Wasabi Applied sciences return stolen information saved on certainly one of its servers by the LockBit ransomware gang.
In response to a courtroom order, the Carthage Space Hospital and Claxton-Hepburn Medical Heart had been attacked in September, with the LockBit affiliate renting cloud storage at Wasabi to retailer stolen information.
The 2 hospitals now request that the courts power Wasabi to supply and delete the info from their servers. The courtroom paperwork point out that Wasabi is already working with the FBI and has shared a duplicate of the stolen information with them.
Lastly, Microsoft as soon as once more disabled the MSIX ms-appinstaller protocol handler after deactivating it in February 2022 after which enabling it once more in 2023 for some unknown motive.
Nevertheless, as malware campaigns proceed to abuse this function, which may result in ransomware assaults, the function has once more been disabled.
Contributors and those that supplied new ransomware info and tales this week embrace: @malwrhunterteam, @serghei, @demonslay335, @BleepinComputer, @Ionut_Ilascu, @Seifreed, @fwosar, @LawrenceAbrams, @billtoulas, @MsftSecIntel, @DarkWebInformer, @BrettCallow, @pcrisk, and @Fortinet.
December twenty seventh 2023
Yakult Australia confirms ‘cyber incident’ after 95 GB information leak
Yakult Australia, producer of a probiotic milk drink, has confirmed experiencing a “cyber incident” in a press release to BleepingComputer. Each the corporate’s Australian and New Zealand IT techniques have been affected.
Ohio Lottery hit by cyberattack claimed by DragonForce ransomware
The Ohio Lottery was compelled to close down some key techniques after a cyberattack affected an undisclosed variety of inner purposes on Christmas Eve.
Lockbit ransomware disrupts emergency care at German hospitals
German hospital community Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that current service disruptions at three hospitals had been attributable to a Lockbit ransomware assault.
New STOP ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .cdmx extension.
New ransomware variant
PCrisk discovered a brand new ransomware variant that appends the .Tisak extension and drops a ransom be aware named Tisak_Help.txt.
December twenty eighth 2023
Microsoft disables MSIX protocol handler abused in malware assaults
Microsoft has once more disabled the MSIX ms-appinstaller protocol handler after a number of financially motivated risk teams abused it to contaminate Home windows customers with malware.
New Reside Group ransomware
PCrisk discovered a brand new Reside Group ransomware that appends the .LIVE and drops a ransom be aware named FILE RECOVERY_ID_[victim’s_ID].txt.
New SNet ransomware
PCrisk discovered a brand new ransomware variant that appends the .SNet extension and drops a ransom be aware named DecryptNote.txt.
Ransomware Roundup – 8base
8base is a financially motivated ransomware variant probably primarily based on the Phobos ransomware. Per our FortiRecon info, the 8base ransomware first appeared in Might 2023.
December twenty ninth, 2023
Hospitals ask courts to power cloud storage agency to return stolen information
Two not-for-profit hospitals in New York are in search of a courtroom order to retrieve information stolen in an August ransomware assault that is now saved on the servers of a Boston cloud storage firm.