This week noticed loads of ransomware information, starting from new extortion techniques, to a ransomware gang gifting away a free decryptor after attacking a youngsters’s hospital.
Total, it was a reasonably unhealthy 12 months for organizations, with Emsisoft reporting that 200 authorities, schooling, and healthcare entities had been focused by ransomware in 2022.
The cybersecurity agency states that ransomware operations attacked twenty-four hospitals and multi-hospital well being techniques final 12 months.
Nonetheless, the 12 months is off with a bang, with LockBit ransomware confirming they attacked the SickKids youngsters’s hospital. This assault led to delays in obtain lab and imaging outcomes and longer wait occasions for sufferers.
The ransomware gang claims the assault was carried out by a rogue affiliate who broke the operation’s insurance policies, resulting in a free decryptor being given to the hospital.
Nonetheless, LockBit members are identified for stealing information throughout their assaults, and it’s unclear if information was stolen and whether it is being misused in any method.
BlackCat/AlphV is evolving their extortion techniques by cloning a sufferer’s web site and utilizing it to leak stolen information. The menace actors beforehand created devoted information leak websites for victims, permitting staff to seek for their information.
We additionally discovered extra data this week about numerous cyberattacks, which have now been confirmed as ransomware.
These ransomware assaults embody a LockBit assault on the SickKids youngsters’s hospital. Rackspace confirming they had been attacked by Play Ransomware, a Royal ransomware assault on QUT, and a LockBit ransomware assault on Wabtec.
Rackspace later confirmed that the Play ransomware operation was capable of entry the Microsoft Trade Private Storage Desk (PST) information for 27 clients. These information are used to retailer emails for electronic mail accounts.
Whereas it has largely been unhealthy information, we did see some excellent news this week.
BitDefender and regulation enforcement launched a free decryptor for the MegaCortex ransomware. Any victims who saved their encrypted information within the hopes of a decryptor being launched can recuperate their information without spending a dime.
Contributors and those that offered new ransomware data and tales this week embody: @LawrenceAbrams, @serghei, @PolarToffee, @billtoulas, @Ionut_Ilascu, @Seifreed, @fwosar, @struppigel, @demonslay335, @malwrhunterteam, @BleepinComputer, @Fortinet, @emsisoft, @BrettCallow, @Bitdefender, @AlvieriD, and @pcrisk.
January 1st 2023
Ransomware gang apologizes, offers SickKids hospital free decryptor
The LockBit ransomware gang has launched a free decryptor for the Hospital for Sick Kids (SickKids), saying one in every of its members violated guidelines by attacking the healthcare group.
Ransomware gang cloned sufferer’s web site to leak stolen information
The ALPHV ransomware operators have gotten inventive with their extortion tactic and, in at the very least one case, created a duplicate of the sufferer’s website to publish stolen information on it.
January 2nd 2023
Ransomware impacts over 200 govt, edu, healthcare orgs in 2022
Ransomware assaults in 2022 impacted greater than 200 hundred bigger organizations within the U.S. public sector within the authorities, academic, and healthcare verticals.
New STOP Ransomware variant
PCrisk discovered a brand new variant of the STOP ransomware that appends the .znto extension to encrypted information.
New Dharma ransomware variant
PCrisk discovered a brand new Dharma ransomware variant that appends the .CY3 extension.
New Upsilon Ransomware
PCrisk discovered the brand new Upsilon ransomware that appends the .upsil0n extension and drops a ransom be aware named Upsilon.txt.
New BetterCallSaul ransomware
PCrisk discovered a brand new ransomware that appends the .bettercallsaul extension and drops ransom notes named DECRYPT_MY_FILES.txt.
January third 2023
Royal ransomware claims assault on Queensland College of Know-how
The Royal ransomware gang has claimed accountability for a latest cyberattack on the Queensland College of Know-how and begun to leak information allegedly stolen throughout the safety breach.
Rail large Wabtec discloses information breach after Lockbit ransomware assault
U.S. rail and locomotive firm Wabtec Company has disclosed an information breach that uncovered private and delicate data.
New Dharma ransomware variant
PCrisk discovered a brand new Dharma ransomware variant that appends the .d0n extension.
New STOP Ransomware variant
PCrisk discovered a brand new variant of the STOP ransomware that appends the .bpsm extension to encrypted information.
January 4th 2023
Rackspace confirms Play ransomware was behind latest cyberattack
Texas-based cloud computing supplier Rackspace has confirmed that the Play ransomware operation was behind a latest cyberattack that took down the corporate’s hosted Microsoft Trade environments.
January fifth 2023
Bitdefender releases free MegaCortex ransomware decryptor
Antivirus firm Bitdefender has launched a decryptor for the MegaCortex ransomware household, making it attainable for victims of the as soon as infamous gang to revive their information without spending a dime.
Rackspace: Buyer electronic mail information accessed in ransomware assault
Rackspace revealed on Thursday that attackers behind final month’s incident accessed a few of its clients’ Private Storage Desk (PST) information which may comprise a variety of knowledge, together with emails, calendar information, contacts, and duties.
Ransomware Roundup – Monti, BlackHunt, and Putin Ransomware
This newest version of the Ransomware Roundup covers Monti, BlackHunt, and Putin ransomware.
January sixth 2023
New STOP Ransomware variants
PCrisk discovered new variants of the STOP ransomware that append the .bpws and .bpto extensions to encrypted information.
