This week was marked by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous affiliates including SlingTV and Boost Mobile.

The attack began on February 23, forcing the company to shut down parts of its IT systems, causing widespread outages among its services.

However, it wasn’t until February 28 that DISH finally confirmed to have suffered a ransomware attackwith multiple sources telling BleepingComputer that the Black Basta ransomware gang was responsible.

The other big news was a report that the The US Marshals Service suffered a ransomware attack, including data theft. It is unclear which ransomware operation is behind the attack.

Finally, the White House unveiled its new US national cybersecurity strategywith a focus on targeting ransomware operations.

Other ransomware attacks we learned more about this week include those on the City of Oakland, the Indigo bookstore chain, Tennessee State University and University of Southeast Louisianaand the Clop data theft at Hatch Bank.

Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @DanielGallagher, @Ionut_Ilascu, @fwosar, @struppigel, @Seifreed, @demonslay335, @LawrenceAbrams, @malwhunterteam, @BleepinComputer, @FourBytes, @PolarToffee, @billtoulas, @jorntvdw, @serghei, @juanbrodersen, @CISAgov,jgreigj, @Bitdefender, @cyfirma, @jgreigjAnd @pcrisk.

February 25, 2023

Dish Network goes offline after likely cyberattack, employees cut off

US television giant and satellite streaming provider, Dish Network, has mysteriously gone offline as its websites and apps have stopped working for the past 24 hours.

February 27, 2023

New Exfiltrator-22 post-exploit kit linked to LockBit ransomware

Threat actors are promoting a new “Exfiltrator-22” post-exploitation framework designed to spread ransomware in corporate networks while evading detection.

US Marshals Service investigates ransomware attack and data theft

The US Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that impacted what it describes as “a standalone USMS system”.

New variant of VoidCrypt

Risk found a new VoidCrypt variant that adds the .lilmoon extension and drops a ransom note named Decryption-guide.txt.

New ransomware 726

PCrisk has found ransomware that adds the ..726 and drips a ransom note named RECOVER-FILES-726.html.

February 28, 2023

Dish Network confirms ransomware attack behind multi-day outage

Satellite broadcasting provider and television giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that began on Friday.

New MortalKombat ransomware decryptor recovers your files for free

Cybersecurity company Bitdefender has released a free MortalKombat ransomware decryptor that victims can use to restore their files without paying a ransom.

March 1, 2023

Canadian book giant claims employee data was stolen in ransomware attack

Canadian bookseller Indigo has denied that customer data was stolen last month in a ransomware attack that took down its website. Data from workers at the multibillion-dollar company, however, hasn’t been so good.

New Variant of Chaos Ransomware

PCrisk has found a new Chaos variant that adds the .skull extension and drops a ransom note named read_it.txt.

March 2, 2023

Hatch Bank reveals data breach after GoAnywhere MFT hack

Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of nearly 140,000 customers of the company’s Fortra GoAnywhere MFT secure file-sharing platform.

The White House releases a new national cybersecurity strategy for the United States

The Biden-Harris administration today released its National Cybersecurity Strategy which aims to shift the burden of defending the nation’s cyberspace to software companies and service providers.

Tennessee and Southeast Louisiana State Universities Hit by Cyberattacks

Two universities in Tennessee and Louisiana are grappling with cyberattacks that have crippled campus services and left students scrambling to find alternative tools.

New STOP ransomware variants

PCrisk has found new STOP ransomware variants that add the .gosw And .goaq expansions.

March 3, 2023

Play ransomware claims disruptive attack on the city of Oakland

The Play ransomware gang has taken responsibility for a cyberattack on the city of Oakland that has disrupted computer systems since mid-February.

LockBit released the data stolen from La Segunda: there are court records, expert reports and medical data

LockBit, one of the largest ransomware groups in the world, released sensitive information from the insurance company Rosario La Segunda: there are court records, expert reports and sensitive medical data of affiliates, among others.

New variant of MedusaLocker ransomware

PCrisk has found a new MedusaLocker ransomware variant that adds the .skynetwork8 extension.

New variant of STOP ransomware

PCrisk has found a new STOP ransomware variant that adds the .goba extension.

It’s all for this week ! I hope everyone is having a good weekend!