The LockBit ransomware operation has once again taken center stage in the ransomware news, as we learned yesterday they were behind the attack on Royal Mail.
Royal Mail is the UK’s largest mail delivery service and is considered critical infrastructure in the country, with disruption to its services having a significant impact on the country’s economy and supply chain.
Wednesday, Royal Mail suffered a cyberattack which led to the cessation of international maritime services.
Yesterday we learned that this disruption was caused by a LockBit ransomware attack which encrypted the computers used to print the customs slips needed for international shipping.
LockBit having become the largest ransomware operation, it also seems to have become very heavy-handed, with affiliates targeting critical infrastructure and children’s hospitals, even though this goes against gang policies.
LockBit has finally released a free decryptor for SickKids children’s hospital but it is unclear if they will for Royal Mail at this time.
We also learned this week that Operation Vice Society Ransomware attacked and leaked data from Fire Rescue Victoriaa large fire and rescue service in Australia.
New ransomware research has also been leaked or discovered, with various reports listed below:
CISA now requires federal agencies to patch OWASSRF flaw by the end of January due to its active exploitation by the Cuba and Play ransomware operations.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @PolarToffee, @Seifreed, @billtoulas, @malwareforme, @jorntvdw, @struppigel, @demonslay335, @Ionut_Ilascu, @FourBytes, @malwhunterteam, @BleepinComputer, @LawrenceAbrams, @fwosar, @VK_Intel, @serghei, @pcrisk, @MsftSecIntel, @SRMInform, @TGeschesand @rapid7.
January 9, 2023
New Dharma Ransomware Variant
Risk found a new variant of Dharma ransomware that adds the .mao extension.
New Variant STOP Ransomware
PCrisk has found a new variant of Dharma ransomware that adds the .zoqw and drops a ransom note named _readme.txt.
New variant of VoidCrypt Ransomware
PCrisk has found a new VoidCrypt ransomware variant that adds the .RYKCRYPT and drops a ransom note named unlock-info.txt.
New variant of Xorist ransomware
PCrisk has found a new Xorist ransomware variant that adds the .KoRyA and drops a ransom note named HOW TO DECRYPTE .txt FILES.
January 10, 2023
Lorenz ransomware gang plants backdoors to use months later
Security researchers warn that patching critical vulnerabilities allowing network access is insufficient to defend against ransomware attacks.
CISA orders agencies to fix Exchange bug abused by ransomware gang
The Cybersecurity and Infrastructure Security Agency (CISA) added two more security vulnerabilities to its exploit catalog today.
New Variant STOP Ransomware
PCrisk has found a new variant of Dharma ransomware that adds the .zouu and drops a ransom note named _readme.txt.
January 11, 2023
Royal Mail halts international services after cyberattack
The Royal Mail, the UK’s main mail delivery service, has halted its international shipping services due to a “serious service disruption” caused by what it described as a “cyber incident”.
Increase the bite of HIVE Ransomware
How malicious actors evade detection and disable defenses for more destructive HIVE Ransomware attacks.
January 12, 2023
Vice Society ransomware claims attack on Australian Fire Service
Fire Rescue Victoria in Australia has disclosed a data breach caused by a December cyberattack that is now claimed by the Vice Society ransomware gang.
Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw
Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers without patching against a critical Server-Side Request Forgery (SSRF) vulnerability also exploited in Play ransomware attacks.
Royal Mail cyberattack linked to LockBit ransomware operation
A cyberattack on Royal Mail, the UK’s largest mail delivery service, has been linked to the LockBit ransomware operation.