There has been quite a bit of ransomware news this week, with crypto exchanges seized for alleged money laundering and researchers providing fascinating reports on the behavior of ransomware operators.
This week’s most fascinating report comes from Jon DiMaggio who has spent months undercover learning about the LockBit ransomware operation and its public representative known as LockBitSupp.
For those who want to know more about the rise of the biggest ransomware operation right now, you should definitely give DiMaggio’s Unlock LockBit – a ransomware story a lecture.
The United States and France also conducted a law enforcement operation where they seized the domain and arrested operator of crypto exchange Bizlato for alleged money laundering of crypto proceeds generated by ransomware and illegal drug transactions.
We also learned more about ransomware attacks this week and in the past, including:
However, it’s not all bad news this week, with Avast releasing a free decryptor for BianLian ransomware.
Additionally, reports from Chainalysis and Coveware show that ransomware payments dropped by around 40% in 2022 because companies refuse to pay and the company invests in stronger security and better backups.
Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @demonslay335, @malwhunterteam, @Seifreed, @billtoulas, @PolarToffee, @struppigel, @serghei, @fwosar, @BleepinComputer, @Ionut_Ilascu, @chainalysis, @coveware, @BrettCallow, @jgreigj, @pcrisk, @Avastand @Jon__DiMaggio.
January 16, 2023
The LockBit ransomware gang is one of the most notorious organized cyber crime syndicates in existence today. The gang is behind attacks targeting private sector companies and other prominent industries around the world. Media outlets and news outlets have documented numerous LockBit attacks, while security vendors offer technical assessments explaining how each occurred. While these provide insight into the attacks, I wanted to learn more about the human side of the operation to learn more about the ideas, motivations, and behaviors of individuals on the other side of the keyboard.
Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying hackers.
The Vice Society ransomware gang claimed responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) that forced the university to rebuild its IT infrastructure, a process that is still ongoing.
Risk found new STOP ransomware variants that add the .poqw and .pouu expansions.
PCRisk has found a new VoidCrypt variant that adds the .go Go extension and drops a ransom note named unlock-info.txt.
January 17, 2023
About 1,000 ships have been affected by a ransomware attack against a major ship software provider.
PCRisk has found a Phobos variant that adds the .STEEL extension and drops a ransom note named info.txt.
January 18, 2023
The US Department of Justice has arrested and charged Russian national Anatoly Legkodymov, the founder of Hong Kong-registered cryptocurrency exchange Bitzlato, for helping cybercriminals launder illegally obtained money.
Ukraine’s Computer Emergency Response Team (CERT-UA) has linked a destructive malicious attack targeting the country’s national news agency (Ukrinform) to Russian military Sandworm hackers.
PCRisk has found a Xorist variant that adds the .Boy extension and drops a ransom note named HOW TO DECRYPTE .txt FILES.
January 19, 2023
Ransomware gangs extorted an estimated $456.8 million from victims throughout 2022, down about 40% from the record high of $765 million recorded in the previous two years.
Yum! Brands, the fast food brand operator of fast food chains KFC, Pizza Hut, Taco Bell and The Habit Burger Grill, has been the target of a ransomware attack that has forced the closure of 300 locations in the UK United.
Qulliq Energy Corporation (QEC) was the target of an illegal cyberattack on January 15. QEC’s network was hacked and the company took immediate action to contain the situation.
PCrisk has found new STOP ransomware variants that add the .mzqw and .mzop expansions.
January 20, 2023
Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, claims that the Vice Society ransomware gang stole files containing personal information about contractors, including social security numbers ( SSN).
Over the past 4 years, the propensity of ransomware victims to pay a ransom has dropped dramatically, from 85% of victims in Q1 2019 to 37% of victims in Q4 2022. On a yearly basis, 41% of victims paid in 2022 compared to 76% in 2019. Despite the best efforts of cybercriminals rowing in the opposite direction, the reduction of 48 full percentage points in this key indicator is the result of several factors.
The Costa Rican government has suffered another ransomware attack just months after several government departments were crippled in a large-scale attack by hackers using Conti ransomware.