There has been quite a bit of ransomware news this week, with crypto exchanges seized for alleged money laundering and researchers providing fascinating reports on the behavior of ransomware operators.

This week’s most fascinating report comes from Jon DiMaggio who has spent months undercover learning about the LockBit ransomware operation and its public representative known as LockBitSupp.

For those who want to know more about the rise of the biggest ransomware operation right now, you should definitely give DiMaggio’s Unlock LockBit – a ransomware story a lecture.

The United States and France also conducted a law enforcement operation where they seized the domain and arrested operator of crypto exchange Bizlato for alleged money laundering of crypto proceeds generated by ransomware and illegal drug transactions.

We also learned more about ransomware attacks this week and in the past, including:

However, it’s not all bad news this week, with Avast releasing a free decryptor for BianLian ransomware.

Additionally, reports from Chainalysis and Coveware show that ransomware payments dropped by around 40% in 2022 because companies refuse to pay and the company invests in stronger security and better backups.

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @demonslay335, @malwhunterteam, @Seifreed, @billtoulas, @PolarToffee, @struppigel, @serghei, @fwosar, @BleepinComputer, @Ionut_Ilascu, @chainalysis, @coveware, @BrettCallow, @jgreigj, @pcrisk, @Avastand @Jon__DiMaggio.

January 16, 2023

Unlock LockBit – A History of Ransomware

The LockBit ransomware gang is one of the most notorious organized cyber crime syndicates in existence today. The gang is behind attacks targeting private sector companies and other prominent industries around the world. Media outlets and news outlets have documented numerous LockBit attacks, while security vendors offer technical assessments explaining how each occurred. While these provide insight into the attacks, I wanted to learn more about the human side of the operation to learn more about the ideas, motivations, and behaviors of individuals on the other side of the keyboard.

Avast releases free BianLian ransomware decryptor

Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying hackers.

Vice Society ransomware leaks University of Duisburg-Essen data

The Vice Society ransomware gang claimed responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) that forced the university to rebuild its IT infrastructure, a process that is still ongoing.

New variants of STOP Ransomware

Risk found new STOP ransomware variants that add the .poqw and .pouu expansions.

New VoidCrypt ransomware

PCRisk has found a new VoidCrypt variant that adds the .go Go extension and drops a ransom note named unlock-info.txt.

January 17, 2023

Ransomware attack on maritime software hits 1,000 ships

About 1,000 ships have been affected by a ransomware attack against a major ship software provider.

New variant of Phobos ransomware

PCRisk has found a Phobos variant that adds the .STEEL extension and drops a ransom note named info.txt.

January 18, 2023

Bitzlato crypto exchange seized for ransomware and drug-related money laundering

The US Department of Justice has arrested and charged Russian national Anatoly Legkodymov, the founder of Hong Kong-registered cryptocurrency exchange Bitzlato, for helping cybercriminals launder illegally obtained money.

Ukraine links data erasure attack on news agency to Russian hackers

Ukraine’s Computer Emergency Response Team (CERT-UA) has linked a destructive malicious attack targeting the country’s national news agency (Ukrinform) to Russian military Sandworm hackers.

New variant of Xorist ransomware

PCRisk has found a Xorist variant that adds the .Boy extension and drops a ransom note named HOW TO DECRYPTE .txt FILES.

January 19, 2023

Ransomware profits drop 40% in 2022 as victims refuse to pay

Ransomware gangs extorted an estimated $456.8 million from victims throughout 2022, down about 40% from the record high of $765 million recorded in the previous two years.

Ransomware gang steals data from KFC, Taco Bell and Pizza Hut brand owner

Yum! Brands, the fast food brand operator of fast food chains KFC, Pizza Hut, Taco Bell and The Habit Burger Grill, has been the target of a ransomware attack that has forced the closure of 300 locations in the UK United.

Qulliq Energy Corporation hit by cybersecurity incident

Qulliq Energy Corporation (QEC) was the target of an illegal cyberattack on January 15. QEC’s network was hacked and the company took immediate action to contain the situation.

New variants of STOP Ransomware

PCrisk has found new STOP ransomware variants that add the .mzqw and .mzop expansions.

January 20, 2023

LAUSD Says Vice Society Ransomware Gang Stole Contractor SSNs

Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, claims that the Vice Society ransomware gang stole files containing personal information about contractors, including social security numbers ( SSN).

Improved security and backups lead to record number of ransomware payments

Over the past 4 years, the propensity of ransomware victims to pay a ransom has dropped dramatically, from 85% of victims in Q1 2019 to 37% of victims in Q4 2022. On a yearly basis, 41% of victims paid in 2022 compared to 76% in 2019. Despite the best efforts of cybercriminals rowing in the opposite direction, the reduction of 48 full percentage points in this key indicator is the result of several factors.

Costa Rica’s Ministry of Public Works and Transport Crippled by Ransomware Attack

The Costa Rican government has suffered another ransomware attack just months after several government departments were crippled in a large-scale attack by hackers using Conti ransomware.

It’s all for this week ! I hope everyone is having a good weekend!