This week has seen a lot of ransomware news, ranging from new extortion tactics to a ransomware gang offering a free decryptor after attacking a children’s hospital.

Overall, it was a pretty bad year for organizations, with Emsisoft reports that 200 government, education and healthcare entities were targeted by ransomware in 2022.

The cybersecurity firm says ransomware operations attacked twenty-four hospitals and multi-hospital healthcare systems last year.

However, the year is off to a great start, with LockBit ransomware confirming that they attacked SickKids Children’s Hospital. This attack resulted in delays in receiving lab and imaging results and longer wait times for patients.

The ransomware gang claims the attack was carried out by a rogue affiliate who violated the operation’s policies, resulting in a free decryptor given to hospital.

However, members of LockBit are known to have stolen data in their attacks, and it is unclear if any data was stolen and if it is being misused in any way.

BlackCat/AlphV is evolving its extortion tactics by clone a victim’s website and use it to leak stolen data. Threat actors have previously created dedicated data leak sites for victims, allowing employees to research their data.

We also learned more information this week about various cyberattacks, which have now been confirmed as ransomware.

These ransomware attacks include a LockBit Attack on SickKids Children’s Hospital. Rackspace confirming they were attacked by Play Ransomware, a QUT Ransomware Royale Attackand one LockBit ransomware attack on Wabtec.

Rackspace later confirmed that the Play ransomware operation was capable of access the Microsoft Exchange personal storage table (PST) for 27 customers. These files are used to store emails from email accounts.

Although it’s mostly bad news, we’ve seen some good news this week.

BitDefender and law enforcement have released a free decryptor for MegaCortex ransomware. All victims who saved their encrypted files in the hope that a decryptor would be released can recover their files for free.

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @serghei, @PolarToffee, @billtoulas, @Ionut_Ilascu, @Seifreed, @fwosar, @struppigel, @demonslay335, @malwhunterteam, @BleepinComputer, @Fortinet, @emsisoft, @BrettCallow, @Bitdefender, @AlvieriDand @pcrisk.

January 1, 2023

Ransomware gang apologizes and offers free decryptor to SickKids Hospital

The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), claiming that one of its members violated the rules by attacking the healthcare organization.

Ransomware gang cloned victim’s website to leak stolen data

The ALPHV ransomware operators got creative with their extortion tactics and, in at least one case, created a replica of the victim’s site to post stolen data on.

January 2, 2023

Ransomware affects over 200 government, education and healthcare organizations in 2022

Ransomware attacks in 2022 impacted more than 200 major US public sector organizations across government, education, and healthcare verticals.

New Variant STOP Ransomware

Risk found a new variant of STOP ransomware that adds the .znto extension to encrypted files.

New variant of Dharma ransomware

PCrisk has found a new variant of Dharma ransomware that adds the .CY3 extension.

New Upsilon ransomware

PCrisk has found the new Upsilon ransomware which adds the .upsil0n extension and drops a ransom note named Upsilon.txt.

New BetterCallSaul ransomware

PCrisk has found new ransomware that adds the .You better call Saul extension and removes ransom notes named DECRYPT_MY_FILES.txt.

January 3, 2023

Royal ransomware claims attack on Queensland University of Technology

The Royal ransomware gang has claimed responsibility for a recent cyberattack on Queensland University of Technology and has begun leaking data allegedly stolen during the security breach.

Rail giant Wabtec reveals data breach after Lockbit ransomware attack

US railroad and locomotive company Wabtec Corporation disclosed a data breach that exposed personal and sensitive information.

New variant of Dharma ransomware

PCrisk has found a new variant of Dharma ransomware that adds the .d0n extension.

New Variant STOP Ransomware

PCrisk has found a new variant of STOP ransomware that adds the .bpsm extension to encrypted files.

January 4, 2023

Rackspace Confirms Play Ransomware Was Behind Recent Cyberattack

Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that destroyed the company’s hosted Microsoft Exchange environments.

January 5, 2023

Bitdefender releases free MegaCortex ransomware decryptor

Antivirus firm Bitdefender has released a decryptor for the MegaCortex ransomware family, allowing victims of the once notorious gang to restore their data for free.

Rackspace: Access to customer email data during a ransomware attack

Rackspace revealed on Thursday that the attackers behind last month’s incident had accessed some of its customers’ Personal Storage Table (PST) files, which can contain a wide range of information, including emails, calendar data, contacts and tasks.

Ransomware Overview – Monti, BlackHunt and Poutine Ransomware

This latest edition of the Ransomware Roundup covers Monti, BlackHunt, and Putin ransomware.

January 6, 2023

New variants of STOP Ransomware

PCrisk has found new variants of STOP ransomware that add the .bpws and .bpto extensions to encrypted files.

It’s all for this week ! I hope everyone is having a good weekend!