This week has seen a lot of ransomware news, ranging from new extortion tactics to a ransomware gang offering a free decryptor after attacking a children’s hospital.
Overall, it was a pretty bad year for organizations, with Emsisoft reports that 200 government, education and healthcare entities were targeted by ransomware in 2022.
The cybersecurity firm says ransomware operations attacked twenty-four hospitals and multi-hospital healthcare systems last year.
However, the year is off to a great start, with LockBit ransomware confirming that they attacked SickKids Children’s Hospital. This attack resulted in delays in receiving lab and imaging results and longer wait times for patients.
The ransomware gang claims the attack was carried out by a rogue affiliate who violated the operation’s policies, resulting in a free decryptor given to hospital.
However, members of LockBit are known to have stolen data in their attacks, and it is unclear if any data was stolen and if it is being misused in any way.
BlackCat/AlphV is evolving its extortion tactics by clone a victim’s website and use it to leak stolen data. Threat actors have previously created dedicated data leak sites for victims, allowing employees to research their data.
We also learned more information this week about various cyberattacks, which have now been confirmed as ransomware.
These ransomware attacks include a LockBit Attack on SickKids Children’s Hospital. Rackspace confirming they were attacked by Play Ransomware, a QUT Ransomware Royale Attackand one LockBit ransomware attack on Wabtec.
Rackspace later confirmed that the Play ransomware operation was capable of access the Microsoft Exchange personal storage table (PST) for 27 customers. These files are used to store emails from email accounts.
Although it’s mostly bad news, we’ve seen some good news this week.
BitDefender and law enforcement have released a free decryptor for MegaCortex ransomware. All victims who saved their encrypted files in the hope that a decryptor would be released can recover their files for free.
Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @serghei, @PolarToffee, @billtoulas, @Ionut_Ilascu, @Seifreed, @fwosar, @struppigel, @demonslay335, @malwhunterteam, @BleepinComputer, @Fortinet, @emsisoft, @BrettCallow, @Bitdefender, @AlvieriDand @pcrisk.
January 1, 2023
The LockBit ransomware gang has released a free decryptor for the Hospital for Sick Children (SickKids), claiming that one of its members violated the rules by attacking the healthcare organization.
The ALPHV ransomware operators got creative with their extortion tactics and, in at least one case, created a replica of the victim’s site to post stolen data on.
January 2, 2023
Ransomware attacks in 2022 impacted more than 200 major US public sector organizations across government, education, and healthcare verticals.
Risk found a new variant of STOP ransomware that adds the .znto extension to encrypted files.
PCrisk has found a new variant of Dharma ransomware that adds the .CY3 extension.
PCrisk has found the new Upsilon ransomware which adds the .upsil0n extension and drops a ransom note named Upsilon.txt.
PCrisk has found new ransomware that adds the .You better call Saul extension and removes ransom notes named DECRYPT_MY_FILES.txt.
January 3, 2023
The Royal ransomware gang has claimed responsibility for a recent cyberattack on Queensland University of Technology and has begun leaking data allegedly stolen during the security breach.
US railroad and locomotive company Wabtec Corporation disclosed a data breach that exposed personal and sensitive information.
PCrisk has found a new variant of Dharma ransomware that adds the .d0n extension.
PCrisk has found a new variant of STOP ransomware that adds the .bpsm extension to encrypted files.
January 4, 2023
Texas-based cloud computing provider Rackspace has confirmed that the Play ransomware operation was behind a recent cyberattack that destroyed the company’s hosted Microsoft Exchange environments.
January 5, 2023
Antivirus firm Bitdefender has released a decryptor for the MegaCortex ransomware family, allowing victims of the once notorious gang to restore their data for free.
Rackspace revealed on Thursday that the attackers behind last month’s incident had accessed some of its customers’ Personal Storage Table (PST) files, which can contain a wide range of information, including emails, calendar data, contacts and tasks.
This latest edition of the Ransomware Roundup covers Monti, BlackHunt, and Putin ransomware.
January 6, 2023
PCrisk has found new variants of STOP ransomware that add the .bpws and .bpto extensions to encrypted files.