The Week in Ransomware - October 27th 2023 - Breaking Records - Bleeping Computer
2023-10-27 13:39 (EST)
Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023.
According to NCC Group data, ransomware groups launched 514 attacks in September, surpassing March 2023 activity, which included 459 attacks that were heavily skewed by Clops Fortra GoAnywhere data theft attacks.
This increase in attacks was also seen by Check Point Software, who said they are seeing a 3% increase in attacks for 2023.
A July report by Chainalysis also predicted that 2023 would be a record-breaking year for ransomware payments based on projected data, which indicates that ransom payments may exceed $500 million by the end of the year.
In other news, Microsoft released a report on the Octo Tempest extortion group, stating they are among the "most dangerous financial criminal groups."
Octo Tempest is also known as Scattered Spider, Oktapus, and UNC3944 and is believed to be behind recent ransomware attacks on MGM Resorts and Caesars and past attacks on Reddit, MailChimp, Twilio, DoorDash, and Riot Games.
The threat actors are known to utilize a wide variety of advanced social engineering and hacking tactics, along with SIM-swapping attacks to breach accounts. In some cases, Microsoft says the threat actors have resorted to threats of violence to attempt to gain access to corporate credentials.
This group stands out as they are believed to be a loose-knit group of English-speaking threat actors who are affiliates of the BlackCat ransomware gang, which generally only works with Russian-speaking affiliates.
We also learned of new cyberattacks or more information was shared about existing ones, including:
Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @LawrenceAbrams, @billtoulas, @Ionut_Ilascu, @demonslay335, @fwosar, @BleepinComputer, @serghei, @malwrhunterteam, @Avast, @kaspersky, @1ZRR4H, @NCCGroupplc, @Imperva, @Webroot, @MsftSecIntel, @pcrisk, @BushidoToken, @BrettCallow, and @security_score.
October 21st 2023
Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week.
October 23rd 2023
In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack.
The University of Michigan says in a statement today that they suffered a data breach after hackers broke into its network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants.
A technical analysis of the Cactus Ransomware.
October 24th 2023
Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.
A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled.
French professional basketball team LDLC ASVEL (ASVEL) has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club.
In 2017, we reported on a database ransomware campaign targeting MySQL and MongoDB. Since then, we’ve observed similar attack tactics on a PostgreSQL database in Imperva Threat Research lab.
In this article, we share excerpts from our reports on malware that has been active for less than a year: the GoPIX stealer targeting the PIX payment system, which is gaining popularity in Brazil; the Lumar multipurpose stealer advertised on the dark web; and the Rhysida ransomware supporting old Windows versions.
PCrisk found a new JarJets ransomware that appends then .Jarjets extension and drops a ransom note named Jarjets_ReadMe.txt.
October 25th 2023
Chiles Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services.
Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware attack earlier this year, warning that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information.
As we step into October, the month dedicated to global cyber awareness, it is crucial to illuminate the evolving landscape of cyber threats that impact us all. Check Point Research’s latest report provides a comprehensive view of the storm brewing in the digital realm, specifically for the timeframe of Q1-Q3 of 2023.
Now lets dive into what our experts have picked as the top Ransomware families of 2023.
PCrisk found new STOP ransomware variants that append the .zpas, .zput, and .zpww extensions.
PCrisk found a new JarJets ransomware that appends then .BlackDream extension and drops a ransom note named ReadME-Decrypt.txt.
October 26th 2023
The Rhysida encryptor comes as a 32-bit or 64-bit Windows PE file, compiled by MinGW GNU version 6.3.0 and linked by the GNU linker v 2.30. The first public version comes as a debug version, which makes its analysis easier.
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks.
Thats it for this week! Hope everyone has a nice weekend!
