1
2021 Trends Show Increased Globalized Threat of Ransomware
In 2021, cybersecurity authorities in the United States,[1][2][3] Australia,[4] and the United Kingdom[5] observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally. The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) observed incidents involving ransomware against 14 of the 16 U.S. critical infrastructure sectors, including the Defense Industrial Base, Emergency Services, Food and Agriculture, Government Facilities, and Information Technology Sectors. The Australian Cyber Security Centre (ACSC) observed continued ransomware targeting of Australian critical infrastructure entities, including in the Healthcare and Medical, Financial Services and Markets, Higher Education and Research, and Energy Sectors. The United Kingdom’s National Cyber Security Centre (NCSC-UK) recognizes ransomware as the biggest cyber threat facing the United Kingdom. Education is one of the top UK sectors targeted by ransomware actors, but the NCSC-UK has also seen attacks targeting businesses, charities, the legal profession, and public services in the Local Government and Health Sectors.
2
February 10th 2022
As Ransomware Payments Continue to Grow, So Too Does Ransomware’s Role in Geopolitical Conflict
Sure enough, we updated our ransomware numbers a few times throughout 2021, reflecting new payments we hadn’t identified previously. As of January 2022, we’ve now identified just over $692 million in 2020 ransomware payments — nearly double the amount we initially identified at the time of writing last year’s report.
The Week in Ransomware - February 11th 2022 - Maze, Egregor decryptors
After the Maze ransomware operation began shutting down in October 2020, it was always hoped that they would publicly release decryption keys to allow remaining victims to recover their files.
Tuesday night, almost fourteen months later, the alleged ransomware developer released the decryption keys in a BleepingComputer forum post.
While the developer says they had always planned to publish the keys, it is generally believed that they did it now as a gesture of goodwill due to the recent arrests and server seizures.
Using these keys, cybersecurity firm Emsisoft created a decryptor allowing victims to recover their files for free.
The other big news is the sentencing of a Netwalker ransomware affiliate from Canada, who obtained more than $27.6 million by attacking companies worldwide. After pleading guilty, the affiliate was sentenced to six years and eight months in prison.
This week's other interesting ransomware news includes publishing LockBit 2.0 ransomware technical details by the FBI, a free decryptor for the TargetCompany ransomware, and Puma announcing a data breach due to the Kronos ransomware attack.
Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @billtoulas, @malwareforme, @VK_Intel, @BleepinComputer, @FourOctets, @DanielGallagher, @serghei, @malwrhunterteam, @jorntvdw, @fwosar, @Ionut_Ilascu, @PolarToffee, @LawrenceAbrams, @demonslay335, @struppigel, @chainalysis, @emsisoft, @Avast, @LadislavZezula, @coveware, @ddd1ms, @BrettCallow, @pcrisk, @USCERT_gov, and @CISAgov.
February 5th 2022
BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs
The Black Cat ransomware gang, also known as ALPHV, has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation.
FBI shares Lockbit ransomware technical details, defense tips
The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with LockBit ransomware attacks in a new flash alert published this Friday.
February 6th 2022
Law enforcement action push ransomware gangs to surgical attacks
The numerous law enforcement operations leading to the arrests and takedown of ransomware operations in 2021 have forced threat actors to narrow their targeting scope and maximize the efficiency of their operations.
No comments:
Post a Comment