The Week in Ransomware – January 13th 2023


The LockBit ransomware operation has again taken center stage in the ransomware news, as we learned yesterday they were behind the attack on Royal Mail.

Royal Mail is the UK’s largest mail delivery service and is considered a critical infrastructure in the country, with the disruption of its services having a significant impact on the country’s economy and supply chain.

On Wednesday, Royal Mail suffered a cyberattack that led to the halting of international shipping services.

Yesterday, we learned that this disruption was caused by a LockBit ransomware attack that encrypted the computers used to print customs dockets required for international shipping.

With LockBit having grown to be the largest ransomware operation, it also appears to have become very unwieldy, with affiliates targeting critical infrastructure and children’s hospitals, even though it’s against the gang’s policies.

LockBit ultimately released a free decryptor for the SickKids children’s hospital but it is unclear if they will do so for Royal Mail as well.

We also learned this week that the Vice Society Ransomware operation attacked and leaked the data for Fire Rescue Victoria, a large fire and rescue service in Australia.

New research on ransomware was also disclosed, or discovered, with various reports listed below:

CISA now requires federal agencies to patch the OWASSRF flaw by the end of January due to its active exploitation by both the Cuba and Play ransomware operations.

Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @PolarToffee, @Seifreed, @billtoulas, @malwareforme@struppigel, @demonslay335, @Ionut_Ilascu, @FourOctets, @malwrhunterteam, @BleepinComputer, @LawrenceAbrams, @fwosar, @serghei, @pcrisk, @MsftSecIntel, @BrettCallow, @UK_Daniel_Card, @SRMInform, @TGesches, @rapid7, @uuallan, @AShukuhi, and @BushidoToken.

January 9th 2023

New Dharma Ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .mao extension.

New STOP Ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .zoqw and drops a ransom note named _readme.txt.

New VoidCrypt Ransomware variant

PCrisk found a new VoidCrypt ransomware variant that appends the .RYKCRYPT and drops a ransom note named unlock-info.txt.

New Xorist ransomware variant

PCrisk found a new Xorist ransomware variant that appends the .KoRyA and drops a ransom note named HOW TO DECRYPT FILES.txt.

January 10th 2023

Lorenz ransomware gang plants backdoors to use months later

Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks.

CISA orders agencies to patch Exchange bug abused by ransomware gang

The Cybersecurity and Infrastructure Security Agency (CISA) has added two more security vulnerabilities to its catalog of exploited bugs today.

New STOP Ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .zouu and drops a ransom note named _readme.txt.

January 11th 2023

Royal Mail halts international services after cyberattack

The Royal Mail, UK’s leading mail delivery service, has stopped its international shipping services due to “severe service disruption” caused by what it described as a “cyber incident.”

Increasing The Sting of HIVE Ransomware

How malicious actors evade detection and disable defenses for more destructive HIVE Ransomware attacks.

January 12th 2023

Vice Society ransomware claims attack on Australian firefighting service

Australia’s Fire Rescue Victoria has disclosed a data breach caused by a December cyberattack that is now claimed by the Vice Society ransomware gang.

Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw

Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware attacks.

Royal Mail cyberattack linked to LockBit ransomware operation

A cyberattack on Royal Mail, UK’s largest mail delivery service, has been linked to the LockBit ransomware operation.

That’s it for this week! Hope everyone has a nice weekend!





Source link