The Week in Ransomware – March 3rd 2023


This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile.

The attack started on February 23rd, forcing the company to shut down portions of its IT systems, causing widespread outages among its services.

However, it wasn’t until February 28th that DISH finally confirmed that they suffered a ransomware attack, with multiple sources telling BleepingComputer that the Black Basta ransomware gang was responsible.

The other big news item was a report that the U.S. Marshals service suffered a ransomware attack, including data theft. It is not known what ransomware operation is behind the attack.

Finally, the White House unveiled its new U.S. national cybersecurity strategy, with a strong emphasis on targeting ransomware operations.

Other ransomware attacks we learned more about this week include ones on the City of Oakland, the Indigo book store chain, Tennessee State University and Southeastern Louisiana University, and the Clop data theft at Hatch Bank.

Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @DanielGallagher, @Ionut_Ilascu, @fwosar, @struppigel, @Seifreed, @demonslay335, @LawrenceAbrams, @malwrhunterteam, @BleepinComputer, @FourOctets, @PolarToffee, @billtoulas, @jorntvdw, @serghei, @juanbrodersen, @CISAgov,jgreigj, @Bitdefender, @cyfirma, @jgreigj, and @pcrisk.

February 25th 2023

Dish Network goes offline after likely cyberattack, employees cut off

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours.

February 27th 2023

New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware

Threat actors are promoting a new ‘Exfiltrator-22’ post-exploitation framework designed to spread ransomware in corporate networks while evading detection.

U.S. Marshals Service investigating ransomware attack, data theft

The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as “a stand-alone USMS system.”

New VoidCrypt variant

PCrisk found a new VoidCrypt variant that appends the .lilmoon extension and drops a ransom note named Dectryption-guide.txt.

New 726 Ransomware

PCrisk found a ransomware that appends the ..726 and driops a ransom note named RECOVER-FILES-726.html.

February 28th 2023

Dish Network confirms ransomware attack behind multi-day outage

Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday.

New MortalKombat ransomware decryptor recovers your files for free

Cybersecurity company Bitdefender has released a free MortalKombat ransomware decryptor that victims can use to restore their files without paying a ransom.

March 1st 2023

Canadian book giant says employee data was stolen during ransomware attack

Canadian bookseller Indigo denied that any customer data was stolen last month during a ransomware attack that took down its website. Data from the multibillion-dollar company’s workers, however, didn’t fare as well.

New Chaos ransomware variant

PCrisk found a new Chaos variant that appends the .skull extension and drops a ransom note named read_it.txt.

March 2nd 2023

Hatch Bank discloses data breach after GoAnywhere MFT hack

Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company’s Fortra GoAnywhere MFT secure file-sharing platform.

White House releases new U.S. national cybersecurity strategy

The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country’s cyberspace towards software vendors and service providers.

Tennessee State, Southeastern Louisiana universities hit with cyberattacks

Two universities in Tennessee and Louisiana are struggling with cyberattacks that have crippled campus services and left students scrambling to find alternative tools.

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .gosw and .goaq extensions.

March 3rd 2023

Play ransomware claims disruptive attack on City of Oakland

The Play ransomware gang has taken responsibility for a cyberattack on the City of Oakland that has disrupted IT systems since mid-February.

LockBit published the data stolen from La Segunda: there are judicial files, expert reports and medical data

LockBit , one of thelargest ransomware groups in the world, published sensitive information from the Rosario insurance company La Segunda : there are judicial files, expert reports and sensitive medical data of affiliates, among others.

New MedusaLocker ransomware variant

PCrisk found a new MedusaLocker ransomware variants that appends the .skynetwork8 extension.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .goba extension.

That’s it for this week! Hope everyone has a nice weekend!





Source link