There has been quite a bit of ransomware news this week, with crypto exchanges being seized for alleged money laundering and researchers providing fascinating reports on the behavior of ransomware operators.
The most fascinating report this week comes from Jon DiMaggio who spent months going undercover to learn more about the LockBit’s ransomware operation and its public representative known as LockBitSupp.
For those who want to learn more about the rise of the most prominent ransomware operation at this time, you should definitely give DiMaggio’s Unlocking LockBit – a Ransomware Story a read.
The US and France also conducted a law enforcement operation where they seized the domain and arrested the operator of the Bizlato crypto exchange for allegedly money laundering crypto proceeds generated from ransomware and illegal drug transaction.
We also learned more about ransomware attacks conducted this week and in the past, including:
However, it’s not all bad news this week, with Avast releasing a free decryptor for the BianLian ransomware.
Furthermore, reports from both Chainalysis and Coveware illustrate that ransomware payments dropped approximately 40% in 2022 as companies refuse to pay and the enterprise invests in stronger security and better backups.
Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @demonslay335, @malwrhunterteam, @Seifreed, @billtoulas, @PolarToffee, @struppigel, @serghei, @fwosar, @BleepinComputer, @Ionut_Ilascu, @chainalysis, @coveware, @BrettCallow, @jgreigj, @pcrisk, @Avast, and @Jon__DiMaggio.
January 16th 2023
The LockBit ransomware gang is one of the most notorious organized cybercrime syndicates that exists today. The gang is behind attacks targeting private-sector corporations and other high-profile industries worldwide. News and media outlets have documented many LockBit attacks, while security vendors offer technical assessments explaining how each occurred. Although these provide insight into the attacks, I wanted to know more about the human side of the operation to learn about the insights, motivations, and behaviors of the individuals on the other side of the keyboard
Security software company Avast has released a free decryptor for the BianLian ransomware strain to help victims of the malware recover locked files without paying the hackers.
The Vice Society ransomware gang has claimed responsibility for a November 2022 cyberattack on the University of Duisburg-Essen (UDE) that forced the university to reconstruct its IT infrastructure, a process that’s still ongoing.
PCrisk found new STOP ransomware variants that append the .poqw and .pouu extensions.
PCRisk found a new VoidCrypt variant that appends the .gogo extension and drops a ransom note named unlock-info.txt.
January 17th 2023
About 1,000 vessels have been affected by a ransomware attack against a major software supplier for ships.
PCRisk found a Phobos variant that appends the .STEEL extension and drops a ransom note named info.txt.
January 18th 2023
The U.S. Department of Justice arrested and charged Russian national Anatoly Legkodymov, the founder of the Hong Kong-registered cryptocurrency exchange Bitzlato, with helping cybercriminals allegedly launder illegally obtained money.
The Computer Emergency Response Team of Ukraine (CERT-UA) has linked a destructive malware attack targeting the country’s national news agency (Ukrinform) to Sandworm Russian military hackers.
PCRisk found a Xorist variant that appends the .BoY extension and drops a ransom note named HOW TO DECRYPT FILES.txt.
January 19th 2023
Ransomware gangs extorted from victims about $456.8 million throughout 2022, a drop of roughly 40% from the record-breaking $765 million recorded in the previous two years.
Yum! Brands, the fast food brand operator of KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill fast-food restaurant chains, has been targeted by a ransomware attack that forced the closure of 300 locations in the United Kingdom.
Qulliq Energy Corporation (QEC) was targeted in an illegal cyberattack on January 15. QEC’s network was breached, and the corporation took immediate actions to contain the situation.
PCrisk found new STOP ransomware variants that append the .mzqw and .mzop extensions.
January 20th 2023
Los Angeles Unified School District (LAUSD), the second-largest school district in the United States, says the Vice Society ransomware gang has stolen files containing contractors’ personal information, including Social Security Numbers (SSNs).
Over the last 4 years, the propensity for victims of ransomware to pay a ransom has fallen dramatically, from 85% of victims in Q1 of 2019, to 37% of victims in Q4 of 2022. On an annual basis, 41% of victims paid in 2022 vs. 76% in 2019. Despite the best efforts of the cyber criminals rowing in the opposite direction, shaving 48 whole percentage points of this key indicator has been the result of several factors.
Costa Rica’s government has suffered another ransomware attack just months after several ministries were crippled in a wide-ranging attack by hackers using the Conti ransomware.