Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise.
This week, the Toronto Public Library was attacked by the Black Basta ransomware gang, taking many of its online services offline.
Other attacks we learned about this week include ACE Hardware, Mr. Cooper, and the British Library. While these are not confirmed to be ransomware attacks, they share many signs usually associated with such attacks.
Due to the increasing number of attacks, an alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransom demanded.
However, this may be an empty pledge, as federal governments typically do not pay ransomware demands, and it does not prevent local governments from giving into extortion demands.
Microsoft also pledges to bolster security as part of its ‘Secure Future’ initiative by improving the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats.
Finally, new research was released this week about ransomware, including:
Hive’s possible return is particularly interesting, as they were previously disrupted after the FBI hacked Hive’s servers and seized infrastructure.
Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @malwrhunterteam, @demonslay335, @billtoulas, @serghei, @Ionut_Ilascu, @LawrenceAbrams, @fwosar, @BleepinComputer, @SecurityJoes, @rivitna2, @BushidoToken, @AlvieriD, @rapid7, @BradSmi, @uptycs, @pcrisk, @PogoWasRight, and @BrettCallow.
October 28th 2023
Earlier in the day, the Akira ransomware group had listed Stanford University on its leak site with a note, “Soon the university will be also known for 430Gb of internal data leaked online. Private information, confidential documents etc.”
October 29th 2023
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag.
October 30th 2023
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to Israeli companies.
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28.
PCrisk found new STOP ransomware variants that append the .ppvs, .ppvt, and .ppvw extensions.
PCrisk found a new Chaos ransomware variant that appends the .BlackHatUP extension and drops a ransom note named read_it.txt.
PCrisk found a new Ran ransomware that appends the .Ran extension and drops a ransom note named Payment.txt.
October 31st 2023
The British Library has been hit by a major IT outage affecting its website and many of its services following a “cyber incident” that impacted its systems on Saturday, October 28.
An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups.
Money Message is an insidious ransomware family known for resisting detection and remediation in various ways. We walk through a recent case
November 1st 2023
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack.
On or about October 25, Advarra was hacked and data was exfiltrated. According to one of the people involved in the attack, the executives knew about the breach on October 25 but would not pay or even negotiate with them.
Daixin Team is now claiming responsibility for — and leaking data from — an attack that has significantly impacted five Canadian hospitals in Ontario.
A recent attack on a U.S.-based medical facility in October 2023 highlights the potential threat of the ransomware gang, 8Base, to the Healthcare and Public Health (HPH) sector. Active since March 2022, 8Base became highly active in the summer of 2023, focusing their indiscriminate targeting on multiple sectors primarily across the United States.
November 2nd 2023
Microsoft announced today the ‘Secure Future Initiative,’ pledging to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats.
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company’s network and stole data.
The HelloKitty ransomware operation is exploiting a recently disclosed Apache ActiveMQ remote code execution (RCE) flaw to breach networks and encrypt devices.
U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal.
The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information.
November 3rd 2023
The hacker collective called GhostSec has unveiled an innovative Ransomware-as-a-Service (RaaS) framework called GhostLocker. They provide comprehensive assistance to customers interested in acquiring this service through a dedicated Telegram channel. Presently, GhostSec is focusing its attacks on Israel. This move represents a surprising departure from their past activities and stated agenda.
That’s it for this week! Hope everyone has a nice weekend!