It has been a quiet week, with even menace actors showing to take a while off for the vacations. We didn’t see a lot analysis launched on ransomware this week, with many of the information specializing in new assaults and LockBit associates more and more focusing on hospitals.
These assaults embody ones in opposition to Yakult Australia and the Ohio Lottery by the brand new DragonForce ransomware operation.
Essentially the most regarding information is that LockBit associates more and more goal hospitals in assaults, although the ransomware operation says it is in opposition to the foundations.
In December 2022, one week earlier than Christmas, a LockBit affiliate attacked the Hospital for Sick Youngsters (SickKids) in Toronto, inflicting diagnostic and remedy delays. The ransomware operation stated this was in opposition to the foundations and issued a free decryptor.
Supply: BleepingComputer
Nevertheless, this week, we discovered that LockBit attacked three hospitals in Germany, disrupting emergency room providers.
We additionally discovered about two New York hospitals searching for a courtroom order to have Boston cloud storage firm Wasabi Applied sciences return stolen knowledge saved on considered one of its servers by the LockBit ransomware gang.
In line with a courtroom order, the Carthage Space Hospital and Claxton-Hepburn Medical Heart had been attacked in September, with the LockBit affiliate renting cloud storage at Wasabi to retailer stolen knowledge.
The 2 hospitals now request that the courts pressure Wasabi to offer and delete the info from their servers. The courtroom paperwork point out that Wasabi is already working with the FBI and has shared a replica of the stolen knowledge with them.
Lastly, Microsoft as soon as once more disabled the MSIX ms-appinstaller protocol handler after deactivating it in February 2022 after which enabling it once more in 2023 for some unknown motive.
Nevertheless, as malware campaigns proceed to abuse this characteristic, which might result in ransomware assaults, the characteristic has once more been disabled.
Contributors and those that supplied new ransomware data and tales this week embody: @malwrhunterteam, @serghei, @demonslay335, @BleepinComputer, @Ionut_Ilascu, @Seifreed, @fwosar, @LawrenceAbrams, @billtoulas, @MsftSecIntel, @DarkWebInformer, @BrettCallow, @pcrisk, and @Fortinet.
December twenty seventh 2023
Yakult Australia confirms ‘cyber incident’ after 95 GB knowledge leak
Yakult Australia, producer of a probiotic milk drink, has confirmed experiencing a “cyber incident” in an announcement to BleepingComputer. Each the corporate’s Australian and New Zealand IT techniques have been affected.
Ohio Lottery hit by cyberattack claimed by DragonForce ransomware
The Ohio Lottery was pressured to close down some key techniques after a cyberattack affected an undisclosed variety of inside functions on Christmas Eve.
Lockbit ransomware disrupts emergency care at German hospitals
German hospital community Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that current service disruptions at three hospitals had been attributable to a Lockbit ransomware assault.
New STOP ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .cdmx extension.
New ransomware variant
PCrisk discovered a brand new ransomware variant that appends the .Tisak extension and drops a ransom word named Tisak_Help.txt.
December twenty eighth 2023
Microsoft disables MSIX protocol handler abused in malware assaults
Microsoft has once more disabled the MSIX ms-appinstaller protocol handler after a number of financially motivated menace teams abused it to contaminate Home windows customers with malware.
New Stay Crew ransomware
PCrisk discovered a brand new Stay Crew ransomware that appends the .LIVE and drops a ransom word named FILE RECOVERY_ID_[victim’s_ID].txt.
New SNet ransomware
PCrisk discovered a brand new ransomware variant that appends the .SNet extension and drops a ransom word named DecryptNote.txt.
Ransomware Roundup – 8base
8base is a financially motivated ransomware variant almost certainly based mostly on the Phobos ransomware. Per our FortiRecon data, the 8base ransomware first appeared in Might 2023.
December twenty ninth, 2023
Hospitals ask courts to pressure cloud storage agency to return stolen knowledge
Two not-for-profit hospitals in New York are searching for a courtroom order to retrieve knowledge stolen in an August ransomware assault that is now saved on the servers of a Boston cloud storage firm.
That is it for this week! Hope everybody has a pleasant weekend!
