Ransomware assaults are growing considerably, with studies indicating that final month was a report month for ransomware assaults in 2023.
In accordance with NCC Group knowledge, ransomware teams launched 514 assaults in September, surpassing March 2023 exercise, which included 459 assaults that have been closely skewed by Clop’s Fortra GoAnywhere knowledge theft assaults.
This enhance in assaults was additionally seen by Test Level Software program, who mentioned they’re seeing a 3% enhance in assaults for 2023.
A July report by Chainalysis additionally predicted that 2023 can be a record-breaking yr for ransomware funds based mostly on projected knowledge, which signifies that ransom funds could exceed $500 million by the tip of the yr.
In different information, Microsoft launched a report on the Octo Tempest extortion group, stating they’re among the many “most harmful monetary felony teams.”
Octo Tempest can also be identified as Scattered Spider, Oktapus, and UNC3944 and is believed to be behind latest ransomware assaults on MGM Resorts and Caesars and previous assaults on Reddit, MailChimp, Twilio, DoorDash, and Riot Video games.
The menace actors are identified to make the most of all kinds of superior social engineering and hacking techniques, together with SIM-swapping assaults to breach accounts. In some instances, Microsoft says the menace actors have resorted to threats of violence to aim to achieve entry to company credentials.
This group stands out as they’re believed to be a loose-knit group of English-speaking menace actors who’re associates of the BlackCat ransomware gang, which typically solely works with Russian-speaking associates.
We additionally realized of latest cyberattacks or extra data was shared about present ones, together with:
Contributors and people who offered new ransomware data and tales this week embrace: @Seifreed, @LawrenceAbrams, @billtoulas, @Ionut_Ilascu, @demonslay335, @fwosar, @BleepinComputer, @serghei, @malwrhunterteam, @Avast, @kaspersky, @1ZRR4H, @NCCGroupplc, @Imperva, @Webroot, @MsftSecIntel, @pcrisk, @BushidoToken, @BrettCallow, and @security_score.
October twenty first 2023
American Household Insurance coverage confirms cyberattack is behind IT outages
Insurance coverage big American Household Insurance coverage has confirmed it suffered a cyberattack and shut down parts of its IT methods after clients reported web site outages all week.
October twenty third 2023
US power agency shares how Akira ransomware hacked its methods
In a uncommon show of transparency, US power providers agency BHI Vitality particulars how the Akira ransomware operation breached their networks and stole the information through the assault.
College of Michigan worker, scholar knowledge stolen in cyberattack
The College of Michigan says in an announcement at this time that they suffered an information breach after hackers broke into its community in August and accessed methods with data belonging to college students, candidates, alumni, donors, workers, sufferers, and analysis examine members.
A Deep Dive into Cactus Ransomware
A technical evaluation of the Cactus Ransomware.
October twenty fourth 2023
September was a report month for ransomware assaults in 2023
Ransomware exercise in September reached unprecedented ranges following a relative lull in August that was nonetheless means above common requirements for summer season months.
Cyberattack on well being providers supplier impacts 5 Canadian hospitals
A cyberattack on shared service supplier TransForm has impacted operations in 5 hospitals in Ontario, Canada, impacting affected person care and inflicting appointments to be rescheduled.
ASVEL basketball crew confirms knowledge breach after ransomware assault
French skilled basketball crew LDLC ASVEL (ASVEL) has confirmed that knowledge was stolen after the NoEscape ransomware gang claimed to have attacked the membership.
Evaluation: A Ransomware Assault on a PostgreSQL Database
In 2017, we reported on a database ransomware marketing campaign focusing on MySQL and MongoDB. Since then, we’ve noticed related assault techniques on a PostgreSQL database in Imperva Menace Analysis lab.
Stealer for PIX cost system, new Lumar stealer and Rhysida ransomware
On this article, we share excerpts from our studies on malware that has been lively for lower than a yr: the GoPIX stealer focusing on the PIX cost system, which is gaining recognition in Brazil; the Lumar multipurpose stealer marketed on the darkish internet; and the Rhysida ransomware supporting outdated Home windows variations.
New JarJets ransomware
PCrisk discovered a brand new JarJets ransomware that appends then .Jarjets extension and drops a ransom notice named Jarjets_ReadMe.txt.
October twenty fifth 2023
Chilean telecom big GTD hit by the Rorschach ransomware gang
Chile’s Grupo GTD warns {that a} cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting on-line providers.
Seiko says ransomware assault uncovered delicate buyer knowledge
Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware assault earlier this yr, warning that the incident has led to an information breach, exposing delicate buyer, accomplice, and personnel data.
A Persevering with Cyber-Storm with Growing Ransomware Threats and a Surge in Healthcare and APAC area
As we step into October, the month devoted to world cyber consciousness, it’s essential to light up the evolving panorama of cyber threats that impression us all. Test Level Analysis’s newest report supplies a complete view of the storm brewing within the digital realm, particularly for the timeframe of Q1-Q3 of 2023.
Webroots Nastiest Malware 2023
Now lets dive into what our specialists have picked as the highest Ransomware households of 2023.
New STOP Ransomware variants
PCrisk discovered new STOP ransomware variants that append the .zpas, .zput, and .zpww extensions.
New BlackDream ransomware
PCrisk discovered a brand new JarJets ransomware that appends then .BlackDream extension and drops a ransom notice named ReadME-Decrypt.txt.
October twenty sixth 2023
Rhysida Ransomware Technical Evaluation
The Rhysida encryptor comes as a 32-bit or 64-bit Home windows PE file, compiled by MinGW GNU model 6.3.0 and linked by the GNU linker v 2.30. The primary public model comes as a debug model, which makes its evaluation simpler.
Microsoft: Octo Tempest is likely one of the most harmful monetary hacking teams
Microsoft has revealed an in depth profile of a local English-speaking menace actor with superior social engineering capabilities it tracks as Octo Tempest, that targets corporations in knowledge extortion and ransomware assaults.
That is it for this week! Hope everybody has a pleasant weekend!
