The Health Sector Cybersecurity Coordination Center (HC3) recently warned the health care sector about the Akira ransomware group that has been hitting health care organizations since May of 2023. In an Analyst Note dated February 7, 2024, HC3 stated that although Akira is a relatively new ransomware group, it has attacked at least 81 organizations
ransomware
Ransomware Hitting U.S. Companies at Increasing Rate
Unfortunately, according to Unit 42 of Palo Alto’s recently published “Ransomware and Extortion Report,” ransomware groups had a good year in 2022. They found that threat actors are using multi-extortion tactics to get paid by victims, including data exfiltration. In addition, there was “a 49% increase in victims reported by ransomware leak sites, with a…
Chinese Hackers Allegedly Use ChatGPT to Write Ransomware
Chinese authorities have arrested alleged hackers in what appears to be the first-ever reported case of hackers using AI to develop ransomware. These alleged hackers reportedly used ChatGPT to refine the code for their home-grown ransomware encryption tool. ChatGPT has been banned in China in favor of Chinese tools such as Baidu’s Ernie Bot. However…
Boeing Hit with LockBit Ransomware
Boeing has confirmed that its parts and distribution site has been attacked by LockBit ransomware, which is believed to be Russian based. Boeing has said that the attack has not affected flight safety. Boeing is investigating the attack.
LockBit publicly claimed responsibility for the attack and boasted that it had stolen “sensitive data” from Boeing…
40 Countries Including US Vow Not to Pay Ransomware
The United States joined 39 other countries this week in the International Counter Ransomware Initiative, an effort to stem the flow of ransom payments to cybercriminals. The initiative aims to eliminate criminals’ funding through better information sharing about ransom payment accounts. Member states will develop two information-sharing platforms, one created by Lithuania and another jointly…
Resilience Midyear 2023 Claims Report: Ransomware Cybercriminals Shift Tactics
Resilience issued its Midyear 2023 Claims Report, which is well worth the read.
In addition to commenting on the impact of the MOVEit incident, some of the key findings include:
HC3 Warns Healthcare Organizations of NoEscape Ransomware
On October 12, 2023, the Health Sector Cybersecurity Coordination Center (HC3) issued an Alert to the healthcare industry about a “new threat actor and ransomware,” NoEscape, which is threatening health care organizations.
According to the Alert, the cybercriminals behind NoEscape “have constructed their malware and its associated infrastructure entirely from scratch.” Offering Ransomware-as-a-Service, they…
PharMerica and Amerita Sued in Class Actions for Breach of Patient Data
PharMerica and its subsidiary Amerita’s Specialty Infusion Services (Amerita) are already facing class action lawsuits after patients received a September 5, 2023, data breach notification letter. When the businesses detected suspicious activity on both the PharMerica and Amerita networks, a forensic investigation determined that a threat actor had gained access to the systems sometime in…
Joint Advisory Warns of Snatch Ransomware
The FBI and CISA issued a Joint Cybersecurity Advisory “#StopRansomware: Snatch Ransomware” on September 20, 2023. The Advisory outlines the indicators of compromise and observed tactics, techniques, and procedures of Snatch so organizations can identify, mitigate, and respond to an attack using the Snatch ransomware variant.
Snatch has been hitting the Defense Industrial Base (DIB)…
Joint Advisory on MOVEit Transfer Vulnerability Published
CISA and FBI have issued a joint advisory on the MOVEit transfer vulnerability that should be on the radar of CISOs and IT professionals. The CLOP ransomware organization has been reportedly exploiting an SQL injection vulnerability in the MOVEit solution. According to the joint advisory, “Internet-facing MOVEit Transfer web applications were infected with a web…