Weekly Update: 16 May 2023
Ransomware Rewind is a compilation of ransomware-related stories published over the past week.
Most Active Ransomware Operators
Volume of messages posted by operators during the last week.
Significant Campaigns & Incidents
Documents and discussion of significant ransomware campaigns, incidents, and associated actors.
BlackCat Ransomware Claims Academy Mortgage Cyber AttackThe Cyber Express – May 15 2023 05:17
Ransomware attack on PharMerica affected 5.8 million patientsDataBreaches.net – May 13 2023 17:41
Staten Island Hospital operating in network downtime amid ransomware attackSC Magazine US – May 12 2023 18:41
A harbinger of bad things to come?DataBreaches.net – May 11 2023 22:41
Multinational tech firm ABB hit by Black Basta ransomware attackBleepingComputer.com – May 11 2023 21:05
Methodist Family Health discloses breach potentially involving sensitive info on childrenDataBreaches.net – May 11 2023 19:41
NC: Gaston College still investigating February cyberattack; personal information stolen still being determinedDataBreaches.net – May 11 2023 13:11
Ransomware attack gets personal for Dragos chiefSC Magazine US – May 11 2023 12:27
Capita Says Ransomware Attack Will Cost It Up to $25 Million SecurityWeek – May 10 2023 12:00
BianLian #ransomware group added Deer Lakes School District () to their victim list. They claims to have access to 180 GB of organizations data.
#USA
#BianLian
#darkweb #databreach
National Gallery of Canada hit by ransomwareitworldca Twitter – May 10 2023 01:45
Play Ransomware Gang Behind KLC Network Services Cyber AttackThe Cyber Express – May 09 2023 12:46
1M records stolen from electronic health record software provider NextGenSiliconANGLE – May 09 2023 00:49
Tactics & Techniques
Discussion and mentions of significant techniques deployed by threat actors.
🎯 Since 2020, CrowdStrike has increasingly observed big game hunting (BGH) threat actors deploying Linux versions of ransomware tools specifically designed to affect VMWare’s ESXi vSphere hypervisor.
Learn more. ⬇️
CrowdStrike Twitter – May 15 2023 10:08
Russia-affiliated CheckMate ransomware quietly targets popular file-sharing protocolSecurity Affairs – May 13 2023 07:32
BlackSuit Ransomware Strikes Windows and Linux UsersCyble Blog – May 12 2023 12:41
CISA, FBI: Ransomware Gang Exploited PaperCut Flaw Against Education FacilitiesSecurity Week – May 12 2023 10:07
Iranian Threat Groups Abuse PaperCut Flaw: Warns MicrosoftCyware – May 11 2023 10:52
Analysis of CLR SqlShell Used to Attack MS-SQL ServersASEC Blog AhnLab English – May 11 2023 00:00
Cactus Ransomware Infiltrates Networks by Exploiting VPN FlawsHeimdal Security Blog – May 10 2023 14:45
Make them pay: Hackers device new tactics to ensure ransomware paymentCSO Magazine – May 10 2023 07:52
Researcher Analysis
Analysis, deep-dives and reverse engineering.
Qilin’s Dark Web Ransomware Targets Critical SectorsInfosecurity Today – May 15 2023 17:08
Cybercriminals who targeted Ukraine are actually Russian government hackers, researchers sayTechCrunch – May 15 2023 15:49
Newly identified RA Group compromises companies in U.S. and South Korea with leaked Babuk source codeTalos Blog – May 15 2023 12:00
LokiLocker, a Ransomware Similar to BlackBit Being Distributed in KoreaASEC Blog AhnLab English – May 15 2023 00:00
Ransomware Roundup – MaoriFortinet – May 12 2023 17:28
Technical Analysis of CryptNet RansomwareSecurity Boulevard – May 12 2023 15:30
Dissecting Rancoz RansomwareCyble Blog – May 11 2023 11:48
GRIT Ransomware Report: April 2023Security Bloggers Network – May 11 2023 10:00
Hypervisor Ransomware | Multiple Threat Actor Groups Hop on Leaked Babuk Code to Build ESXi LockersSentinelLabs – May 11 2023 09:55
New ransomware trends in 2023Kaspersky Lab – May 11 2023 08:00
The State of Ransomware 2023Sophos News – May 10 2023 10:00
Threat Assessment: Royal RansomwareUnit42 Palo Alto – May 09 2023 13:00
Legal Actions and Discussion
Actions, consequences, and policy discussion by governments and organisations.
To keep fighting ransomware, the United States needs more informationWashington Post – May 15 2023 21:03
Insured companies more likely to be ransomware victims, sometimes more than onceCSO Magazine – May 15 2023 09:43
A New Twist in the Ransomware Debate: Is it Negligent to Fail to Pay Ransom?JD Supra – May 15 2023 00:00
Did Oakland have right cyber insurance before the ransomware hack? Here’s what expert saysABC 7 News TV – May 13 2023 03:01
VPN vulnerability led to ransomware attack on Law Society: PDPCChannel NewsAsia – May 12 2023 08:58
Think tank to govt: Push Quad on clear ransomware policyInnovationsAus.com – May 11 2023 14:21
Further expansion advanced by Counter Ransomware InitiativeSC Magazine US – May 10 2023 16:46
Data ties healthcare cyberattacks to greater disruptions at nearby hospitalsSC Magazine US – May 09 2023 15:54
The content in this report was compiled by the use of our award-winning intelligence product Silobreaker Online. Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of any content in this report and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content in the report.
