Weekly Update: 31 January 2023

Ransomware Rewind is a compilation of ransomware-related stories published over the past week.

Most Active Ransomware Operators

Volume of messages posted by operators during the last week.

Significant Campaigns & Incidents

Documents and discussion of significant ransomware campaigns, incidents, and associated actors.

Ransomware group follows through on threat and publishes Okanagan College information (Kelowna)Castanet.net – Jan 30 2023 23:25

Ransomware attack on Indianapolis Housing Agency leaks sensitive info on 200,000 residentsRecord by Recorded Future – Jan 30 2023 22:52

Atlantic General Hospital experiences ransomware eventWMDT ABC-47 – Jan 30 2023 21:56

Stratford University Announces Data Breach as It Closes ShopBitdefender – Jan 30 2023 09:40

BlackCat Ransomware gang stole secret military data from an industrial explosives manufacturerSecurity Affairs – Jan 27 2023 05:42

Lutheran Social Services of Illinois Announces Data Breach Affecting 184k IndividualsJD Supra – Jan 26 2023 20:43

Livingston Memorial VNA Reports Data Breach Following Apparent Ransomware AttackJD Supra – Jan 25 2023 17:48

Riot Games Says Source Code Stolen in Ransomware AttackSecurity Week – Jan 25 2023 10:52

Tactics & Techniques

Discussion and mentions of significant techniques deployed by threat actors.

Cyber criminal groups wooing hackers with seven-figure salaries and holiday payIT Pro UK – Jan 31 2023 12:01

Ransomware Attacks: Why Email Is Still THE Most Common Delivery MethodPhishLabs – Jan 30 2023 15:12

Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted MalwareCheck Point Research – Jan 30 2023 10:53

UNC2565 threat actors continue to improve the GOOTLOADER malwareSecurity Affairs – Jan 30 2023 05:48

Copycat Criminals mimicking Lockbit gang in northern EuropeSecurity Affairs – Jan 28 2023 21:58

Most criminal cryptocurrency is funneled through just 5 exchangesArsTechnica – Jan 28 2023 12:15

New Mimic Ransomware Abuses Everything APIs for its Encryption ProcessTrend Micro Simply Security – Jan 26 2023 13:11

Researcher Analysis

Analysis, deep-dives and reverse engineering.

SEKOIA[.]IO Ransomware Threat Landscape – second-half 2022Sekoia Blog – Jan 31 2023 12:45

Assm ransomware will encrypt personal filesMedium Cybersecurity – Jan 30 2023 14:54

Schools Are A Rising Target For Ransomware AttacksInformation Security Buzz – Jan 30 2023 14:27

Targets of Opportunity: How Ransomware Groups Find VictimsGovInfoSecurity.com – Jan 27 2023 20:07

Orange Cyberdefense Security Navigator 2023: cyber-extortion dominatesOrange Business Services – Jan 27 2023 17:48

Top 10 Active Ransomware Gangs: Geopolitics, Origin and TargetsMedium Cybersecurity – Jan 27 2023 11:21

GuidePoint Research and Intelligence Team’s (GRIT) 2022 Ransomware Report Highlights the Amount of Threat Group RebrandingYahoo! News – Jan 26 2023 11:03

Ransomware Spotlight: MagniberTrend Micro Security News – Jan 26 2023 10:20

Legal Actions and Discussion

Actions, consequences, and policy discussion by governments and organisations.

Lack of physical loss in ransomware attack raises insurance concerns after court rulingSC Magazine US – Jan 30 2023 19:15

Should ransomware payments be made illegal?SC Magazine UK – Jan 30 2023 18:53

After AIIMS ransomware attack, Modi govt’s building a task force to fight cyber espionageThePrint – Jan 27 2023 12:30

Ransomware fears, regulatory requirements drive threat intelligence interestSC Magazine US – Jan 27 2023 03:06

US offers $10M bounty for Hive ransomware links to foreign governmentsBleepingComputer.com – Jan 26 2023 20:41

New Ransomware Payment Reporting Requirements on HorizonSecurity Boulevard – Jan 26 2023 13:00

U.S. Department of Justice Disrupts Hive Ransomware VariantUnited States Department of Justice – Jan 26 2023 05:00

The content in this report was compiled by the use of our award-winning intelligence product Silobreaker Online. Silobreaker cannot guarantee the accuracy, completeness, integrity or quality of any content in this report and no responsibility is accepted by Silobreaker in respect of such content. Readers must determine for themselves what reliance they should place on the compiled content in the report.

Cookie	Duration	Description
__hssrc	session	This cookie is set by Hubspot whenever it changes the session cookie. The __hssrc cookie set to 1 indicates that the user has restarted the browser, and if the cookie does not exist, it is assumed to be a new session.
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
CookieLawInfoConsent	1 year	Records the default button state of the corresponding category & the status of CCPA. It works only in coordination with the primary cookie.
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
__hssc	30 minutes	HubSpot sets this cookie to keep track of sessions and to determine if HubSpot should increment the session number and timestamps in the __hstc cookie.
bcookie	1 year	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	1 year	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_uetsid	1 day	Bing Ads sets this cookie to engage with a user that has previously visited the website.
_uetvid	1 year 24 days	Bing Ads sets this cookie to engage with a user that has previously visited the website.
SRM_B	1 year 24 days	Used by Microsoft Advertising as a unique ID for visitors.

Cookie	Duration	Description
__hstc	5 months 27 days	This is the main cookie set by Hubspot, for tracking visitors. It contains the domain, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_gtag_UA_1737047_9	1 minute	Set by Google to distinguish users.
_gcl_au	3 months	Provided by Google Tag Manager to experiment advertisement efficiency of websites using their services.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
hubspotutk	5 months 27 days	HubSpot sets this cookie to keep track of the visitors to the website. This cookie is passed to HubSpot on form submission and used when deduplicating contacts.

Cookie	Duration	Description
ANONCHK	10 minutes	The ANONCHK cookie, set by Bing, is used to store a user's session ID and also verify the clicks from ads on the Bing search engine. The cookie helps in reporting and personalization as well.
MUID	1 year 24 days	Bing sets this cookie to recognize unique web browsers visiting Microsoft sites. This cookie is used for advertising, site analytics, and other operations.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.

Ransomware Rewind

Weekly Update: 31 January 2023

Most Active Ransomware Operators

Significant Campaigns & Incidents

Tactics & Techniques

Researcher Analysis

Legal Actions and Discussion

Get started today

Product

Log in

Resources

Partners

Company

Contact

Cookie	Duration	Description
_clck	1 year	No description
_clsk	1 day	No description
AnalyticsSyncHistory	1 month	No description
CLID	1 year	No description
li_gc	5 months 27 days	No description
SM	session	No description available.