Tag Archive for: Ransomware

CISA, Partners Warn Organizations of Akira Ransomware Attacks

/in


The Cybersecurity and Infrastructure Security Agency and its U.S. and international partners have released a joint cybersecurity advisory, or CSA, warning organizations against the Akira ransomware that has targeted critical infrastructure entities in North America, Europe and Australia.

The CSA outlines known tactics, techniques and procedures used by Akira ransomware operators and indicators of compromise to help organizations respond to ransomware attacks, CISA said Thursday.

According to the advisory, Akira threat actors have deployed a Linux variant targeting VMware ESXi virtual machines after initially focusing on Windows systems.

As of January, the ransomware group has targeted more than 250 organizations and gained approximately $42 million in ransomware proceeds.

In August 2023, Akira attacks started using Megazord, using Rust-based code, and Akira ransomware written in C++ and encrypted files.

CISA and its partners encourage organizations to implement the mitigations outlined in the CSA to reduce the impact of Akira ransomware attacks.

Source…

Hong Kong private hospital given 4 weeks to submit report over US$10 million ransomware attack

/in


Hong Kong health authorities have told a private hospital it has four weeks to submit a detailed report after it was hit by a malicious cyberattack and refused to pay a US$10 million ransom.

The Department of Health said on Saturday that it was investigating the incident at Union Hospital in Tai Wai, with its initial findings showing the ransomware attack had not compromised any patient data or medical services.

“Our initial understanding is that it did not involve [the release of] patients’ data nor did it affect the service security of the hospital,” it said. “The Department of Health has requested the hospital to hand in a detailed report in four weeks.”

Health authorities said they had also notified law enforcement agencies, including police and the city’s privacy commissioner.

Union Hospital revealed on Thursday that it had fallen prey to the ransomware attack on Monday morning, resulting in some “operational disruptions”.

“In response to the attack, the hospital has activated the emergency response system and stepped up cyber security measures to block further intrusion … Union Hospital condemns any form of cyberattack,” the hospital said.

“A team of cybersecurity experts has been appointed to conduct thorough system inspection and recovery in order to ensure medical service continuity.”

The hospital stressed that its staff had been vigilant over cybersecurity threats and ensured that all patient records were encrypted and password-protected.

“The leakage of patient data is unfounded as of now. An investigation into the attack is in progress,” it said.

Record 73% of Hong Kong companies hit by cyberattacks in past year: watchdog poll

The institution said it had reported the case to the department, the privacy commissioner and police, adding that patients with concerns could contact them at [email protected].

Hackers reportedly used ransomware called “LockBit” to target the hospital and demand the US$10 million ransom, which the latter refused to pay.

Police said they received a report from a hospital employee on Monday over abnormalities in the hospital’s network system including some computer files going missing, but no personal data was involved.

Source…

New Mexico institutions pay out thousands to recover from ransomware

/in


You’ve likely heard about ransomware before. It’s malware that hackers can use to seize control of computers, and then they demand money to give that access back.

ALBUQUERQUE, N.M. — You’ve likely heard about ransomware before. It’s malware that hackers can use to seize control of computers, and then they demand money to give that access back.

Emergency procurement documents show New Mexico Highlands University recently had to pay out around $80,000 to get help recovering from an attack.

The New Mexico Administrative Office of the District Attorneys was also hit, and they had to pay around $60,000. That money went to hiring an expert to help them recover data without paying a ransom, and to figure out how the hackers go into the system in the first place.

“They’re attacking different organizations and using those attacks in different ways,” said Lorie Liebrock, director of the New Mexico Cybersecurity Center of Excellence. “So for some organizations, they’re using it to collect ransom because they’re forcing the person they’ve attacked, the company they’ve attacked, by saying, you’re going to have to report this legally. We’ve got you over a barrel, because if you don’t pay us, we’re going to out you. You didn’t report something.”

Liebrock says anytime you have a large digital data set, you’re far more likely to be a target for hackers. She says there is federal funding available through the State and Local Cybersecurity Grant Program to help states improve their cybersecurity.

Source…

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!

/in


More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident response firm Coveware has found.

Ransomware Q1 2024

Victim organizations are increasingly able to withstand an encryption attack and restore operations without the need for a decryption key, they said, and the stolen data is often leaked or traded even after the victims have paid the ransom, which repeatedly proves that paying up is no guarantee.

“LockBit was found to still be holding the stolen data of victims that had paid a ransom, and we have also seen prior Hive victims that had paid the extortion, have their data posted on the Hunters International leak site (a reboot / rebrand of Hive),” the company said, noting that “future victims of data exfiltration extortion are getting more evidence daily that payments to suppress leaks have little efficacy in the short and long term.”

Recent events are changing the ransomware ecosystem

With the distruption (temporary or otherwise) of big players like LockBit and Alphv/Blackcat and their attempts to cheat their affiliates of their due share for a successful attack, many affiliates have started searching for a safer port in the storm and smaller ransomware-as-a-service (RaaS) groups are trying to entice them to join their network.

GuidePoint researchers have recently advised ransomware victims (mostly small and medium size businesses) to think twice before paying off smaller/immature RaaS groups as they:

  • Have less to lose if they don’t keep their word
  • Often exaggerate their claims
  • Often re-extort their victims.

Sophos X-Ops has also discovered 19 cheap, crudely constructed ransomware variants that are being sold primarily on dark web forums to wannabe cybercriminals that want to avoid sharing their profits with (and getting ripped off by) RaaS gangs.

“These types of ransomware variants aren’t going to command the million-dollar ransoms like Cl0p and Lockbit but they can indeed be effective against SMBs, and for many attackers beginning their ‘careers,’ that’s enough,” says Christopher Budd, Sophos’…

Source…