Last Week in Ransomware: 10.02.23

Hold onto your cyber-hats because Last Week in Ransomware News we saw ransomware mayhem putting schools under siege, DHS security threatened, more sensitive data leakage, and a multinational corporation failing following ransomware attack...

Cl0p Attack Threatens 890 Schools

Let's start at school, shall we? The National Student Clearinghouse, the end-all-be-all of educational data, fell victim to the notorious Cl0p ransomware gang.  

These criminals exploited a patchable vulnerability in the MOVEit managed file transfer software, leading to data exfiltration galore. Names, Social Security numbers, dates of birth, and more spilled into the wrong hands.  

Lesson learned? Threat actors are automating their attack sequences, making vulnerability exploitation a breeze. Speaking of automation, the Cl0p gang has been on a rampage, hitting over a thousand victims this year.  

But there's a silver lining: the more these cyber criminals automate, the more footprints they leave in their wake. That's a cue for vigilant defenders to spot their activity early in the game. Read More Here...

Sony Data for Sale on Dark Web

Now, let's globe-trot to Sony, where a mysterious newcomer, Ransomed.vc, claims to have swiped sensitive secrets.  

They're not just encrypting data for ransom; they're threatening to spill the beans on GDPR violations to EU authorities if the cash doesn't flow. Sony's been down this road before, but this new twist adds a layer of complexity to the double extortion game.

Sony's plight highlights a chilling trend: modern ransomware attacks are like an all-you-can-eat buffet of digital intrusion. Attackers sneak in, snatch data, and hold it hostage for extra leverage. And sometimes, they'll charge extra for the stolen goods.

Zooming out, the ransomware epidemic isn't slowing down. In the first half of 2023, over 2,300 organizations got caught in the ransomware web, a 74% jump from the previous quarter. The bill? A staggering $265 billion by 2031. It's a booming business, and no one's safe.

The attackers are getting craftier, using ransomware-as-a-service (RaaS) and evading traditional defenses. Some even have nation-state connections. We're talking sophisticated maneuvers and a bumpy ride for defenders. Read More Here...

Ransomware Leaves KNP Logistics Insolvent

Now, behold the dark clouds over KNP Logistics, the UK's largest logistics provider. A ransomware attack sank their ship, rendering the logistics giant insolvent and leaving 730 employees high and dry.  

Ransomware-as-a-Service (RaaS) and other operators are implementing novel evasion techniques into their payloads specifically designed to evade or completely circumvent traditional endpoint protection solutions.

While larger organizations can absorb these costs, this potentially represents an existential threat to companies and their employees’ jobs - as was the most unfortunate case for KNP Logistics. If your organization is not prioritizing anti-ransomware defenses, you should really be asking why not.

Ransomware isn't just an IT problem; it's an existential threat that can sink companies and livelihoods. Read More Here...

DHS Investigates Security Information Exfiltrated in Johnson Controls Attack

And let's not forget about the data exfiltration dance. These bad actors aren't just locking systems, they're stealing secrets. The fallout can be catastrophic, from regulatory trouble to lawsuits and corporate espionage. It's a digital wild west out there, and everyone's at risk.

Johnson Controls, a major player in alarm and building automation systems, has found itself in hot water. They've had their fingers in some classified pies at the DHS, holding the blueprints and security secrets of critical government facilities.  

DHS is now sweating bullets, worried that these secrets might've fallen into the wrong hands following a ransomware attack on Johnson Controls. It's not the first time we've seen this movie.

Remember the Target breach through their HVAC contractor? Well, third-party risk is the name of the game here. See, the threat isn't just about ransomware locking systems; it's about downstream chaos and data sneaking out the back door.

Take the Kaseya attack in 2021 as a cautionary tale. Cyber crooks used a legitimate update to spread ransomware through Kaseya's systems. Even the most robust security programs couldn't stop it.  

This isn't just the DHS's problem; it's a wake-up call for all organizations about third-party risk.

Lesson learned? Organizations need to follow the Principle of Least Privilege and keep third-party access to a minimum. It's time to beef up defenses with regard to third-party risk to detect and block downstream attacks and prevent data exfiltration.  

The battle lines aren't just drawn around organization’s networks, but in the vast web of connections with third-party partners. Read More Here... ‍

‍

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile (PDF), and check out the Recent Ransomware Attacks resource site.