Ransomware Roundup: 02.25.22

Industry
Written by
Halcyon Team
Published on
Feb 25, 2022

It comes as no surprise that we’re seeing ransomware attacks against Ukraine this week and while attribution is usually a fool’s errand, it’s not a stretch to assume these attacks help one very specific actor.

The use of ransomware as a cover for HermeticWiper has been noted by several firms, most notably Symantec, ESET, and SentinelOne who have provided excellent write-ups on the samples. The malware leverages drivers for a popular disk management application, uses seemingly legitimate code-signing certificates, and was compiled several months before the current crisis in Ukraine - take what you will from that last fact. Reports indicate that several sectors were targeted including financial, defense, aviation, and IT services and that ransomware was used as a cover story with the real intent being to destroy data.

Politco reports that the Conti team has vowed to support the Russian government and would use “all possible resources to strike back at the critical infrastructure of an enemy”. The group behind the ever-popular Conti ransomware is best known for hitting hospitals around the world last year.

NBC and others report that President Joe Biden was presented with cyberattack options to disrupt Russian military operations in Ukraine including cyber effects that impact power, transport, and resupply logistics. In response to additional Russian sanctions, the White House via DHS has started to warn business about the possibility of ransomware attacks as retaliation with CISA issuing a "shields up" alert.

Big Mac fans will be dismayed by a report that the Snatch gang hit McDonald's and is holding ~500GB of corporate data for ransom.

It will not be an easy weekend for SOC teams and IT departments, please send your security colleagues plenty of caffeine-infused beverages.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

1
2
3
Let's get started
1
1
2
3
1
1
2
2
3
Back
Next
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.