The Week in Ransomware

This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile.

The attack started on February 23rd, forcing the company to shut down portions of its IT systems, causing widespread outages among its services.

However, it wasn’t until February 28th that DISH finally confirmed that they suffered a ransomware attack, with multiple sources telling BleepingComputer that the Black Basta ransomware gang was responsible.

The other big news item was a report that the U.S. Marshals service suffered a ransomware attack, including data theft. It is not known what ransomware operation is behind the attack.

Finally, the White House unveiled its new U.S. national cybersecurity strategy, with a strong emphasis on targeting ransomware operations.

Other ransomware attacks we learned more about this week include ones on the City of Oakland, the Indigo book store chain, Tennessee State University and Southeastern Louisiana University, and the Clop data theft at Hatch Bank.

February 25th 2023

American TV giant and satellite broadcast provider Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours.

February 27th 2023

Threat actors are promoting a new ‘Exfiltrator-22’ post-exploitation framework designed to spread ransomware in corporate networks while evading detection.

The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as “a stand-alone USMS system.”

PCrisk found a new VoidCrypt variant that appends the .lilmoon extension and drops a ransom note named Dectryption-guide.txt.

PCrisk found a ransomware that appends the ..726 and driops a ransom note named RECOVER-FILES-726.html.

February 28th 2023

Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday.

Cybersecurity company Bitdefender has released a free MortalKombat ransomware decryptor that victims can use to restore their files without paying a ransom.

March 1st 2023

Canadian bookseller Indigo denied that customer data was stolen last month during a ransomware attack that took down its website. However, data from the multibillion-dollar company’s workers didn’t fare as well.

PCrisk found a new Chaos variant that appends the .skull extension and drops a ransom note named read_it.txt.

March 2nd 2023

Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company’s Fortra GoAnywhere MFT secure file-sharing platform.

The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country’s cyberspace towards software vendors and service providers.

Two universities in Tennessee and Louisiana are struggling with cyberattacks that have crippled campus services and left students scrambling to find alternative tools.

PCrisk found new STOP ransomware variants that append the .gosw and .goaq extensions.

March 3rd 2023

The Play ransomware gang has taken responsibility for a cyberattack on the City of Oakland that has disrupted IT systems since mid-February.

LockBit , one of thelargest ransomware groups in the world, published sensitive information from the Rosario insurance company La Segunda : there are judicial files, expert reports and sensitive medical data of affiliates, among others.

PCrisk found a new MedusaLocker ransomware variants that appends the .skynetwork8 extension.

PCrisk found a new STOP ransomware variant that appends the .goba extension.

Source: BleepingComputer