The Week in Ransomware - December 2nd 2022 - Disrupting Health Care
- December 2, 2022
- 05:51 PM
- 0
This week's big news was the Colombia health system being severely disrupted by a ransomware attack on Keralty, one of the country's largest healthcare providers.
Patients have had to wait upwards of twelve hours to receive care, with reports of people fainting due to the lack of medical attention.
The
Keralty attack was conducted by the RansomHouse ransomware operation, which claims to have stolen 3TB of data during the attack.
This week's other news includes an uptick in attacks by the rebranded
Trigona Ransomware operation and reports of a new data wiper named
CryWiper targeting local government agencies in Russia.
Zscaler also put out an excellent
technical analysis of Black Basta, and the FBI disclosed that the
Cuba ransomware earned $60 million from over 100 victims.
Contributors and those who provided new ransomware information and stories this week include:
@BleepinComputer,
@LawrenceAbrams,
@FourOctets,
@demonslay335,
@struppigel,
@PolarToffee,
@serghei,
@fwosar,
@DanielGallagher,
@jorntvdw,
@billtoulas,
@Seifreed,
@VK_Intel,
@malwareforme,
@malwrhunterteam,
@Ionut_Ilascu,
@kaspersky,
@xfalexx,
@hyperconectado,
@kennethdee,
@pcrisk,
@pushecx, and
@BrettCallow.
November 26th 2022
The Ragnar Locker ransomware gang has published stolen data from what they thought was the municipality of Zwijndrecht, but turned out to be stolen from Zwijndrecht police, a local police unit in Antwerp, Belgium.
November 28th 2022
PCrisk found new Dharma ransomware variants that append the
.just or
.CRASH extension to encrypted files.
PCrisk found new Xorist ransomware variants that append the
.ety or
.lUUUUUUUUU extensions to encrypted files.
PCrisk found a new Chaos ransomware variant that appends the
.NULL extension and drops a ransom note named
read_it.txt.
November 29th 2022
A previously unnamed ransomware has rebranded under the name 'Trigona,' launching a new Tor negotiation site where they accept Monero as ransom payments.
November 30th 2022
The Keralty multinational healthcare organization suffered a RansomHouse ransomware attack on Sunday, disrupting the websites and operations of the company and its subsidiaries.
PCrisk found new STOP ransomware variants that append the
.uyro and
.uyit extensions.
PCrisk found a new MedusaLocker variant that appends the
.cipher extension and drops a ransom note named
!-Recovery_Instructions-!.html.
PCrisk found a new DATAF Locker ransomware that appends the
.dataf extension and drops a ransom note named
How To Restore Your Files.txt.
December 1st 2022
The FBI and CISA revealed in a new joint security advisory that the Cuba ransomware gang raked in over $60 million in ransoms as of August 2022 after breaching more than 100 victims worldwide.
Zscaler ThreatLabz has been tracking prominent ransomware families and their tactics, techniques and procedures (TTPs) including the BlackBasta ransomware family. On November 16, 2022, ThreatLabz identified new samples of the BlackBasta ransomware that had significantly lower antivirus detection rates. The latest BlackBasta code has numerous differences compared to the original BlackBasta ransomware.
December 2nd 2022
A previously undocumented data wiper named CryWiper is masquerading as ransomware, extorting victims to pay for a decrypter, but in reality, it just destroys data beyond recovery.
A Lynnwood, Washington-based debt-collection company has been sued for compromising the names and Social Security information of more than 3.7 million individuals in a data breach in April 2021.