Ransomware - RH-ISAC Blog

Executive Summary The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform, the largest pharmacy payment exchange platform. This declaration of responsibility, which has since been removed on the BlackCat/ALPHV’s facing site, come as the United States…

Context On May 16, 2023, ZScaler threat researchers reported the technical details of a new ransomware-as-a-service (RaaS) operation they’ve observed being advertised on dark web forums. ZScaler researchers provided the following key takeaways: CryptNet is a new ransomware-as-a-service that has been advertised in underground forums since at least April 2023 The CryptNet threat group claims…

Context On January 26, 2023, Trend Micro researchers reported the technical details of a new ransomware they dubbed “Mimic” they observed in June of 2022 targeting English and Russian-speaking users. Technical Details According to Trend Micro researchers, the campaign delivers an executable that drops multiple binaries and an archive containing the payload. Reportedly, the key…

Context On June 24, 2022, AhnLab Security Emergency response Center (ASEC) researchers reported the technical details of an ongoing phishing campaign that uses malicious files disguised as copyright claim documents to deliver the LockBit ransomware. The use of copyright claims as a theme is an ongoing trend in ransomware phishing campaigns observed in the wild….

Businesses interested in scaling up operations are turning to hybrid cloud environments as a cost-effective solution. Hybrid clouds provide the best of both worlds, allowing companies to expand their network without investing in additional, costly on-premises servers that must be maintained. While there are a number of benefits to a hybrid cloud environment, it is,…

Summary The notable ransomware gang known as Conti has, according to security firm Advanced Intel (AdvIntel), taken its infrastructure offline and shut down its ransomware operations. While public-facing ‘Conti News’ data leak and the ransom negotiation sites are still online, the Tor admin panels used by Conti members to perform negotiations, publish news, and generate…

According to Fortinet’s 2021 Global Threat Landscape Report, 94% of organizations say they are concerned about a ransomware attack. The thing they’re most concerned about? 62% said the risk of losing data. Attackers know this; that’s why ransomware attacks are even attempted in the first place. Threat actors understand that data is valuable, and companies…

https://youtu.be/bgAbz3PQBAs In the last few years, ransomware planning has become a priority for cyber teams, with 85% of organizations in Fortinet’s 2021 Global Threat Landscape Report reporting ransomware as their biggest security concern. Similarly, ransomware resilience planning topped the list of CISO initiatives for 2022 in RH-ISAC’s recent Benchmark Report. Ransomware resilience planning tends to…

A botnet is a network of devices that have been infected with malware, allowing a threat actor to control them. However, instead of completely taking over the devices, the individual orchestrating the attack, known as the bot herder, will use a portion of the computer’s bandwidth to run an activity in the background without the…

Context The Hive ransomware variant has been extremely active in the past year. The ransomware was originally discovered in June of 2021, and reportedly is responsible for more than 300 compromises since September 2021. The FBI released a notice warning the public of the threat in August 2021 after Hive ransomware compromised dozens of medical…