The LockBit ransomware operation has again taken center stage in the ransomware news, as we learned yesterday they were behind the attack on Royal Mail.
Royal Mail is the UK’s largest mail delivery service and is considered a critical infrastructure in the country, with the disruption of its services having a significant impact on the country’s economy and supply chain.
On Wednesday, Royal Mail suffered a cyberattack that led to the halting of international shipping services.
Yesterday, we learned that this disruption was caused by a LockBit ransomware attack that encrypted the computers used to print customs dockets required for international shipping.
With LockBit having grown to be the largest ransomware operation, it also appears to have become very unwieldy, with affiliates targeting critical infrastructure and children’s hospitals, even though it’s against the gang’s policies.
LockBit ultimately released a free decryptor for the SickKids children’s hospital but it is unclear if they will do so for Royal Mail as well.
We also learned this week that the Vice Society Ransomware operation attacked and leaked the data for Fire Rescue Victoria, a large fire and rescue service in Australia.
New research on ransomware was also disclosed, or discovered, with various reports listed below:
CISA now requires federal agencies to patch the OWASSRF flaw by the end of January due to its active exploitation by both the Cuba and Play ransomware operations.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @PolarToffee, @Seifreed, @billtoulas, @malwareforme, @struppigel, @demonslay335, @Ionut_Ilascu, @FourOctets, @malwrhunterteam, @BleepinComputer, @LawrenceAbrams, @fwosar, @serghei, @pcrisk, @MsftSecIntel, @BrettCallow, @UK_Daniel_Card, @SRMInform, @TGesches, @rapid7, @uuallan, @AShukuhi, and @BushidoToken.
January 9th 2023
PCrisk found a new Dharma ransomware variant that appends the .mao extension.
PCrisk found a new Dharma ransomware variant that appends the .zoqw and drops a ransom note named _readme.txt.
PCrisk found a new VoidCrypt ransomware variant that appends the .RYKCRYPT and drops a ransom note named unlock-info.txt.
PCrisk found a new Xorist ransomware variant that appends the .KoRyA and drops a ransom note named HOW TO DECRYPT FILES.txt.
January 10th 2023
Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more security vulnerabilities to its catalog of exploited bugs today.
PCrisk found a new Dharma ransomware variant that appends the .zouu and drops a ransom note named _readme.txt.
January 11th 2023
The Royal Mail, UK’s leading mail delivery service, has stopped its international shipping services due to “severe service disruption” caused by what it described as a “cyber incident.”
How malicious actors evade detection and disable defenses for more destructive HIVE Ransomware attacks.
January 12th 2023
Australia’s Fire Rescue Victoria has disclosed a data breach caused by a December cyberattack that is now claimed by the Vice Society ransomware gang.
Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware attacks.
A cyberattack on Royal Mail, UK’s largest mail delivery service, has been linked to the LockBit ransomware operation.
That’s it for this week! Hope everyone has a nice weekend!