The Week in Ransomware January 13th 2023 LockBit is in the spotlight

As we discovered yesterday, LockBit was behind Royal Mail’s attack on ransomware.

Royal Mail, the UK’s biggest mail service provider, is a vital infrastructure that can have a major impact on the economy and the supply chain.

on Wednesday that resulted in international shipping being halted.

Yesterday we discovered that the disruption was which encrypted computers required for printing customs dockets in international shipping.

LockBit has grown to become the most popular ransomware company, making it seem very large. Affiliates target critical infrastructure and hospitals for children, even though this is against the gang’s policies.

LockBit released the , but it is not clear if this will be available for Royal Mail.

This week, we also discovered that the Vice Society Ransomware attack and a large Australian fire service.

With the various reports below, new research was done on ransomware.

CISA requires before the end of January because it was actively exploited by Play and Cuba ransomware operators.

This week’s ransomware stories and contributors include @DanielGallagher @PolarToffee @Seifreed @billtoulas @malwareforme @struppigel @Ionut_Ilascu @FourOctets @malwrhunterteam @BleepinComputer @LawrenceAbrams @fwosar @serghei @pcrisk @UK_Daniesches, #uuuuuuuuuuallan, hihihihihihihihihihihihihihi and @ukuuhid7 @shukuuuallan, atuuuuuuuuhid7, the @IShukuuuuuuuuhid7, #ashukuhihihihid7, ukuuallan, and

February 9th, 2023

discovered a new Dharma ransomware version that adds the .mao extension.

PCrisk discovered a new Dharma ransomware version that adds the .zoqw and drops a ransom note called _readme.txt.

PCrisk discovered a new VoidCrypt ransomware version that adds the .RYKCRYPT and drops a ransom note called unlock–info.txt.

PCrisk discovered a new Xorist ransomware version that adds the .KoRyA to drop a ransom note titled HOW TO Decrypt FILES.txt.

January 10, 2023

Researchers warn that patching vulnerabilities that allow access to the network’s networks is not enough to protect against ransomware attacks.

Cybersecurity and Infrastructure Security Agency has today added two additional security flaws to their list of exploited bugs.

PCrisk discovered a Dharma ransomware variation that adds the .zouu and drops a ransom note called _readme.txt.

January 11, 2023

Royal Mail UK, the UK’s most trusted mail service has abruptly ceased international shipping due to “severe services disruptions” following what it called a cyber incident.

The ways in which malicious actors can evade detection to disable defenses against more devastating HIVE Ransomware attack.

February 12th, 2023

Australia’s Fire Rescue Victoria revealed a cyberattack in December that led to a data breach. The Vice Society ransomware gang now claims the data.

Microsoft claims that Cuban ransomware threats actors have been hacking Microsoft Exchange servers, leaving no protection against the critical server-side request fogery vulnerability (SSRF), also exploited by Play ransomware attacks.

LockBit ransomware has been implicated in a cyberattack against Royal Mail, the UK’s biggest mail delivery service.

This concludes this week. We wish everyone a happy weekend.