The Week in Ransomware, January 20th 2023. – Targeting Crypto Exchanges

This week has seen a lot of ransomware news, including crypto exchanges being seize for money laundering allegations and fascinating reports from researchers about the behaviour of ransomware users.

Jon DiMaggio, who went undercover for months to find out more about LockBit’s ransomware operations and the public representative LockBitSupp is this week’s most interesting report.

If you want to know more about how ransomware has become so popular, DiMaggio’s is a great read.

France and the USA also carried out a law enforcement operation. They seized the domain and . He was accused of laundering ransomware-generated crypto proceeds and illegal drug transactions.

Also, we learned about ransomware attacks that were conducted in this week as well as those from the past.

It’s not all bad news, however, as Avast released a .

Chainalysis reports and Coveware report that between 2022 and 2022, as more companies refused to pay. Instead, the company invests in .

This week’s ransomware stories and contributors include @LawrenceAbrams and @demonslay335, @Seifreed and @billtoulas.

January 16, 2023

One of the most well-known organized cybercrime syndicates is LockBit, which operates as a ransomware group. This gang has been responsible for attacks on high-profile companies and industries in private sector. Many LockBit attacks have been reported by media outlets, and security vendors provide technical analyses explaining why each one occurred. These provide some insight on the attacks but I was interested in the human aspect of it to understand the motivations and behavior of those who were involved.

Avast Security Software has provided a decryptor free of charge for the BianLian Ransomware strain. This will help malware victims recover their files and prevent them from paying hackers.

Vice Society Ransomware Gang has claimed liability for the November 2022 cyberattack against the University of Duisburg-Essen. This attack forced UDE to rebuild its IT infrastructure.

discovered new STOP ransomware variations that add the ,.poqw or .pouu extensions.

PCRisk discovered a new VoidCrypt version that adds the .gogo Extension and drops a ransom notice named unlock–info.txt.

January 17, 2023

Ransomware attacks on a ship’s major software provider have affected approximately 1,000 ships.

PCRisk discovered a Phobos version that adds the .STEEL extension to the Phobos and drops a ransom notice named info.txt.

January 18, 2023

U.S. Department of Justice charged Anatoly Legkodymov (Russian national) with aiding cybercriminals to launder money.

Computer Emergency Response Team of Ukraine, CERT-UA has identified a malicious malware attack on Ukraine’s National News Agency (Ukrinform), to Sandworm Russian Military Hackers.

PCRisk discovered a Xorist version that adds the .BoY Extension and drops a ransom notice named HOW to DECRYPT FILES.txt.

January 19, 2023

Ransomware gangs took $456.8 millions from victims in 2022. This is a decrease of 40% from the $765 million record set the two previous years.

Yum! Yum!

Qulliq Energy Corporation was the victim of an illegal cyberattack that took place on January 15. QEC was the victim of an illegal cyberattack on January 15. The corporation immediately took steps to address the problem.

PCrisk discovered new STOP ransomware variants, which append the .mzqw or .mzop extensions.

February 20th, 2023

Los Angeles Unified Schools District (LAUSD) is the country’s second largest school district. According to Vice Society, the ransomware gang stole files that contained contractors’ personal data, including Social Security Numbers.

The propensity of ransomware victims to pay ransomware ransomware has dropped dramatically over the past four years. It was 85% in Q1 2019, and 37% in Q4 2022. Annually, 41% of ransomware victims paid ransom in 2022 against 76% in 2019. Although cybercriminals are trying to steer the other way, 48 percent of victims paid in 2022 vs. 76% in 2019. This is due to several factors.

Costa Rica’s government was hit again by ransomware, just months after several ministries had been crippled during a broad-based attack using Conti ransomware.

This concludes this week. We wish everyone a happy weekend.