The Week in Ransomware – March 3rd 2023 – Wide impact attacks

This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile.

The attack started on February 23rd, forcing the company to shut down portions of its IT systems, among its services.

However, it wasn’t until February 28th that DISH finally , with multiple sources telling BleepingComputer that the Black Basta ransomware gang was responsible.

The other big news item was a report that the , including data theft. It is not known what ransomware operation is behind the attack.

Finally, the White House , with a strong emphasis on targeting ransomware operations.

Other ransomware attacks we learned more about this week include ones on the , , , and the .

Contributors and those who provided new ransomware information and stories this week include: , , , , , , , , , , , , , , , , ,, , , , and .

February 25th 2023

American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours.

February 27th 2023

Threat actors are promoting a new ‘Exfiltrator-22’ post-exploitation framework designed to spread ransomware in corporate networks while evading detection.

The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as “a stand-alone USMS system.”

found a new VoidCrypt variant that appends the .lilmoon extension and drops a ransom note named Dectryption-guide.txt.

PCrisk found a ransomware that appends the ..726 and driops a ransom note named RECOVER-FILES-726.html.

February 28th 2023

Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday.

Cybersecurity company Bitdefender has released a free MortalKombat ransomware decryptor that victims can use to restore their files without paying a ransom.

March 1st 2023

Canadian bookseller Indigo denied that any customer data was stolen last month during a ransomware attack that took down its website. Data from the multibillion-dollar company’s workers, however, didn’t fare as well.

PCrisk found a new Chaos variant that appends the .skull extension and drops a ransom note named read_it.txt.

March 2nd 2023

Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company’s Fortra GoAnywhere MFT secure file-sharing platform.

The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country’s cyberspace towards software vendors and service providers.

Two universities in Tennessee and Louisiana are struggling with cyberattacks that have crippled campus services and left students scrambling to find alternative tools.

PCrisk found new STOP ransomware variants that append the .gosw and .goaq extensions.

March 3rd 2023

The Play ransomware gang has taken responsibility for a cyberattack on the City of Oakland that has disrupted IT systems since mid-February.

LockBit , one of thelargest ransomware groups in the world, published sensitive information from the Rosario insurance company La Segunda : there are judicial files, expert reports and sensitive medical data of affiliates, among others.

PCrisk found a new MedusaLocker ransomware variants that appends the .skynetwork8 extension.

PCrisk found a new STOP ransomware variant that appends the .goba extension.

That’s it for this week! Hope everyone has a nice weekend!