ransomware

Is banning ransom payments necessary?

Cash Ransomware Ransom Payments Hackers Getty
As cybercriminals continue to reap the financial rewards of their attacks, talk of a federal ban on ransom payments is getting louder. Since then, just as talk of a potential ransom payment ban has gotten louder, so has the ransomware activity. Is a ban on ransom payments the solution? For a ban on ransom payments to be successful, international and universal regulation would need to be implemented — which, given varying international standards around ransom payments, would be almost impossible to enforce. Given the brazen nature of these attackers, it’s unlikely that they would be deterred by a ban on ransom payments.

“UnitedHealth Definitively Identifies Ransomware Group Responsible for Change Healthcare Breach During Ongoing Disruptions in Pharmacy Services”

Unitedhealth Change Uhc Uhg Optum Breach Ransomware 1
American health insurance giant UnitedHealth Group has confirmed a ransomware attack on its health tech subsidiary Change Healthcare, which continues to disrupt hospitals and pharmacies across the United States. “Based on our ongoing investigation, there’s no indication that except for the Change Healthcare systems, Optum, UnitedHealthcare and UnitedHealth Group systems have been affected by this issue.”In a post on its dark web leak site on Wednesday, ALPHV/BlackCat took credit for the cyberattack at Change Healthcare. Change Healthcare merged with U.S. healthcare provider Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group, the largest health insurance provider in the United States. Change Healthcare said it took much of its systems offline to expel the hackers from its systems. Do you work at Change Healthcare, Optum or UnitedHealth and know more about the cyberattack?

“Federal Agency Breaches LockBit, but LockBit Prevails: What’s Next?”

Ransomware
Just five days on, LockBit announced that its operations had resumed, claiming to have restored from backups unaffected by the government takedown. Law enforcement claiming overwhelming victory while the apparent LockBit ringleader remains at large, threatening retaliation, and targeting new victims puts the two at odds — for now. With the apparent administrator LockBitSupp still in action — the last remaining piece of the LockBit puzzle — it’s unlikely LockBit is going away. Ransomware gangs are known to quickly regroup and rebrand even after law enforcement disruption claims to have taken them down for good. At the time of writing, ALPHV’s leak site remains up and running — and continues to add new victims almost daily.

US Prescription Filling Hindered by Ransomware Attack on Change Healthcare System

Unitedhealth Change Uhc Uhg Optum Breach Ransomware
A spokesperson for Change Healthcare did not immediately respond to a request for comment. Change Healthcare is an American healthcare tech giant and one of the country’s largest processors of prescription medications, handling prescriptions and billing for more than 67,000 pharmacies across the U.S. healthcare system. The healthcare tech giant handles 15 billion healthcare transactions annually — or about one-in-three U.S. patient records. Change Healthcare merged with healthcare provider Optum in 2022 as part of a $7.8 billion deal under UnitedHealth Group. The cyberattack at Change Healthcare began on February 21 early on the U.S. East Coast, causing widespread outages at pharmacies and healthcare facilities.

Security Experts Warn: ConnectWise Vulnerabilities Being Exploited by Hackers to Deploy LockBit Ransomware

Ransomware Bugs Black Samuil Levich Getty
Security experts are warning that a pair of high-risk flaws in a popular remote access tool are being exploited by hackers to deploy LockBit ransomware — days after authorities announced that they had disrupted the notorious Russia-linked cybercrime gang. In a post on Mastodon on Thursday, Sophos said that it had observed “several LockBit attacks” following exploitation of the ConnectWise vulnerabilities. “Two things of interest here: first, as noted by others, the ScreenConnect vulnerabilities are being actively exploited in the wild. Rogers said that Huntress has seen LockBit ransomware deployed on customer systems spanning a range of industries, but declined to name the customers affected. The company’s website claims that the organization provides its remote access technology to more than a million small to medium-sized businesses.

Uncovering Key Takeaways from the LockBit Takedown: A Compilation of Lessons Learned

Lockbit Ransomware Screen Uk
Even ransomware gangs fail to patch vulnerabilitiesYes, even ransomware gangs are slow to patch software bugs. Lockbit ransomware group administrative staff has confirmed with us their websites have been seized. pic.twitter.com/SvpbeslrCd — vx-underground (@vxunderground) February 19, 2024Ransomware takedowns take a long timeThe LockBit takedown, known officially as “Operation Cronos,” was years in the making, according to European law enforcement agency Europol. Given Kondratiev has hands in at least five different ransomware gangs, the sanctions are likely to make his life five times more difficult. We found various Easter eggs hidden on the now-seized LockBit site.

US Implements Sanctions Against LockBit Members in Wake of Ransomware Takedown

Lockbit Seized Ransomware Screenshot
The U.S. government has sanctioned two key members of LockBit, the Russian-speaking hacking and extortion gang accused of launching ransomware attacks against victims across the U.S. and internationally. The U.S. sanctions announced Tuesday are the latest round of actions targeting the hackers behind LockBit and other prolific ransomware gangs. In 2022, Russian-Canadian dual national Mikhail Vasiliev was arrested on allegations of launching multiple LockBit ransomware attacks. A third suspect, Russian national Mikhail Pavlovich Matveev, was accused of involvement in several ransomware operations, including LockBit. Security researchers say that ransomware victims who pay a ransom are more likely to experience subsequent ransomware attacks.

US and UK Officials Report Capture of Dark Web Leak Site Linked to LockBit Ransomware Group

Lockbit Takedown
A coalition of international law enforcement agencies, including the FBI and the U.K.’s National Crime Agency, have disrupted the operations of the prolific LockBit ransomware gang. LockBit’s dark-web leak site — where the group publicly lists its victims and threatens to leak their stolen data unless a ransom demand is paid — was replaced with a law enforcement notice on Monday. “This site is now under the control of the National Crime Agency of the UK, working in close cooperation with the FBI and the international law enforcement task force, ‘Operation Cronos,’ the message reads. The group last year claimed responsibility for attacks against aerospace giant Boeing, chipmaker TSMC, and U.K. postal giant Royal Mail. Monday’s takedown is the latest in a series of law enforcement actions targeting ransomware gangs.

The Profitable Business of Ransomware Gangs

Money Grab Bryce
Why are ransomware gangs making so much money? 2023 was a lucrative year for ransomware gangs, fueled by an escalation in threats and tacticsFor many organizations and startups, 2023 was a rough year financially, with companies struggling to raise money and others making cuts to survive. While 2023 was overall a bumper year for ransomware gangs, other hacker-watchers observed a drop in payments toward the end of the year. Record-breaking ransomsWhile more ransomware victims are refusing to line the pockets of hackers, ransomware gangs are compensating for this drop in earnings by increasing the number of victims they target. The company also predicts that a ransom payments ban would lead to the overnight creation of a large illegal market for facilitating ransomware payments.

Russian Citizen Accused of Masterminding Medibank Ransomware Attack Faces US Sanctions

Medibank
The U.S. government sanctioned a Russian national for allegedly playing a “pivotal role” in the ransomware attack against Australian health insurance giant Medibank that exposed the sensitive information of almost 10 million patients. The breach is believed to have impacted several high-profile Medibank customers, including senior Australian government lawmakers. The U.S. Treasury Department sanctioned Ermakov shortly after the Australian government imposed first-of-its-kind sanctions against the Russian national. According to the U.S. Treasury, REvil ransomware has been deployed on approximately 175,000 computers worldwide, garnering at least $200 million in ransom payments. The FSB’s surprise operation came just months after the U.S. Department of Justice charged a 22-year-old Ukrainian citizen linked to the REvil ransomware gang due to his alleged role in the Kaseya attack.