Halcyon Closes $40M Series B with Bain Capital Ventures

Learn more

Last Week in Ransomware: 02.12.2024

Written by
Halcyon Team
Published on
February 12, 2024

Last Week in ransomware news we saw ransomware attacks push the terrorism threshold, ransomware payments exceeding $1 Billion in 2023, and automation speeding time to infection...

Ransomware Attacks are Terrorism

In recent days, a chilling scenario has unfolded at Lurie Children's Hospital of Chicago, where a ransomware attack has plunged critical systems into chaos for nearly a week.  

The ramifications are dire: hundreds of thousands of patients and their families have been left stranded without access to care, medical records, or even communication with their pediatricians. Elective surgeries are postponed, test results remain inaccessible, and the entire healthcare infrastructure is in disarray.

The gravity of this situation cannot be overstated. It's not just an IT issue or a mere inconvenience—it's a matter of life and death. Imagine if a gunman stormed into a children's hospital, holding patients and staff hostage, and halting medical care for days on end.  

The outcry would rightly label it as terrorism. Yet, when a faceless attacker infiltrates critical healthcare systems, holding them ransom and jeopardizing patient safety, we hesitate to apply the same label.

This is a call to action. Ransomware attacks against healthcare providers are not simply security breaches; they are acts of cyberterrorism. They deliberately target the most vulnerable in society, exploiting their desperation for profit. These attacks go beyond disrupting business operations—they directly endanger lives.

Studies have shown a disturbing correlation between ransomware attacks and patient mortality rates. Hospitals are forced to divert ambulances, suspend services, and even cease operations altogether in the face of these threats. The financial toll is staggering, with billions lost in network downtime and countless patient records compromised.

The question is: why aren't we treating this as the national security crisis it is? Healthcare organizations, already stretched thin, lack the resources to defend against sophisticated cyber threats. Ransomware operators exploit this vulnerability, knowing that lives hang in the balance.

It's time for decisive action. We must recognize ransomware attacks for what they truly are: acts of terrorism against our healthcare system. This means allocating resources, implementing stringent cybersecurity measures, and holding perpetrators accountable to the fullest extent of the law.

The lives of patients—our loved ones, our children—depend on it. If we fail to act now, we risk allowing these attacks to escalate, with devastating consequences for us all.


Automation Accelerates Time to Infection

In the ever-evolving landscape of cybersecurity threats, ransomware remains a persistent and increasingly sophisticated menace. Recent observations highlight a concerning trend: the acceleration of ransomware infection through automation.

In December 2022, researchers uncovered a distressing case where ransomware operators exploited a Remote Desktop Protocol (RDP) instance to infiltrate a network swiftly. Within a few hours of gaining initial access, attackers exfiltrated data and deployed ransomware across the entire system.

Their arsenal included automated scripts that facilitated various intrusive actions, from disabling antivirus to modifying firewalls, all orchestrated seamlessly using tools like Netscan and PSEXEC.

This incident underscores a sobering reality: the majority of organizations struggle to defend against such well-equipped adversaries. Ransomware attacks, once viewed as mere IT issues, have escalated to the level of cyberterrorism, necessitating urgent government intervention.

Ransomware gangs, backed by substantial resources, continually refine their tactics, techniques, and procedures (TTPs), leveraging automation to streamline their operations. The Cl0p ransomware gang's onslaught on numerous organizations exemplifies this trend, with attackers constantly refining their attack sequences for greater efficiency.

Recent reports reveal a chilling development: a drastic reduction in the time to infection, plummeting from an average of 4.5 days to mere hours after initial compromise. This accelerated pace leaves defenders with a shrinking window to detect and respond to threats effectively.

The evolution of ransomware is marked by the proliferation of advanced techniques, including zero-day exploits, DLL side-loading, and Living-off-the-Land (LoLB) tactics, once the domain of sophisticated state-sponsored actors. Ransomware strains like Rorschach, known for their automation and rapid encryption, epitomize this trend.

Moreover, ransomware gangs like Vice Society and Play have weaponized automation further, employing custom tools to automate data exfiltration and evade detection. These developments underscore the urgent need for robust government intervention, moving beyond mere guidelines to classify ransomware attacks against critical infrastructure as acts of cyberterrorism.

In conclusion, the rapid evolution of ransomware, fueled by automation, poses an existential threat to organizations worldwide. Addressing this menace requires concerted efforts, not just from cybersecurity professionals but also from governments, to safeguard critical infrastructure and combat cyberterrorism effectively.


Ransom Payments Top $1 Billion in 2023

A recent report has unveiled a distressing milestone in the realm of cybersecurity: ransomware payments in 2023 surged past a staggering $1 billion, shattering all prior forecasts. This alarming figure, however, merely scratches the surface, failing to encapsulate the full economic toll wrought by these malicious attacks.

Chainalysis, the entity behind the report, underscores the inadequacy of this figure, citing instances such as the targeted assaults on MGM Resorts by ALPHV-BlackCat and Scattered Spider.  

Although MGM refused to yield to ransom demands, the resultant damages spiraled to an eye-watering $100 million. Such cases serve as poignant reminders of the extensive fallout that accompanies ransomware assaults.

Moreover, the report cautions that these estimates represent a conservative reckoning, liable to surge as new ransomware avenues emerge over time. This sentiment is underscored by the revision of 2022's initial ransom tally, which has soared by a substantial 24.1%.

Unsurprisingly, ransom payments breaching the billion-dollar threshold epitomize the growing menace posed by ransomware syndicates. These nefarious entities operate with the precision and structure reminiscent of legitimate software-as-a-service (SaaS) enterprises, amplifying the sophistication of their attacks.

The prevalence of ransomware strikes across diverse industry verticals underscores the ubiquitous nature of this threat. Alarmingly, the first half of 2023 witnessed a surge in victims, eclipsing the tally for the entire preceding year. Leveraging Ransomware-as-a-Service (RaaS) platforms, threat actors executed attacks with alarming efficiency.

The repercussions reverberate across sectors, with healthcare, education, and critical infrastructure bearing the brunt of these assaults. The healthcare sector alone hemorrhaged tens of billions of dollars over seven years, underscoring the dire economic toll.

Yet, the true extent of the crisis remains obscured, with a substantial portion of attacks going unreported. Shockingly, a mere 20% of ransomware incidents find their way to law enforcement, hinting at a pervasive underreporting epidemic.

In light of these harrowing realities, calls for reclassifying ransomware attacks targeting critical infrastructure as acts of state-sponsored terrorism resonate with urgency. Beyond the astronomical financial losses, the burgeoning threat to human lives underscores the imperative for robust, coordinated action.

As ransomware syndicates continue to evolve and proliferate, the imperative for decisive intervention has never been more pressing. Failure to confront this existential threat head-on risks dire consequences for individuals, businesses, and society at large.


U.S. Post $10 Million Bounty on Hive Ransomware Gang

The United States has just put a $10 million bounty on the heads of the Hive ransomware gang. Yeah, you heard that right, ten million big ones.

According to reports from Reuters, Hive has been wreaking havoc in over 80 countries, including the good ol' US of A. But here's the kicker – the FBI managed to sneak into their systems back in July 2022, snagged their decryption keys, and handed them out like candy to victims, preventing over $130 million in ransoms. Talk about a cyber showdown!

But it doesn't end there. In May 2023, the US government indicted and sanctioned a Russian national named Mikhail Matveev, linking him to Hive, LockBit, Babuk, and even the notorious Conti ransomware gangs. This guy was like the kingpin of cybercrime!

Now, here's where it gets wild – Hive wasn't an island. It was part of this tangled web of ransomware gangs, all connected like some digital mafia. After Hive got the FBI smackdown, a new gang called Nokoyawa popped up, and it's believed to be their successor. It's like playing whack-a-mole with hackers!

And get this – the FBI discovered that only about 20% of ransomware attacks were being reported. That means there's a whole iceberg of cybercrime lurking beneath the surface.

But wait, there's more. Enter PlayCrypt, another ransomware operation causing chaos left and right. They're hitting cities, judiciaries, and even sneaking into government agencies.

So, what's the takeaway? Cybercrime isn't just a game anymore. It's a full-blown war, and we're all on the front lines. Stay vigilant, keep those systems updated, and for the love of all things digital, report any suspicious activity. And who knows, you might just earn yourself a cool ten million bucks.


Halcyon.ai is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform to fill endpoint protection gaps and defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by attackers to stop attackers. The solution is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Interested in getting a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert