Last Week in Ransomware: 04.29.2024

Written by
Halcyon Team
Published on
Apr 29, 2024

Last week in ransomware news we saw Volt Typhoon highlight the dual nature of ransomware attacks, LockBit alive and claiming DC agency data leak, and ransomware shutter Octopharma Plasma operations...  

LockBit is Alive and Kicking

The LockBit ransomware gang, previously thought to have been significantly crippled by a law enforcement operation, has resurfaced with a data breach targeting the D.C. Department of Insurance, Securities and Banking (DISB).  

In mid-April, LockBit claimed to have infiltrated DISB's systems, compromising up to 800GB of sensitive data and threatening to expose it unless a ransom was paid. DISB was alerted to the breach by Tyler Technologies, their third-party software provider, prompting them to immediately take their systems offline and launch an investigation.

This incident underscores the evolving tactics of ransomware operators, who now frequently engage in data exfiltration alongside encryption, increasing the pressure on victims to pay up.  

Even if a ransom is paid, there's no guarantee that the stolen data won't be exploited, potentially leading to regulatory fines, legal repercussions, and damage to the organization's reputation.  

To combat these threats, organizations must prioritize robust cybersecurity measures, including encryption, access controls, and employee training.

Furthermore, efforts should focus on preventing and detecting attacks at the data exfiltration stage rather than solely reacting to ransomware payloads.

By investing in early detection and prevention strategies, organizations can mitigate the impact of ransomware attacks and protect their valuable data assets.  

Halcyon's recently published reference guide, What Executives Should Know about Ransomware offers insights for C-level executives on bolstering their organization's security posture and effectively combating ransomware threats.


When Ransomware Serves Geopolitical Interests

FBI Director Christopher Wray issued a dire warning about Chinese government-linked threat actors infiltrating U.S. critical infrastructure, highlighting the ongoing Volt Typhoon hacking campaign.  

This campaign has targeted American companies in vital sectors such as telecommunications, energy, and water, with 23 pipeline operators among its victims.  

While the FBI attributes these attacks to China, the Chinese Ministry of Foreign Affairs denies government involvement, attributing Volt Typhoon to a criminal ransomware group.

The key takeaway is the potential dual nature of ransomware operations, often overlooked by policymakers. While these attacks may appear as cybercriminal activity, they could also serve as proxy attacks advancing the interests of adversarial nations like China.  

Such attacks pose significant threats to critical infrastructure, including healthcare providers, leading to poor patient outcomes and even fatalities.

Evidence suggests a significant portion of ransomware operators have ties to nation-state actors, with a substantial portion of ransomware revenue flowing to groups associated with Russia.  

This blurring of lines between cybercriminals and state-sponsored actors complicates attribution and provides plausible deniability for nations like China, Russia, Iran, and North Korea.

Urgent action is needed to address ransomware attacks targeting critical infrastructure, potentially classifying them as nation-state-supported terrorist acts.  

By acknowledging the geopolitical motivations behind these attacks, governments can explore a range of response options, including offensive cyber measures and traditional military actions, to deter future attacks.  

Ransomware against critical infrastructure must be recognized as a form of terrorism, necessitating a shift from treating it solely as a criminal matter.


Octapharma Operations Halted by Ransomware Attack

A ransomware attack targeted Octapharma Plasma, causing the closure of over 150 blood plasma donation centers across the US. While the company attributed the shutdown to "IT issues," sources suggest it fell victim to a BlackSuit ransomware infection.  

The incident poses significant challenges for Octapharma's European operations, as the majority of their plasma supply originates from the US.

This event amplifies concerns surrounding ransomware attacks in the healthcare sector. Change Healthcare, for instance, anticipates remediation costs of $872 million for Q1-2024 following the February attack.  

Moreover, these attacks have far-reaching consequences beyond financial losses, impacting patient care and even contributing to mortality rates. Studies reveal a disturbing trend, with ransomware attacks disrupting operations, delaying procedures, and exposing sensitive patient information.

Traditional security measures often prove insufficient against evolving ransomware threats, leading to devastating consequences for healthcare organizations.  

The Change Healthcare incident underscores the growing legal and regulatory liabilities associated with such attacks, especially considering the increasing prevalence of data exfiltration tactics employed by ransomware operators.

As executives grapple with the escalating ransomware threat, proactive measures are essential to safeguard organizational integrity.  

Halcyon's recently published guide, What Executives Should Know about Ransomware, offers valuable insights for C-level executives to fortify their organizations' security posture against ransomware attacks.  

Recognizing the dual nature of these attacks and their potential to disrupt critical operations, executives must prioritize comprehensive cybersecurity strategies to mitigate risks effectively.

READ MORE HERE is the leading anti-ransomware company. Global 2000 companies rely on the Halcyon platform defeat ransomware with minimal business disruption through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration and extortion prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS (Ransomware as a Service) and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started
3 is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow to store and process the personal information submitted above to provide you the content requested.