Last Week in Ransomware: 10.16.23

Written by
Halcyon Team
Published on
Oct 16, 2023

Ransomware has become a multi-billion-dollar industry, and organizations of all sizes are increasingly falling victim to these attacks.  

Last Week in Ransomware News we saw first-half 2023 ransomware attacks exceed all of 2022 volume, MGM ransomware attack losses estimated to be more than $100 Million, and McLaren Health Care getting hit with multiple class action lawsuits...

MGM's Costly Ransomware Gamble

MGM, the renowned entertainment giant, recently revealed staggering losses of over $100 million due to a ransomware attack orchestrated by the notorious BlackCat/ALPHV ransomware gang.  

MGM's decision not to pay the ransom, despite substantial financial losses, aligns with the recommendations of cybersecurity experts, government authorities, and law enforcement.  

The company's refusal to give in to cybercriminals is rooted in the belief that paying ransoms only fuels the ransomware ecosystem.  

Nevertheless, MGM's resilience serves as a stark contrast to the plight of small- and mid-sized businesses, which could be pushed to the brink of closure by ransomware attacks.

The debate over whether to pay ransoms rages on. Those in favor of paying argue that it's the quickest way to regain access to critical data and minimize the overall impact of an attack.  

They claim that the cost of paying the ransom is often lower than the expenses associated with data restoration and potential financial losses from downtime.

On the opposing side, those against paying ransoms contend that it incentivizes cybercriminals to continue their attacks, feeding the very ecosystem that perpetrates these crimes.  

They also highlight the risk of not receiving the decryption key or suffering future attacks, often at higher ransom amounts.

Rather than paying ransoms, organizations should focus on enhancing their resilience to ransomware attacks. Resilience encompasses endpoint protection solutions, patch management, robust data backup strategies, access controls, and employee awareness training.  

The key to surviving a ransomware attack is preparedness, which includes conducting regular assessments and tabletop exercises to identify and rectify vulnerabilities in business continuity plans...

Read More Here

McLaren Health Care's Legal Woes

A ransomware attack exposing the personal health information of 2.5 million patients has led to multiple federal class action lawsuits against McLaren Health Care.  

Such legal battles can extend well beyond incident response and recovery, incurring significant losses.  

If the ransomware attack does not kill a business, the legal and regulatory fallout certainly could. The financial losses stemming from a ransomware attack can go far beyond incident response and recovery action.

On average, the cost of remediating a ransomware attack surpasses $4 million and doesn't account for intangible damages, like damage to an organization's brand or intellectual property loss...

Read More Here

The Manufacturing Sector Under Siege

The manufacturing sector, a linchpin of global industry, has become a prime target for ransomware attacks.  

Multiple ransomware gangs, including Medusa, Money Message, NoEscape, and 0mega, have disrupted companies across various geographical regions, illustrating the broad scope of the threat:

  • Medusa Assaults Windak
  • NoEscape Besieges Bellsonica Corporation
  • Money Message Hits Maxco Supply
  • 0mega Engulfs US Liner Company

These attacks emphasize the need for cybersecurity professionals in the manufacturing sector to fortify defenses, innovate, and collaborate in order to to anticipate and mitigate potential threats...

Read More Here

Ransomware's Relentless Onslaught

The first half of 2023 saw more ransomware victims than the entire year of 2022. Ransomware-as-a-Service (RaaS) platforms have made it easier for threat actors to execute attacks.  

Notably, Russia has emerged as a prominent threat actor, while new variants and tactics are constantly evolving to evade traditional endpoint protection solutions.

RaaS operators and other data extortion attackers are developing custom tooling and implementing novel evasion techniques into their payloads designed to evade or completely circumvent traditional endpoint protection solutions.

Ransomware operators are expanding their addressable target range with additional Linux variants emerging, as well as one of the first viable variants targeting macOS.

Furthermore, ransomware attacks are creating liability issues and intellectual property loss for organizations as attackers focus on the exfiltration of sensitive data prior to delivering the ransomware payload.

Ransomware attacks are a persistent threat, costing organizations millions of dollars and creating a legal quagmire.  

Until there are substantial measures taken against the sources of ransomware, such as government sanctions and international cooperation, the threat will persist, and organizations will continue to be at risk...

Read More Here is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile (PDF), and check out the Recent Ransomware Attacks resource site.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started
3 is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow to store and process the personal information submitted above to provide you the content requested.