Halcyon Closes $40M Series B with Bain Capital Ventures

Learn more
Industry

Last Week in Ransomware: 12.11.23

Written by
Halcyon Team
Published on
December 11, 2023

Last week in ransomware news we saw LockBit continue as the undisputed ransomware leader, nation-state proxies leveraged for plausible deniability, and Black Basta ransom proceeds exceed $100M...

Data Exfiltration: An Escalating Risk

This December marks the seventh anniversary of the notorious Yahoo data breach, a watershed moment that highlighted the vulnerability of sensitive data on a massive scale. However, as we reflect on this event, it becomes evident that not much has improved since then, and the threat landscape has evolved, presenting new challenges.

The Yahoo breaches revealed a significant problem in safeguarding sensitive data at scale. Despite advancements in cybersecurity, the compromise of user accounts on a mass scale remains a prevalent and concerning issue.  

Ransomware operators, in particular, have shifted their focus to data exfiltration, making it a pivotal element of their attack strategies. The sheer number of compromised accounts on a daily basis emphasizes that we are far from resolving this persistent threat.

Since the Yahoo breaches, the security industry has introduced notable innovations, including EPP/NGAV, EDR, improved authentication measures, DLP offerings, and the introduction of XDR for early detection.  

However, the pace of attacker innovation often outstrips that of vendors. Successful ransomware operators invest heavily in building sophisticated tools for account compromise, lateral movement, and efficient data exfiltration.  

A determined attacker with ample resources continues to pose a significant threat, highlighting the need for constant vigilance.

In the aftermath of major breach events, legal action targeting executive leaders has become more likely than ever before. Executives are increasingly held accountable for security lapses, as demonstrated by cases following the Uber breach and SolarWinds attacks.  

However, legal and regulatory actions sometimes revictimize the victims, and the US government's effectiveness in protecting organizations against ransomware attacks and data loss events remains a concern.

READ MORE HERE

Iran-linked Attacks and Nation-State Proxy Strategies

Recent events highlight the concerning intersection of cyberattacks and nation-state influence. The Iran-linked threat actor CyberAv3ngers actively targets and compromises U.S. water treatment facilities, exploiting Israeli-made PLC devices with default passwords.  

The use of ransomware attacks as a proxy for nation-state interests raises the specter of state-sponsored terrorism. The difficulty in attribution complicates the response, leaving governments in a challenging position regarding the appropriate course of action.

READ MORE HERE

Black Basta Ransomware: A Financial Juggernaut

The Black Basta ransomware gang has emerged as a formidable adversary, amassing over $107 million in ransom revenue from more than 90 victims in less than two years.  

Known for leveraging unique tactics, techniques, and procedures (TTPs), Black Basta targets a range of industries, favoring vulnerabilities in VMware ESXi. The increasing financial impact of ransomware attacks underscores the urgency for a robust defense strategy.

READ MORE HERE

Cyber Hygiene: A Crucial Defense

As ransomware attack losses are projected to reach $265 billion annually by 2031, the importance of cyber hygiene cannot be overstated. More than 2,300 organizations fell victim to ransomware attacks in the first half of 2023 alone.  

Basic cyber hygiene measures, such as keeping software updated, implementing network segmentation, and educating employees, are essential in raising the bar for attackers.  

While it does not guarantee immunity, good cyber hygiene reduces the likelihood of organizations becoming the "low hanging fruit" for opportunistic attackers.

READ MORE HERE

LockBit Ransomware: A Persistent Global Threat

The LockBit ransomware gang remains a global leader, responsible for a quarter of all ransomware attacks between January 2022 and September 2023.  

Known for its fast encryption speed and innovative RaaS platform, LockBit targets a wide range of organizations, demanding ransoms exceeding $50 million.  

The ransomware's adaptability, including a variant for macOS, highlights the need for a comprehensive defense strategy against evolving threats.

READ MORE HERE

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by attackers to stop attackers. The solution is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Interested in getting a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert