Last Week in Ransomware: 12.11.23

Written by
Halcyon Team
Published on
Dec 11, 2023

Last week in ransomware news we saw LockBit continue as the undisputed ransomware leader, nation-state proxies leveraged for plausible deniability, and Black Basta ransom proceeds exceed $100M...

Data Exfiltration: An Escalating Risk

This December marks the seventh anniversary of the notorious Yahoo data breach, a watershed moment that highlighted the vulnerability of sensitive data on a massive scale. However, as we reflect on this event, it becomes evident that not much has improved since then, and the threat landscape has evolved, presenting new challenges.

The Yahoo breaches revealed a significant problem in safeguarding sensitive data at scale. Despite advancements in cybersecurity, the compromise of user accounts on a mass scale remains a prevalent and concerning issue.  

Ransomware operators, in particular, have shifted their focus to data exfiltration, making it a pivotal element of their attack strategies. The sheer number of compromised accounts on a daily basis emphasizes that we are far from resolving this persistent threat.

Since the Yahoo breaches, the security industry has introduced notable innovations, including EPP/NGAV, EDR, improved authentication measures, DLP offerings, and the introduction of XDR for early detection.  

However, the pace of attacker innovation often outstrips that of vendors. Successful ransomware operators invest heavily in building sophisticated tools for account compromise, lateral movement, and efficient data exfiltration.  

A determined attacker with ample resources continues to pose a significant threat, highlighting the need for constant vigilance.

In the aftermath of major breach events, legal action targeting executive leaders has become more likely than ever before. Executives are increasingly held accountable for security lapses, as demonstrated by cases following the Uber breach and SolarWinds attacks.  

However, legal and regulatory actions sometimes revictimize the victims, and the US government's effectiveness in protecting organizations against ransomware attacks and data loss events remains a concern.


Iran-linked Attacks and Nation-State Proxy Strategies

Recent events highlight the concerning intersection of cyberattacks and nation-state influence. The Iran-linked threat actor CyberAv3ngers actively targets and compromises U.S. water treatment facilities, exploiting Israeli-made PLC devices with default passwords.  

The use of ransomware attacks as a proxy for nation-state interests raises the specter of state-sponsored terrorism. The difficulty in attribution complicates the response, leaving governments in a challenging position regarding the appropriate course of action.


Black Basta Ransomware: A Financial Juggernaut

The Black Basta ransomware gang has emerged as a formidable adversary, amassing over $107 million in ransom revenue from more than 90 victims in less than two years.  

Known for leveraging unique tactics, techniques, and procedures (TTPs), Black Basta targets a range of industries, favoring vulnerabilities in VMware ESXi. The increasing financial impact of ransomware attacks underscores the urgency for a robust defense strategy.


Cyber Hygiene: A Crucial Defense

As ransomware attack losses are projected to reach $265 billion annually by 2031, the importance of cyber hygiene cannot be overstated. More than 2,300 organizations fell victim to ransomware attacks in the first half of 2023 alone.  

Basic cyber hygiene measures, such as keeping software updated, implementing network segmentation, and educating employees, are essential in raising the bar for attackers.  

While it does not guarantee immunity, good cyber hygiene reduces the likelihood of organizations becoming the "low hanging fruit" for opportunistic attackers.


LockBit Ransomware: A Persistent Global Threat

The LockBit ransomware gang remains a global leader, responsible for a quarter of all ransomware attacks between January 2022 and September 2023.  

Known for its fast encryption speed and innovative RaaS platform, LockBit targets a wide range of organizations, demanding ransoms exceeding $50 million.  

The ransomware's adaptability, including a variant for macOS, highlights the need for a comprehensive defense strategy against evolving threats.

READ MORE HERE is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile, and check out the Recent Ransomware Attacks resource site.

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started
3 is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow to store and process the personal information submitted above to provide you the content requested.