Ransomware Roundup: 02.18.22

Written by
Halcyon Team
Published on
February 18, 2022

Not wanting to be outdone by last week’s influx of BlackCat related ransomware activity, the RaaS group known as BlackByte is back in the news after hitting the San Francisco 49ers’ and several US critical infrastructure sectors including government facilities, financial institutions and food & agriculture companies. Details are scant but some reports state that the criminal group has been leveraging multiple Microsoft Exchange Server vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) chained together, aka ProxyShell, for initial access into the victim organizations. The FBI and US Secret Service released a joint advisory (PDF) that includes Indicators of Compromise (IoCs) from the attacks.

While BlackByte was dealt a blow last year when Trustwave researchers released a free decryptor tool due to poor implementation of AES, it’s clear that the group has “improved” their ransomware offering and is back in business.

Emil Frey, Europe’s largest car dealer with over $3.29 billion USD in sales in 2020, was hit by the notorious Hive ransomware group in January. Hive is best known for attacking at least 28 healthcare organizations in 2021.  

It’s annual cyber threat report season and one interesting takeaway from SonicWall’s 2022 Threat Report is an estimated 105% overall increase in YoY growth and up 239% since 2019. If RaaS groups were VC-backed startups, clearly they would be on the path to IPO. While numbers like this are difficult to fully source, the growth rates of ransomware continues on.

Lastly, SentinelOne researchers report that an Iran-aligned group has targeted VMware Horizon Log4J flaws to spread ransomware.

Subscribe to newsletter

Subscribe to receive the latest blog posts to your inbox every week.

By subscribing you agree to with our Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by attackers to stop attackers. The solution is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Interested in getting a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert