Ransomware Roundup: 02.18.22

Written by
Halcyon Team
Published on
February 18, 2022

Not wanting to be outdone by last week’s influx of BlackCat related ransomware activity, the RaaS group known as BlackByte is back in the news after hitting the San Francisco 49ers’ and several US critical infrastructure sectors including government facilities, financial institutions and food & agriculture companies. Details are scant but some reports state that the criminal group has been leveraging multiple Microsoft Exchange Server vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) chained together, aka ProxyShell, for initial access into the victim organizations. The FBI and US Secret Service released a joint advisory (PDF) that includes Indicators of Compromise (IoCs) from the attacks.

While BlackByte was dealt a blow last year when Trustwave researchers released a free decryptor tool due to poor implementation of AES, it’s clear that the group has “improved” their ransomware offering and is back in business.

Emil Frey, Europe’s largest car dealer with over $3.29 billion USD in sales in 2020, was hit by the notorious Hive ransomware group in January. Hive is best known for attacking at least 28 healthcare organizations in 2021.  

It’s annual cyber threat report season and one interesting takeaway from SonicWall’s 2022 Threat Report is an estimated 105% overall increase in YoY growth and up 239% since 2019. If RaaS groups were VC-backed startups, clearly they would be on the path to IPO. While numbers like this are difficult to fully source, the growth rates of ransomware continues on.

Lastly, SentinelOne researchers report that an Iran-aligned group has targeted VMware Horizon Log4J flaws to spread ransomware.

Subscribe to receive the latest blog posts to your inbox every week.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

See All Blog Posts

Ransomware Roundup: 05.22.23

This week in ransomware news: Ransomware Shutters Philadelphia Inquirer; Bl00dy PaperCut Vulnerability Exploit; US Sanctions Ransomware Operator...

Read the Blog

Ransomware Roundup: 05.15.23

This week in ransomware news: White House Weighs Ban on Ransom Payments; Novel Cactus Ransomware Abuses VPNs; Akira Emerges with Ransom Chat Channel...

Read the Blog

Ransomware Roundup: 05.08.23

This week in ransomware news: ALPHV Monitored IR Communications; Ransomware Operators Automate Exploits; AvosLocker Broadcasts to Victims...

Read the Blog

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by offensive security experts to stop attackers. Our platform is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Ready to get a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert

Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.