Ransomware Roundup: 03.11.22

Written by
Halcyon Team
Published on
March 11, 2022

The FBI this week issued a FLASH alert warning relaying that at least 52 critical infrastructure organizations across 10 sectors had been ransomware’d by RagnarLocker, a group it last reported on in 2020. Along with new and updated IoCs, the alert details some new obfuscation techniques they used to evade detection by security tools as well as a bit of information that they can easily unhook endpoint agents used by MS(S)Ps. Not surprisingly the new information lays out how the ransomware specifically doesn't target devices located in Russia and other regions where cybercriminals operate with impunity.

The continued analysis of the Conti ransomware group leaks has allowed a rare glimpse into the inner workings of the criminal gang including details about how they collectively were able to extort over $180M USD in 2021. Not only that, but the primary Bitcoin wallet associated with the group apparently contains over $2B USD. The most interesting parts of the leak, to us at least, is the banal nature of the organization. Internal chats and emails read like normal DevOps banter and coder humor. These groups that decimate hospitals and energy transport are shockingly ordinary in their structure, recruiting tactics, and business organization. Further insight has also revealed plenty of openly exposed git repos filled with internal software and tooling using by the group.

The US Senate passed a large cybersecurity bill dubbed The Strengthening American Cybersecurity Act which covers a wide variety of cyber legislation that will affect all aspects of infosec from vulnerability management and reporting, penetration testing, financial reporting for ransomware incidents and more. Driven in part by the Colonial Pipeline hack, and no doubt impacted by the recent Russian invasion of Ukraine, the bill combined language from three separate bills into one. Additionally, it seems that any critical infrastructure breach must be reported to CISA within 72 hours, a charge that will undoubtedly be met with some resistance. While the bill still needs to pass the US House of Representatives, the White House has thrown its support behind the bi-partisan effort.

Subscribe to receive the latest blog posts to your inbox every week.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Posts

See All Blog Posts

Ransomware Roundup: 05.22.23

This week in ransomware news: Ransomware Shutters Philadelphia Inquirer; Bl00dy PaperCut Vulnerability Exploit; US Sanctions Ransomware Operator...

Read the Blog

Ransomware Roundup: 05.15.23

This week in ransomware news: White House Weighs Ban on Ransom Payments; Novel Cactus Ransomware Abuses VPNs; Akira Emerges with Ransom Chat Channel...

Read the Blog

Ransomware Roundup: 05.08.23

This week in ransomware news: ALPHV Monitored IR Communications; Ransomware Operators Automate Exploits; AvosLocker Broadcasts to Victims...

Read the Blog

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by offensive security experts to stop attackers. Our platform is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Ready to get a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert

Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.