Ransomware Roundup: 03.11.22

Written by

Halcyon Team

Published on

Mar 11, 2022

The FBI this week issued a FLASH alert warning relaying that at least 52 critical infrastructure organizations across 10 sectors had been ransomware’d by RagnarLocker, a group it last reported on in 2020. Along with new and updated IoCs, the alert details some new obfuscation techniques they used to evade detection by security tools as well as a bit of information that they can easily unhook endpoint agents used by MS(S)Ps. Not surprisingly the new information lays out how the ransomware specifically doesn't target devices located in Russia and other regions where cybercriminals operate with impunity.

‍

The continued analysis of the Conti ransomware group leaks has allowed a rare glimpse into the inner workings of the criminal gang including details about how they collectively were able to extort over $180M USD in 2021. Not only that, but the primary Bitcoin wallet associated with the group apparently contains over $2B USD. The most interesting parts of the leak, to us at least, is the banal nature of the organization. Internal chats and emails read like normal DevOps banter and coder humor. These groups that decimate hospitals and energy transport are shockingly ordinary in their structure, recruiting tactics, and business organization. Further insight has also revealed plenty of openly exposed git repos filled with internal software and tooling using by the group.

‍

The US Senate passed a large cybersecurity bill dubbed The Strengthening American Cybersecurity Act which covers a wide variety of cyber legislation that will affect all aspects of infosec from vulnerability management and reporting, penetration testing, financial reporting for ransomware incidents and more. Driven in part by the Colonial Pipeline hack, and no doubt impacted by the recent Russian invasion of Ukraine, the bill combined language from three separate bills into one. Additionally, it seems that any critical infrastructure breach must be reported to CISA within 72 hours, a charge that will undoubtedly be met with some resistance. While the bill still needs to pass the US House of Representatives, the White House has thrown its support behind the bi-partisan effort.

‍

A laptop screen with a message that says Take Zero Chances With Ransomware.

Get a Demo

Share this post

See All Blog Posts

See Halcyon in action

Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!

Let's get started

First Name

Last Name

Phone Number

Company Name

Job Title

Buying Timeframe

halcyon.ai is committed to protecting and respecting your privacy, and we’ll only use your personal information to administer your account and to provide the products and services you requested from us. From time to time, we would like to contact you about our products and services, as well as other content that may be of interest to you. If you consent to us contacting you for this purpose, please tick below to say how you would like us to contact you:

I agree to receive other communications from halcyon.ai and acknowledge Halcyon's privacy policy.

You may unsubscribe from these communications at any time. For more information on how to unsubscribe, our privacy practices, and how we are committed to protecting and respecting your privacy, please review our Privacy Policy.

By clicking submit below, you consent to allow halcyon.ai to store and process the personal information submitted above to provide you the content requested.

Back

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form.

Related Posts

Report: Ransomware Remains Most Costly Form of Attack

Play Ransomware Group Exploits Windows CLFS Zero-Day Vulnerability

Understanding BYOVD Attacks and Mitigation Strategies

Ransomware Attack Bypasses EDR with BYOI Technique

See Halcyon in action