Ransomware Roundup: 06.03.22

This week’s round up…

‍

• Costa Rica’s reprieve from ransomware much shorter than probably desired
• Meanwhile, in Russia ...
• Report finds two-thirds of respondents were victims of a ransomware attack
• Ransomware disrupts manufacturing for Foxconn
• Conti linked Karakut extortion group charges as much as $25 million for stolen data
  ‍

Costa Rica’s reprieve from ransomware much shorter than probably desired

‍

Costa Rica remains beleaguered by ransomware actors. Previously, the “former” Conti Group – in quotes as the cyber criminals behind that group have certainly moved elsewhere and not to more noble professions – hobbled multiple national agencies with a ransomware attack before ostensibly abating their efforts by taking down key pieces of their infrastructure. This gave the Central American country a week of relative calm before the Hive group attacked the Costa Rican Social Security fund, reported Jonathan Greig at The Record.

‍

“The fact that Hive’s ransomware seems to have now been used in an attack on another agency supports the claim of other researchers that Hive and Conti have developed some form working relationship,” Emsisoft threat analyst and ransomware expert Brett Callow said. “At the very least, it would appear that the groups share an affiliate… as the data that was stolen in a couple of recent incidents was uploaded to both Conti and Hive’s leak sites.”

‍

As the week progressed, the effects of the attack spiraled. Carly Page at Tech Crunch reported, “Several employees of the CCSS said they were told to shut down their computers after all of their printers began spitting out unintelligible documents. Another employee said that as a result of the attack, COVID-19 results cannot currently be reported.

‍

Meanwhile, Costa Rican citizens are suffering reports Carla Rosch at Rest of World – a non-profit journalism organization.

‍

Rosch paints a vivid picture of the damage to everyday people in the article: “Marianella Vargas buys special supplies online for her three-year-old son, Felipe, who is autistic, to help him express himself. But since an extensive cyberattack disrupted the Costa Rican government on April 18, she has not been able to receive the visual communication cards and special potty-training shoes she ordered for him. ‘At my son’s age, every day counts for his learning and development’."

‍

Meanwhile, in Russia …

‍

Any lingering hopes that the Russian Justice System would throw the book at the REvil gang were dashed this week because, according to the headline posted to the Russian news outlet Kommersant, “America doesn’t care about Russian Hackers.”

‍

“Russia arrested eight members of the REvil group in January based on tips from U.S. intelligence. According to Kommersant, the U.S. has not continued to engage with Russia. The Department of Justice declined to comment on the matter. The REvil defendants, linked to attacks on major corporations and supply chain nodes, will now only be charged with credit card fraud against two Mexican citizens living in America,” Joe Uchill reported in an article on SC Media.

‍

The REvil bust in Jan. 2022 offered a brief glimmer of hope for legal consequences for ransomware actors.

‍

Report finds two-thirds of respondents were victims of a ransomware attack

‍

‍Research conducted by Sophos revealed sobering statistics of the ransomware landscape, including greater ransom amounts, more organizations paid ransoms and an increased overall number of ransomware attacks.

‍

“The increase in successful ransomware attacks is part of an increasingly challenging broader threat environment: over the last year 57% experienced an increase in the volume of cyberattacks overall, 59% saw the complexity of attacks increase, and 53% said the impact of attacks had increased. 72% saw an increase in at least one of these areas,” Sophos researchers wrote in the report.

‍

It is worth noting that the data collected from 5600 respondents in 31 countries. While not completely representative of the entirety of the world, this seems to jive with the trends seen by, well … everyone.

‍

Ransomware disrupts manufacturing for Foxconn

‍

‍Bill Toulas at Bleeping Computer reports that LockBit struck factories in Mexico owned by Foxconn, the manufacturer of electronics found in many well-known products. The ransomware actors posted a threat to post stolen data on their leaks site, which indicates that the manufacturing company is either in negotiations with the gang or working through recovery measures.  

According to the article, “Foxconn has assured that the impact on its overall operations will be minimal, and the recovery will unfold according to a pre-determined plan.”

‍

Conti linked Karakut extortion group charges as much as $25 million for stolen data

‍

The United States FBI, CISA and Treasury department reported that the ransomware-adjacent actors Karakut  – who is believed to have ties to Conti – extort victims for as much as $25 million. According to an article posted by Jonathan Greig at The Record, “Ivan Righi, senior cyber threat intelligence analyst at Digital Shadows, said that since the release of the Karakurt Hacking Team data-leak site, the gang has named more than 80 organizations as attempted extortion victims.”

‍

This is a sobering glimpse into the extended cost of ransomware given both the number of attacks and the minimum reported asking price of $25,0000 tolled by Karakut.

‍

Thanks to the reporters and researchers

‍

Shout out to the following people for their original reporting and research referenced in this week’s Ransomware Roundup.

‍Jonathan Greig at The Record - Recorded Future for their reporting on Costa Rican Social Security Fund hit with ransomware attack and US Agencies: Karakurt extortion group demanding up to $13 million in attacks.  

• LinkedIn
• Twitter

Carly Page at Tech Crunch for their reporting on Costa Rica’s public health system hit by Hive ransomware following Conti attacks

• LinkedIn
• Twitter

Carla Rosch at Rest of World for their reporting on A massive cyberattack in Costa Rica leaves citizens hurting.

• LinkedIn
• Twitter

Joe Uchill at SC Media for their reporting on Russia nixes US charges against REvil defendants as cooperation fizzles.

• LinkedIn
• Twitter

The Associated Press for publishing a press release by Sophos titled Ransomware Attacks on Healthcare Organizations Increased 94% in 2021, According to Sophos Global Survey.

• LinkedIn
• Twitter

Sally Adam at Sophos for their reporting on The State of Ransomware 2022.

• LinkedIn

Bill Toulas at Bleeping Computer for their reporting on Ransomware attack on nonprofit causes data breach of 500,000 students, teachers in Chicago.

• LinkedIn
• Twitter