Ransomware Roundup: 02.25.22

February 25, 2022
Written by Halcyon Research Team

It comes as no surprise that we’re seeing ransomware attacks against Ukraine this week and while attribution is usually a fool’s errand, it’s not a stretch to assume these attacks help one very specific actor.

The use of ransomware as a cover for HermeticWiper has been noted by several firms, most notably Symantec, ESET, and SentinelOne who have provided excellent write-ups on the samples. The malware leverages drivers for a popular disk management application, uses seemingly legitimate code-signing certificates, and was compiled several months before the current crisis in Ukraine - take what you will from that last fact. Reports indicate that several sectors were targeted including financial, defense, aviation, and IT services and that ransomware was used as a cover story with the real intent being to destroy data.

Politco reports that the Conti team has vowed to support the Russian government and would use “all possible resources to strike back at the critical infrastructure of an enemy”. The group behind the ever-popular Conti ransomware is best known for hitting hospitals around the world last year.

NBC and others report that President Joe Biden was presented with cyberattack options to disrupt Russian military operations in Ukraine including cyber effects that impact power, transport, and resupply logistics. In response to additional Russian sanctions, the White House via DHS has started to warn business about the possibility of ransomware attacks as retaliation with CISA issuing a "shields up" alert.

Big Mac fans will be dismayed by a report that the Snatch gang hit McDonald's and is holding ~500GB of corporate data for ransom.

It will not be an easy weekend for SOC teams and IT departments, please send your security colleagues plenty of caffeine-infused beverages.

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by offensive security experts to stop attackers. Our platform is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Ready to get a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert

Cookie Consent

By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.