Ransomware Roundup: 03.11.22

The FBI this week issued a FLASH alert warning relaying that at least 52 critical infrastructure organizations across 10 sectors had been ransomware’d by RagnarLocker, a group it last reported on in 2020. Along with new and updated IoCs, the alert details some new obfuscation techniques they used to evade detection by security tools as well as a bit of information that they can easily unhook endpoint agents used by MS(S)Ps. Not surprisingly the new information lays out how the ransomware specifically doesn't target devices located in Russia and other regions where cybercriminals operate with impunity.

The continued analysis of the Conti ransomware group leaks has allowed a rare glimpse into the inner workings of the criminal gang including details about how they collectively were able to extort over $180M USD in 2021. Not only that, but the primary Bitcoin wallet associated with the group apparently contains over $2B USD. The most interesting parts of the leak, to us at least, is the banal nature of the organization. Internal chats and emails read like normal DevOps banter and coder humor. These groups that decimate hospitals and energy transport are shockingly ordinary in their structure, recruiting tactics, and business organization. Further insight has also revealed plenty of openly exposed git repos filled with internal software and tooling using by the group.

The US Senate passed a large cybersecurity bill dubbed The Strengthening American Cybersecurity Act which covers a wide variety of cyber legislation that will affect all aspects of infosec from vulnerability management and reporting, penetration testing, financial reporting for ransomware incidents and more. Driven in part by the Colonial Pipeline hack, and no doubt impacted by the recent Russian invasion of Ukraine, the bill combined language from three separate bills into one. Additionally, it seems that any critical infrastructure breach must be reported to CISA within 72 hours, a charge that will undoubtedly be met with some resistance. While the bill still needs to pass the US House of Representatives, the White House has thrown its support behind the bi-partisan effort.

The Halcyon Platform

Halcyon is the industry’s first dedicated, adaptive security platform focused specifically on stopping ransomware attacks. Halcyon is built by offensive security experts to stop attackers. Our platform is a lightweight agent that combines multiple proprietary advanced prevention engines along with AI models trained solely on ransomware.

Ready to get a demo? Fill out the form and let’s talk!

Get a Demo

Meet with a Halcyon Anti-Ransomware Expert