The Week in Ransomware – March 3rd 2023 – Wide impact attacks
This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile.
The attack started on February 23rd, forcing the company to shut down portions of its IT systems, causing widespread outages among its services.
However, it wasn’t until February 28th that DISH finally confirmed that they suffered a ransomware attack, with multiple sources telling BleepingComputer that the Black Basta ransomware gang was responsible.
The other big news item was a report that the U.S. Marshals service suffered a ransomware attack, including data theft. It is not known what ransomware operation is behind the attack.
Finally, the White House unveiled its new U.S. national cybersecurity strategy, with a strong emphasis on targeting ransomware operations.
Other ransomware attacks we learned more about this week include ones on the City of Oakland, the Indigo book store chain, Tennessee State University and Southeastern Louisiana University, and the Clop data theft at Hatch Bank.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @DanielGallagher, @Ionut_Ilascu, @fwosar, @struppigel, @Seifreed, @demonslay335, @LawrenceAbrams, @malwrhunterteam, @BleepinComputer, @FourOctets, @PolarToffee, @billtoulas, @jorntvdw, @serghei, @juanbrodersen, @CISAgov,jgreigj, @Bitdefender, @cyfirma, @jgreigj, and @pcrisk.
February 25th 2023
Dish Network goes offline after likely cyberattack, employees cut off
American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours.
February 27th 2023
New Exfiltrator-22 post-exploitation kit linked to LockBit ransomware
Threat actors are promoting a new ‘Exfiltrator-22’ post-exploitation framework designed to spread ransomware in corporate networks while evading detection.
U.S. Marshals Service investigating ransomware attack, data theft
The U.S. Marshals Service (USMS) is investigating the theft of sensitive law enforcement information following a ransomware attack that has impacted what it describes as “a stand-alone USMS system.”
New VoidCrypt variant
PCrisk found a new VoidCrypt variant that appends the .lilmoon extension and drops a ransom note named Dectryption-guide.txt.
New 726 Ransomware
PCrisk found a ransomware that appends the ..726 and driops a ransom note named RECOVER-FILES-726.html.
February 28th 2023
Dish Network confirms ransomware attack behind multi-day outage
Satellite broadcast provider and TV giant Dish Network has finally confirmed that a ransomware attack was the cause of a multi-day network and service outage that started on Friday.
New MortalKombat ransomware decryptor recovers your files for free
Cybersecurity company Bitdefender has released a free MortalKombat ransomware decryptor that victims can use to restore their files without paying a ransom.
March 1st 2023
Canadian book giant says employee data was stolen during ransomware attack
Canadian bookseller Indigo denied that any customer data was stolen last month during a ransomware attack that took down its website. Data from the multibillion-dollar company’s workers, however, didn’t fare as well.
New Chaos ransomware variant
PCrisk found a new Chaos variant that appends the .skull extension and drops a ransom note named read_it.txt.
March 2nd 2023
Hatch Bank discloses data breach after GoAnywhere MFT hack
Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company’s Fortra GoAnywhere MFT secure file-sharing platform.
White House releases new U.S. national cybersecurity strategy
The Biden-Harris administration today released its national cybersecurity strategy that focuses on shifting the burden of defending the country’s cyberspace towards software vendors and service providers.
Tennessee State, Southeastern Louisiana universities hit with cyberattacks
Two universities in Tennessee and Louisiana are struggling with cyberattacks that have crippled campus services and left students scrambling to find alternative tools.
New STOP ransomware variants
PCrisk found new STOP ransomware variants that append the .gosw and .goaq extensions.
March 3rd 2023
Play ransomware claims disruptive attack on City of Oakland
The Play ransomware gang has taken responsibility for a cyberattack on the City of Oakland that has disrupted IT systems since mid-February.
LockBit published the data stolen from La Segunda: there are judicial files, expert reports and medical data
LockBit , one of thelargest ransomware groups in the world, published sensitive information from the Rosario insurance company La Segunda : there are judicial files, expert reports and sensitive medical data of affiliates, among others.
New MedusaLocker ransomware variant
PCrisk found a new MedusaLocker ransomware variants that appends the .skynetwork8 extension.
New STOP ransomware variant
PCrisk found a new STOP ransomware variant that appends the .goba extension.
That’s it for this week! Hope everyone has a nice weekend!
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on Patreon using the button below
To keep up to date follow us on the below channels.