Another Week of Ransomware: 11-27-23

Posted by:

Ransomware. Todd Laff, Todd Laff ChicagoLast week in the wild world of ransomware, it was like the FBI and CISA teamed up to drop the mic on Royal Ransomware, Ransomware Attacks decided to take a stab at the healthcare industry (pun intended), and Rhysida operations joined the cyber circus. Let’s put on our humorous hats and dive into this digital drama!

Rhysida Ransomware Operations: The Cyber Carnival

So, imagine the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) joining forces to issue a blockbuster security advisory on Rhysida and Royal ransomware operations. It’s like a buddy cop movie but in the digital realm.

Rhysida, the new kid on the ransomware block, made its grand entrance in May 2023. Their game plan? Using virtual private networks (VPNs) to sneak into networks, they’re like the phantom burglars of the digital world. But here’s the kicker: they’re using stolen credentials to waltz through the virtual door, and they’ve got more tricks up their sleeves than a magician at a kid’s birthday party.

These cyber bandits are so sneaky; they even pull off the “living-off-the-land” act, blending in with normal Windows systems like they’re part of the furniture. Imagine your computer thinking they’re just another desk chair.

But wait, there’s more! They’re not just after your data; they’re into double extortion. They’ve got their very own secret hideouts on the dark web—a leaks site and a victim support portal on TOR. And guess what’s on their menu? A buffet of industries, including healthcare, education, government, manufacturing, and tech. It’s like they’re at an all-you-can-eat data buffet.

What’s wild is that they pretend to be the good guys, like cybersecurity experts sent from the heavens to help organizations find their security flaws. It’s like a burglar dressing up as a locksmith and offering to fix your front door.

As for their ransom demands, it’s a secret for now, but they’re flaunting some high-tech moves. From outsmarting antivirus software to wiping out Volume Shadow Copies (VSS) like it’s a digital magic trick, they’ve got the skills. They even know how to tweak your Remote Desktop Protocol (RDP) settings—talk about audacity!

These guys aren’t just script kiddies; they’re deploying sophisticated tools like Cobalt Strike and abusing PSExec for their cyber capers. They’re like the James Bonds of ransomware, with a 4096-bit RSA key and AES-CTR for file encryption.

Their VIP victim list reads like a who’s who of the digital world: Pierce College, Ejercito de Chile, Axity, Ministry of Finance Kuwait, Prince George’s County Public Schools, Ayuntamiento de Arganda City Council, and Comune di Ferrara. Clearly, they don’t discriminate; they’re here to party with everyone.

But hold your cyber-horses; compared to the big shots in the ransomware world, Rhysida is still practicing in the kiddie pool. They’re more like opportunistic attackers, hanging out with the rookie squad.

Ransomware’s Prescription for Healthcare Chaos: Paging Dr. Cyber

Now, picture this: Ransomware Attacks decide to stroll into the healthcare sector. Since 2016, they’ve made healthcare organizations their favorite playground. They’ve snagged over 52 million patient records and caused a staggering $80 billion in network downtime losses. It’s like they’re playing Operation but with our healthcare systems!

Healthcare facilities, like CommonSpirit Health, got the short end of the stick, with a minimum bill of $160 million. These ransomware folks don’t care if you’re saving lives; they just want to save their own bank accounts.

Why healthcare, you ask? Well, it’s because they know it’s like a house of cards – tight budgets, short-staffed on cybersecurity, and vulnerable as ever. It’s like picking on the little guy just because you can.

And here’s the kicker: they’re not stopping anytime soon. More healthcare providers are in their crosshairs, and that’s bad news for patients who can’t afford to wait for treatment. Three weeks of downtime in the medical world is like a lifetime.

Royal Ransomware: The Crown Jewels of Cyber Heists

Now, imagine a gang of cyber-crooks, the FBI, and CISA are calling “royalty.” Royal Ransomware has been on a global rampage since September 2022, targeting over 350 known victims and demanding a ransom of over $275 million USD. These guys are like the Tony Starks of the ransomware world but without the charm.

Their playbook includes disabling antivirus software, stealing boatloads of data, and even setting up their own digital flea market for victim data. If you don’t pay, they’ll turn your digital secrets into front-page news. Ransom demands range from a humble $1 million to a jaw-dropping $11 million in bitcoin. It’s like they’re running a digital garage sale, but you better pay up.

They may have taken a short coffee break in Q3 of 2023, but they’re back with a vengeance. Now they’re even going after Linux systems and VMWare ESXi servers. These guys are like digital chameleons, always adapting.

They’ve got a bag of tricks too, from Nsudo to PowerShell, and they’re not afraid to use them. They love to target small to medium-sized organizations in manufacturing, communications, healthcare, and education. They’re like the bullies in the digital schoolyard.

And what’s the takeaway here? The FBI and CISA are telling us to step up our cybersecurity game because these ransomware folks are turning into the Avengers of the cyber world. Reports like these should remind us that the digital battlefield is real, and it’s time to suit up and defend our digital kingdoms.

In the end, it’s all about staying one step ahead of the cyber bad guys. So, folks, keep your antivirus updated, your passwords strong, and your digital doors locked. Because in this cyber game, we’re all players, and the only way to win is to outsmart the hackers!


About the Author:

Online Security Expert Todd Laff reviews online hacks and security issues and how to protect yourself and secure your network.
  Related Posts