Last Week in Ransomware: 12/16/2024 – Cyber Heists, Government Sanctions, and Energy Sector Woes

Posted by:

Last week in ransomware news, we saw Black Basta make its mark on BT Group, a Romanian energy company caught in the crosshairs of cybercriminals, and the U.S. government hitting a Chinese security firm with sanctions. The plot thickens, and not in a good way. Grab your coffee, because it’s time to dive into the latest and greatest in digital mayhem.

Black Basta Strikes BT Group: No Tea, Just Data

In what can only be described as a “technical glitch” with dramatic flair, BT Group, the UK’s telecom behemoth, confirmed it was the latest victim of a ransomware attack from the notorious Black Basta group. While BT insists it was “just a minor inconvenience” (sure, sure), the group didn’t hesitate to grab headlines with a bold claim: 500GB of sensitive data, including financial records and personal documents, were swiped faster than you can say “VPN.”

BT quickly pulled the affected servers offline, saying the breach was “isolated and contained. ” This sounds eerily like the digital equivalent of saying, “Don’t worry; I totally have everything under control.” But Black Basta isn’t having any of it. They claim that they took the data, snapped some screenshots, and are now threatening to sell it to the highest bidder on the dark web. Classic.

Known for its double-extortion tactics (ransom demand and data leak—because why not pile on?), Black Basta is no stranger to this line of work. With a whopping $107 million in revenue from over 500 attacks, they’re kind of like the “Wolf of Wall Street” of ransomware. They target everyone from healthcare to manufacturing, and their encryption game? Let’s just say it’s more secure than a bank vault with a retina scan, voice recognition, and a biometric lock.

Romanian Energy Provider: The Lights Almost Went Out

Meanwhile, in Romania, Electrica Group, the country’s leading electricity distributor, is currently engaged in a real-time game of “who can stop the ransomware attack before it hits critical systems.” Serving over 3.8 million customers, Electrica is no stranger to the pressures of keeping the lights on, literally and figuratively.

Despite confirming that the attack is “in progress” (as if ransomware has a start and end time like a soccer match), Electrica reassured the public that their SCADA systems—those things that control and monitor energy grids—remain safe. So, no need to panic about power outages… at least not because of ransomware. CEO Alexandru Aurelian Chirita, however, did admit that some minor service disruptions had occurred while they implemented precautionary measures. Let’s hope they don’t end up needing to switch to manual control like RECOPE did in Costa Rica. We’ve all seen how that goes in the movies: a few bad decisions, and suddenly it’s Mad Max but with electric grids.

Electrica is currently working with national cybersecurity authorities, which is code for “crossing fingers and hoping for the best.” This attack highlights the growing trend of ransomware targeting energy providers. Because, you know, what’s more fun than messing with critical infrastructure and potentially endangering public safety?

U.S. Sanctions Chinese Firm for Ragnarok Ransomware Attacks

On the international front, the U.S. Treasury decided to throw some serious shade at Sichuan Silence, a Chinese cybersecurity firm (and apparently, a ransomware enthusiast). The company, along with its employee Guan Tianfeng (aka “GBigMao”—because who wouldn’t want a cyber alias like that?), was sanctioned for its involvement in the infamous Ragnarok ransomware attacks back in April 2020.

Ragnarok, for those who didn’t know, is the cybersecurity equivalent of unleashing a digital hurricane on the world. By exploiting a zero-day vulnerability in Sophos XG firewalls (you know, the kind of vulnerability that keeps network admins up at night), the attackers managed to compromise around 81,000 firewalls globally, including 23,000 in the U.S. This was no small-time hack; they were targeting critical U.S. infrastructure, including energy companies. Who knew the next great cyber battle would involve firewalls and not, say, gladiators?

The DOJ has unsealed an indictment against Guan, and the U.S. State Department is offering a $10 million reward for anyone who can turn him in. Yes, $10 million. That’s more than enough to buy a small country… or at least a decent number of pizza deliveries. Meanwhile, Sichuan Silence is also linked to spreading misinformation, including some spicy COVID-19 conspiracy theories. So it seems their hobbies range from cyberattacks to playing a bit of geopolitical chess.

With these sanctions, the U.S. is basically saying, “Don’t mess with us” by freezing any assets associated with the firm and blocking U.S. entities from doing business with them. It’s a strategic move to disrupt their operations, and considering the growing threat of state-backed ransomware, this is just the beginning of a much larger cyber-cold war.

The Takeaway: Ransomware’s Getting More Creative (And Dangerous)

From Black Basta’s audacious moves against BT Group to the international drama surrounding Sichuan Silence, it’s clear that ransomware isn’t just a problem for the little guys anymore. Major corporations, critical infrastructure, and even governments are now being targeted with sophisticated attacks designed not only to steal data but to wreak havoc on entire systems.

The lesson? The next time you think “It’ll never happen to me,” remember that ransomware is out there, and it’s getting more creative—and possibly more expensive—by the day. And while we can’t promise you’ll never be a target, we can suggest investing in a good backup strategy and keeping your cybersecurity game as tight as a drum.

Until next week, stay safe out there, and remember: it’s not paranoia if the cybercriminals are actually after you.

0

About the Author:

Online Security Expert Todd Laff reviews online hacks and security issues and how to protect yourself and secure your network.
  Related Posts