Adrian Johnson
TL;DR:
After a brief decrease in ransomware attacks, new operations like RansomHub are ramping up attacks. Various companies like Change HealthCare, Omni Hotels, Nexperia, and Octapharma Plasma have been targeted. The Daixin team claimed the attack on Omni Hotels, while the FBI reported that the Akira ransomware operation earned $42 million. A Moldovan national was charged for operating a botnet used to push ransomware. United Nations Development Programme is investigating a cyberattack, and HelloKitty ransomware rebrands as HelloGookie. Details on new ransomware variants and ongoing incidents are provided.
Full Article:
While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. A relatively new operation called RansomHub gained media attention this week after a BlackCat affiliate used the newer operation’s data leak site to extort Change HealthCare once again. Change HealthCare allegedly already paid a ransom, which was stolen from an affiliate in an exit scam by the BlackCat/ALPHV ransomware operation. However, the affiliate behind the attack claims to have kept the stolen data and is now extorting the company again through RansomHub. So far, the Change Healthcare attack has cost UnitedHealth Group $872 million, with losses expected to continue.
Another disruptive attack we learned more about this week is the Daixin operation claiming the cyberattack on Omni Hotels. This attack caused the hotel chain to shut down its IT systems, impacting reservations and requiring hotel staff to let guests into their rooms. Other attacks targeted chipmaker Nexpira, the United Nations Development Programme (UNDP), Octapharma Plasma, and the Atlantic States Marine Fisheries Commission (ASMFC). In other news, the U.S. Justice Department charged a Moldovan national for running a large-scale botnet that infected thousands of computers and deployed ransomware.
Lastly, the FBI reported that the Akira ransomware operation had earned $42 million from 250+ victims, and the HelloKitty ransomware returned, rebranding as HelloGookie. Various new ransomware variants have been identified, and ongoing incidents like the IT “network issues” at Octapharma Plasma and cyberattack at the UNDP are being investigated. The article provides details on these incidents and developments in the ransomware landscape.
