October 13, 2023 at 06:31PM
Ransomware attacks on enterprises are causing disruption and data breaches. Recent attacks include Air Canada being targeted by BianLian, and state courts in Northwest Florida being attacked by ALPHV. Simpson Manufacturing experienced a cybersecurity incident, and a threat actor leaked the source code for the Hello Kitty ransomware. Ransomware trends show a significant increase, and the FBI shared details about the AvosLocker ransomware. WS_FTP servers are now being targeted in encryption-focused attacks. Various contributors provided information and stories about ransomware.
Meeting Takeaways:
1. Ransomware attacks on enterprises continue to be a major issue, causing disruptions and data breaches.
2. Recent attacks include Air Canada being targeted by BianLian and state courts in Northwest Florida being attacked by ALPHV.
3. Simpson Manufacturing experienced a cyberattack that resulted in IT system shutdown, but it is not confirmed as a ransomware attack.
4. Source code for the first version of Hello Kitty ransomware has been released, with a claim of developing a new rival to LockBit.
5. A Q3 2023 Ransomware Trends Summary highlights the exponential growth of ransomware attacks.
6. The FBI shared information about the AvosLocker ransomware, including technical details, defense tips, and IOCs.
7. Ransomware attacks are now targeting unpatched WS_FTP servers, focusing more on encryption rather than data theft.
8. Various contributors shared new ransomware information and stories, including @fwosar, @demonslay335, @billtoulas, and others.
9. PCrisk discovered new variants of STOP ransomware that append different extensions to encrypted files.
10. Air Europa, a Spanish airline, suffered a data breach, resulting in customers being advised to cancel credit cards.
11. BianLian claims to have stolen 210GB of data from Air Canada.
12. Simpson Manufacturing disclosed a cybersecurity incident that caused disruptions in operations.
13. AhnLab Security Emergency Response Center (ASEC) is actively responding to the Magniber malware, which is distributed using typosquatting methods.
14. Q3 2023 set a new record as the most successful quarter for the ransomware industry.
15. The U.S. government updated the list of tools used by AvosLocker ransomware affiliates in attacks.
16. Internet-exposed unpatched WS_FTP servers are now targeted in ransomware attacks.
17. That concludes the meeting notes. Have a great weekend!