December 29, 2023 at 03:40PM
Summary: This week, there was minimal research on ransomware, with focus on new attacks and LockBit affiliates targeting hospitals. Notable incidents include Yakult Australia’s cyber incident, Ohio Lottery’s system shutdown, LockBit attacks on German hospitals, and new ransomware variants discovered by PCrisk. Microsoft again disabled a protocol handler due to malware abuse. Nonprofit New York hospitals seek to retrieve data stored on a Boston cloud company’s servers post-ransomware attack.
Summary of Meeting Notes:
– Quiet week with threat actors apparently taking time off for the holidays.
– Not much research released on ransomware, focus on new attacks and LockBit affiliates targeting hospitals.
– Concerning news of LockBit affiliates increasingly targeting hospitals despite ransomware operation stating it’s against the rules.
– LockBit attacks on hospitals such as SickKids in Toronto, Germany, and New York detailed.
– Microsoft disabled the MSIX ms-appinstaller protocol handler due to ongoing abuse in malware campaigns.
– Various newly found ransomware variants and attacks detailed by PCrisk.
– Financially motivated 8base ransomware variant likely based on Phobos ransomware first appeared in May 2023.
– Not-for-profit hospitals in New York seeking court order to retrieve stolen data stored on Boston cloud storage servers.
Source: BleepingComputer, PCrisk, FortiRecon, Various Contributors
Date: December 27th – 29th, 2023