The Week in Ransomware – January 26th 2024 – Govts strike back

The Week in Ransomware - January 26th 2024 - Govts strike back

January 27, 2024 at 12:19PM

Governments imposed sanctions on ransomware operators this week. Australian, US, and UK governments sanctioned Aleksandr Ermakov for the 2022 Medibank hack with REvil. US sentenced Vladimir Dunaev to prison for TrickBot malware involvement. Multiple ransomware attacks and new variants were also reported this week, impacting various industries. Security researchers uncovered connections between 3AM ransomware, Conti syndicate, and Royal ransomware.

From the meeting notes, I have compiled the following key takeaways:

– Governments have taken action against ransomware operations, imposing sanctions and sentencing individuals to prison.

– Aleksandr Gennadievich Ermakov, a Russian national believed to be responsible for the 2022 Medibank hack and a member of the REvil ransomware group, has been sanctioned by the Australian, US, and UK governments.

– Vladimir Dunaev, another Russian national, has been sentenced to prison for his involvement in creating and distributing the TrickBot malware.

– Several large-scale ransomware attacks have occurred recently, impacting companies such as Tietoevry, Veolia North America, EquiLend, and loanDepot.

– Multiple new ransomware variants and operations have been identified, including 3AM, Cactus, Phobos, Frivinho0, backoff, and Kasseika.

– The use of artificial intelligence (AI) tools is predicted to escalate the threat of ransomware, according to the United Kingdom’s National Cyber Security Centre (NCSC).

– FAUST ransomware, another variant of Phobos, has been uncovered by FortiGuard Labs.

– New STOP ransomware variants with the .cdcc and .cdxx extensions have been identified by PCrisk.

Feel free to reach out if you need further clarification or additional information on any of these points.

Full Article

By proceeding you understand and give your consent that your IP address and browser information might be processed by the security plugins installed on this site.
×