September 2022 was a bad month for ransomware. Times change but you need to stay vigilant.
September 2022 proved to be another hectic month in an ongoing trend of increasing ransomware incidents. Beazley Security saw a massive uptick in cases with what may be a record: nearly 50 victims posted in 24 hours.
The LockBit 3.0 ransomware group has been the primary player, accounting for over 30% of all the ransomware events Beazley Security has recorded in 2022 so far. These groups are also enhancing their capabilities considerably; Beazley Security has noted advancements in ransomware that, among other issues, make them more difficult to detect via off-the-shelf tools.
It’s not all positive for these groups, however. Word on the web is that a massive, distributed denial-of-service (DDOS) attack has been ongoing against these groups. Beazley Security has noticed a significant increase in the response times of ransomware groups over the past month, likely because of these attacks. In some instances, contact with these groups has completely stalled, with victims receiving no response from threat actors normally eager to start the negotiation process.
Beazley Security continues to recommend that organizations take immediate action to ensure they are well-postured to defend against a ransomware event. Ensure that modern security appliances and controls are in place and up to date. In addition, regular ransomware readiness assessments or tabletop exercises can help ensure that organization’s security personnel are ready for the real deal.
Ransomware data theft tool may show a shift in extortion tactics
A recent analysis of a data exfiltration tool has alarming implications: threat actors may soon destroy data completely after exfiltration, leaving no room for data recovery outside of backups or paying the ransom.
Lockbit, ALPHV, and other ransomware gang leak sites hit by DDoS attacks
Various ransomware groups have been the target of DDoS attacks from an unknown source.
Lockbit 3.0’S ransomware surge highlights that the cybercrime epidemic is far from over
LockBit 3.0 is on the rise, with over 40% of the cases in August tied to the group. This trend is expected to continue into September.
New PsExec spinoff lets hackers bypass network security defenses
Researchers have built a version of PsExec that works over port 135 exclusively. Beazley Security recommends that organization review their mitigation strategies of remote management tools.
"During this surge, the LockBit 3.0 ransomware group has been the primary player, accounting for over 30% of all the ransomware events we witnessed."
