New tactics and the big picture. The Week in Ransomware – Monday, Oct 3, 2022

Getting the “big picture” – an interactive map of ransomware attacks

We get used to reading statistics about growth in ransomware, but as has been said many times, a picture is worth a thousand words.

Comparitech, which describes itself as a “pro-consumer” research company has created a world-wide map of ransomware attacks. They state that it is “updated daily” and pinpoints the location of attacks from 2018 to the current day. They get this data from searching “through country reports, industry news, and cybersecurity databases to find the latest ransomware attacks on worldwide businesses, healthcare organizations, educational institutions, and government agencies.”

The map is interactive, allowing the user to pull back and take in the big picture or drill down to specific areas and right down to individual attacks. Each attack has additional information including the industry, the number of records, the ‘strain’, the date and even whether, to the best of their research, the ransom was actually paid.

The map uses colour coding to look at industries. It allows the user to filter by year and whether the ransom was paid.

The site has a number of other graphical displays of data. One of these shows the number of attacks by Ransomware Strain.To see these and more, you can go to the Comparitech site and their global ransomware attacks page.

“Dollars better spent on students” = Data is released after LA school district refuses to pay ransom

The Los Angeles Unified School District confirmed that that the Vice Society ransomware gang has published data stolen in an attack in early September. Superintendent Alberto M. Carvallo confirmed the release of data in a Twitter post, stating, “Unfortunately, as expected, data was recently released by a criminal organization. In partnership with law enforcement, our experts are analyzing the full extent of this data release.”

A statement posted by the district noted that they had refused to pay the ransom. “Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate. We continue to make progress toward full operational stability for several core information technology services.”

The school district has set up a hotline for concerned students and parents at 855-926-1129, and noted several twitter accounts that can be followed for up to date information, including @laschools.

Data destruction new tactic from Colonial Pipeline attackers

A ransomware gang is using a new tactic to encourage victims to pay: it destroys data on servers instead of encrypting it, refusing to return the copies it stole if its ransom demands are not met.

This eliminates a strategy used to thwart some ransomware attacks: finding and using publicly available decryption keys. This new attack instead threatens to permanently destroy the data.

Cybersecurity analysts discovered this new strategy when looking at an attack by the BlackCat gang (also known as ALPHV).  It is believed that BlackCat is a successor to the Darkside gang, believed to be the instigators of the Colonial Pipelines attack last year.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Jim Love
Jim Lovehttp://www.changethegame.ca
I've been in IT and business for over 30 years. I worked my way up, literally from the mail room and I've done every job from mail clerk to CEO. Today I'm CIO and Chief Digital Officer of IT World Canada - Canada's leader in ICT publishing and digital marketing.

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.