Getting the “big picture” – an interactive map of ransomware attacks
We get used to reading statistics about growth in ransomware, but as has been said many times, a picture is worth a thousand words.
Comparitech, which describes itself as a “pro-consumer” research company has created a world-wide map of ransomware attacks. They state that it is “updated daily” and pinpoints the location of attacks from 2018 to the current day. They get this data from searching “through country reports, industry news, and cybersecurity databases to find the latest ransomware attacks on worldwide businesses, healthcare organizations, educational institutions, and government agencies.”
The map is interactive, allowing the user to pull back and take in the big picture or drill down to specific areas and right down to individual attacks. Each attack has additional information including the industry, the number of records, the ‘strain’, the date and even whether, to the best of their research, the ransom was actually paid.
The map uses colour coding to look at industries. It allows the user to filter by year and whether the ransom was paid.
The site has a number of other graphical displays of data. One of these shows the number of attacks by Ransomware Strain.To see these and more, you can go to the Comparitech site and their global ransomware attacks page.
“Dollars better spent on students” = Data is released after LA school district refuses to pay ransom
The Los Angeles Unified School District confirmed that that the Vice Society ransomware gang has published data stolen in an attack in early September. Superintendent Alberto M. Carvallo confirmed the release of data in a Twitter post, stating, “Unfortunately, as expected, data was recently released by a criminal organization. In partnership with law enforcement, our experts are analyzing the full extent of this data release.”
A statement posted by the district noted that they had refused to pay the ransom. “Los Angeles Unified remains firm that dollars must be used to fund students and education. Paying ransom never guarantees the full recovery of data, and Los Angeles Unified believes public dollars are better spent on our students rather than capitulating to a nefarious and illicit crime syndicate. We continue to make progress toward full operational stability for several core information technology services.”
The school district has set up a hotline for concerned students and parents at 855-926-1129, and noted several twitter accounts that can be followed for up to date information, including @laschools.
Data destruction new tactic from Colonial Pipeline attackers
A ransomware gang is using a new tactic to encourage victims to pay: it destroys data on servers instead of encrypting it, refusing to return the copies it stole if its ransom demands are not met.
This eliminates a strategy used to thwart some ransomware attacks: finding and using publicly available decryption keys. This new attack instead threatens to permanently destroy the data.
Cybersecurity analysts discovered this new strategy when looking at an attack by the BlackCat gang (also known as ALPHV). It is believed that BlackCat is a successor to the Darkside gang, believed to be the instigators of the Colonial Pipelines attack last year.