Related Research Articles
Ransomware is a type of malware that encrypts the victim's personal data until a ransom is paid. They commonly use difficult-to-trace digital currencies such as paysafecard or Bitcoin and other cryptocurrencies are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Sometimes the original files can be retrieved without paying the ransom due to implementation mistakes, leaked cryptographic keys or a complete lack of encryption in the ransomware.
The Internet has a long history of turbulent relations, major maliciously designed disruptions, and other conflicts. This is a list of known and documented Internet, Usenet, virtual community and World Wide Web related conflicts, and of conflicts that touch on both offline and online worlds with possibly wider reaching implications.
Bitdefender is a multinational cybersecurity technology company dual-headquartered in Bucharest, Romania and Santa Clara, California, with offices in the United States, Europe, Australia and the Middle East.
The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It was propagated using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.
REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.
DarkSide is a cybercriminal hacking group, believed to be based in Russia, that targets victims using ransomware and extortion; it is believed to be behind the Colonial Pipeline cyberattack. The group provides ransomware as a service.
On 14 May 2021, the Health Service Executive (HSE) of Ireland suffered a major ransomware cyberattack which caused all of its IT systems nationwide to be shut down.
Conti is malware developed and first used by the Russia-based hacking group "Wizard Spider" in December, 2019. It has since become a full-fledged ransomware-as-a-service (RaaS) operation used by numerous threat actor groups to conduct ransomware attacks.
Wizard Spider, also known as Trickbot, DEV-0193, UNC2053, or Periwinkle Tempest, was a cybercrime group based in and around Saint Petersburg in Russia. Some members may be based in Ukraine. They are estimated to number about 80, some of them may not know they are employed by a criminal organisation.
On 2 July 2021, a number of managed service providers (MSPs) and their customers became victims of a ransomware attack perpetrated by the REvil group, causing widespread downtime for over 1,000 companies. The attack was carried out by exploiting a vulnerability in VSA, a remote monitoring and management software package developed by Kaseya. Two suspects were identified and one sentenced.
Beginning on the night (UTC-6:00) of April 17, 2022, a ransomware attack began against nearly 30 institutions of the government of Costa Rica, including its Ministry of Finance, the Ministry of Science, Innovation, Technology and Telecommunications (MICITT), the National Meteorological Institute, state internet service provider RACSA, the Costa Rican Social Security Fund, the Ministry of Labor and Social Security, the Fund for Social Development and Family Allowances, and the Administrative Board of the Municipal Electricity Service of Cartago.
Vice Society is a hacking group known for ransomware extortion attacks on healthcare, educational and manufacturing organizations. The group emerged in the summer of 2021 and is believed to be Russian-speaking. Vice Society uses double extorsion and does not operate a ransomware as a service model.
Hive was a ransomware as a service (RaaS) operation carried out by the eponymous cybercrime organization between June 2021 and January 2023. The group's purpose was to attack mainly public institutions to subsequently demand ransom for release of hijacked data.
Clop is a cybercriminal organization known for its multilevel extortion techniques and global malware distribution. It has extorted more than $500 million in ransom payments, targeting major organizations worldwide. Clop gained notoriety in 2019 and has since conducted high-profile attacks, using large-scale phishing campaigns and sophisticated malware to infiltrate networks and demand ransom, threatening to expose data if demands are not met.
LockBit is a cybercriminal group proposing ransomware as a service (RaaS). Software developed by the group enables malicious actors who are willing to pay for using it to carry out attacks in two tactics where they not only encrypt the victim's data and demand payment of a ransom, but also threaten to leak it publicly if their demands are not met.
Royal is a cybercriminal ransomware organization known for its aggressive targeting, its high ransom demands, and its use of double extortion. Royal does not use affiliates.
BlackCat, also known as ALPHV and Noberus, is a ransomware family written in Rust. It made its first appearance in November 2021. By extension, it is also the name of the threat actor(s) who exploit it.
Rhysida is a ransomware group that encrypts data on victims' computer systems and threatens to make it publicly available unless a ransom is paid. The group uses eponymous ransomware-as-a-service techniques, targets large organisations rather than making random attacks on individuals, and demands large sums of money to restore data. The group perpetrated the notable 2023 British Library cyberattack and Insomniac Games data dump. It has targeted many organisations, including some in the US healthcare sector, and the Chilean army.
Akira (ransomware) is a malware which emerged in March 2023. It targeted over 250 entities: the government sector, businesses in Canada, US, Australia (Nissan), critical infrastructure entities (the Finnish IT services provider Tietoevry), universities (Stanford University). Akira is offered as ransomware-as-a-service.
References
- 1 2 Hern, Alex (2024-06-05). "Who are Qilin, the cybercriminals thought behind the London hospitals hack?". The Guardian. The Guardian. ISSN 0261-3077 . Retrieved 2024-06-05.
- 1 2 "Qilin ransomware gang likely behind crippling NHS attack | Computer Weekly". ComputerWeekly.com. Retrieved 2024-06-05.
- 1 2 Lakshmanan, Ravi (2022-08-29). "New Golang-based 'Agenda Ransomware' Can Be Customized For Each Victim". The Hacker News. Retrieved 2024-06-25.
- 1 2 Lakshmanan, Ravie (2023-05-16). "Inside Qilin Ransomware: Affiliates Take Home 85% of Ransom Payouts". The Hacker News. Retrieved 2024-06-25.
- 1 2 3 4 "Street newspaper appears to have Big Issue with Qilin ransomware gang". The Register. 2024-06-01. Retrieved 2024-06-05.