FlagThis

February witnessed a record-breaking surge in ransomware attacks, fueled by the prolific activity of groups like CL0P, known for exploiting MFT vulnerabilities. The ransomware landscape is also seeing significant activity from groups like Akira and RansomHub.

Recent analysis reveals a notable development with the Black Basta and CACTUS ransomware groups, uncovering a shared BackConnect module. This module, internally tracked as QBACKCONNECT, provides extensive remote control capabilities, including executing commands and exfiltrating sensitive data. The Qilin ransomware group has also claimed responsibility for attacks on the Utsunomiya Central Clinic (UCC), a cancer treatment center in Japan, and Rockhill Women's Care, a gynecology facility in Kansas City, stealing and leaking sensitive patient data.

ImgSrc: blogger.googleu

References :

• cyble.com: February Sees Record-Breaking Ransomware Attacks, New Data Shows
• The Register - Security: Qilin ransomware gang claims attacks on cancer clinic, OB-GYN facility
• iHLS: Ransomware Group Targets Cancer Clinic, Exposes Sensitive Health Data
• securityaffairs.com: Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024.
• thecyberexpress.com: Ransomware attacks set a single-month record in February that was well above previous highs.
• The DefendOps Diaries: Akira Ransomware: Unsecured Webcams and IoT Vulnerabilities
• blog.knowbe4.com: A new report from Arctic Wolf has found that 96% of attacks now involve data theft as criminals seek to force victims to pay up.
• DataBreaches.Net: The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim's network.

Classification:

• HashTags: #Ransomware #CyberAttack #DataExtortion
• Target: Organizations across various sectors
• Attacker: Various groups
• Product: Multiple
• Feature: Data encryption
• Malware: LockBit, CL0P, RansomHub, Akira
• Type: Ransomware
• Severity: Major