The Hive ransomware gang has gone further cross platform, extending to Linux and FreeBSD with several new ransomware variants. They aren’t the first – REvil, Babuk, GoGogole, DarkSide, and HelloKitty among other groups have Linux encrypters too.
Europol announced the arrests of 12 people involved in ransomware. An 8 country joint operation, the impact was 1800 victims across 71 countries, mostly large corporations and critical infrastructures. BlackMatter is allegedly shutting down due to pressure from governments and law enforcement.
And in warnings, the FBI is warning that ransomware gangs are targeting “time sensitive financial events”, which means corporate mergers and acquisitions. Operators would use the financial information collected before attacks as leverage to force complying with the ransom. The advisory also notes targeting stock prices too, using the information as leverage to change the market.
The FBI has also warned about the HelloKitty ransomware gang adding DDos attacks to their arsenal, as Microsoft warns about an increase in password spray attacks targeting privledged cloud accounts and high profile identities.
CISA has issued a binding operational directive to address more than 300 security vulnerabilities within the next six months. This focuses on civilian agencies.
Why do we care?
Law enforcement can work, and will require funding, staffing, and investment. Keep this in mind for the weekend’s editorial too.
I mention the CISA advisory for the fed as a checkpoint for others. Worth checking your own systems too. Today’s security stories are rather tactical. Doesn’t mean they aren’t important.