The Ransomware-Laden First Week of 2021

The thrill of jumping into the new year seemed high for ransomware operators. When everyone is looking forward to a new lease of life after the pandemic-driven year, attackers are also making a fresh start with new ransomware threats.

New year, new ransomware discoveries

  • Security researchers have discovered a brand new ransomware family called Babuk Locker, which has already attacked multiple organizations with a file-encryption scheme. Akin to other ransomware families, Babuk employs techniques such as multi-threading encryption, and its methods of exploiting the Windows Restart Manager are similar to those of REvil and Conti ransomware strains.
  • While examining a set of ransomware incidents at multiple organizations, security researchers associated the attacks with APT27, a Chinese hacking group usually involved in cyberespionage campaigns.

Recent ransomware attacks

  • Recently, the ransomware gang Protect Your System Amigo (PYSA) or Mespinoza has released files, allegedly, stolen from the Hackney London Borough Council in an attack some months ago. The attack stopped the council from making housing benefit payments to the needy, resulting in a fall in house purchases.
  • A few days ago, Apex Laboratory, a blood-testing lab, disclosed being hit in a double extortion ransomware attack that resulted in patient data being stolen and posted on a leak site. The data included patient names, test results, dates of birth, and for some individuals, phone numbers and social security numbers.
  • The NetWalker ransomware group publicly leaked a 3GB archive belonging to a U.S.-based auto parts distributor, NameSouth, after it refused to pay the ransom. The archive included confidential company data and sensitive documents, including credit card statements, financial and accounting data, various legal documents, and personally identifiable employee information.
  • Transportation agency TransLink experienced issues in its computing systems when the Egregor ransomware operators attacked its networks and accessed and potentially stole its employees’ social security and banking information. 

Conclusion

Looking at several organizations disclosing ransomware attacks at the beginning of the new year, the FBI issued a Private Industry Notification (PIN) warning private companies of Egregor ransomware attacks. Though the FBI’s security alert focuses on Egregor attacks, organizations must prepare themselves to defend against other ransomware attacks.