CISO Corner

Ransomware Review: June 2023

A distorted skull and crossbones

In May, Lockbit, usually the reigning king of ransomware gangs, found a fierce competitor in MalasLocker. Last month witnessed a record number of 556 reported ransomware victims, with Italy and Russia becoming major targets and a significant increase in attacks on the education sector.

MalasLocker claimed a whopping 171 total victims in May alone, beating out Lockbit with only 76 known attacks. What sets MalasLocker most apart, however, is its unique ‘charitable’ twist. Rather than demanding ransoms, they asked victims to donate to its approved charities. “Unlike traditional ransomware groups, we’re not asking you to send us money. We just dislike corporations and economic inequality,” reads MalasLockers ransom note. However, there is no confirmation that MalasLocker is keeping its word and decrypting the victim’s files after the donation. Ransomware gangs (and cybercriminals in general) have a long and storied history of writing long and tedious tracts justifying their criminal activity with grandiose claims.

A list of ransomware groups and how many victims they have claimed in May 2023.Most noteable: Malaslocker 171, Lockbit 76, 8Base 67, ALPHV 39

Known ransomware attacks by gang, May 2023

 

Italy and Russia emerge as targets

Both Italy and Russia have had a major upswing in ransomware activity. Italy saw more than a six-fold increase from the month before, and Russia went from zero reported attacks to 50 in a single month.

This surge is entirely due to MalasLocker, which hit more targets in Italy and Russia than anywhere else. It is assumed that this is not a matter of deliberately targeting these countries, but rather simply where the most vulnerable targets are located.

A pie chart of Mays ransomeware victim counts.Russia - 50 Italy - 45 USA - 27 Other - 21 Germany - 7 Spain - 6 Canada - 5 Austria - 4 Switzerland - 3 UK - 3

Known ransomware attacks by country, May 2023

 

Increased Ransomware Attacks on Education

The increase in ransomware attacks on the education sector in May is particularly concerning. There were 30 known attacks in May, which is the highest amount seen in a single month. This trend has been increasing over the past twelve months.

Between June 2022 and May 2023, Vice Society attacked more education targets than any other gang—a specialization that should alarm schools, colleges, and universities everywhere. More information on the Vice Society ransomware gang can be found here.

A graph displaying the trend of education sector attacks over the past 12 months. Starting in June 2022 with 11 attacks and gradually increasing to May 2023 with 30 attacks

Known ransomware attacks against education, June 2022-May 2023

 

As always, we are reliant on people being vigilant and reporting suspicious activity on their systems to our IT Support team.

Contacts: +61 (2) 6773 5000 (toll-free 1800 763 040) or log a ticket via the IT Service Portal.

Thank you for your support in helping us maintain the cyber security integrity of UNE.

Source:

Malwarebytes

Submit a Comment

Your email address will not be published. Required fields are marked *