![]() ![]() The record follows a steady uptick in attacks on the sector we’ve observed over the past year. In other news, attacks on the healthcare sector last month reached an all-time high at 38 total attacks. Whether ALPHV’s troubles are caused by tight-lipped law enforcement, an ironic lack of disaster recovery planning, or some other sleight of hand, any disruption to the ransomware ecosystem is a welcome early Christmas present in our book. In January, the agency took down one of ALPHV’s contemporaries, Hive, and revealed it had penetrated the group’s infrastructure six months prior. Equally, the silence from the FBI could mean everything and nothing. ALPHV would likely lose affiliates if it admitted to a brush with the law, so the ransomware gang is likely going to attribute the outage to something benign-whether that is true or not. However, while it’s perfectly plausible that ALPHV is suffering hardware woes, law enforcement action can’t be ruled out. If the group really has lost access to the data its business relies on, then it’s now getting a first hand look at what its victims go through when they’re attacked and their data is encrypted. According to VX Underground, APLHV’s own explanation is that it suffered a hardware failure. When the gang’s infrastructure went down a week ago, many suspected the hand of law enforcement, despite no official word on the subject. The solitary listing on the site is dated December 13, which is after the site was restored. ALPHV’s dark web leak site may be back but it is only showing a single victim with no sign of any of the hundreds of others it normally lists. ![]() But all does not appear to be going well for group. The ALPHV ransomware gang, arguably the second most dangerous “big game” ransomware operator, appears to be back in business after its infrastructure went down for five days in early December. The top stories of the month include ALPHV’s shutdown (and subsequent return), an increased focus on the healthcare sector, and high-profile attacks on Toyota, Boeing, and more using a Citrix Bleed vulnerability (CVE-2023-4966). In November there were 457 total ransomware victims, making it the most active month for ransomware gangs in 2023 so far besides May. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In this report, “known attacks” are those where the victim did not pay a ransom. This article is based on research by Marcelo Rivero, Malwarebytes’ ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |