Security News

Opinion A general ban on ransomware payments, as was floated by some this week, sounds like a good idea. Such a ban would need to be universal or else ransomware crews will simply focus on victims in other geographic regions that don't prohibit payments.

With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information. Last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it could be used to decrypt victims' files for free.

The idea being, it seems, that those patients and the media coverage from any swatting will put pressure on the US hospital to pay up and end the extortion. "Fred Hutchinson Cancer Center was aware of cyber criminals issuing swatting threats and immediately notified the FBI and Seattle police, who notified the local police," a spokesperson told The Register today.

A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. The post was spotted by threat intelligence company KELA and while the legitimacy of the offer has not been validated, the screenshots from the seller indicate that the package is real. The seller of the Zeppelin source code and builder uses the handle 'RET' and clarified that they did not author the malware but simply managed to crack a builder version for it.

"I think more people are coming to accept that a ban, while problematic, may ultimately be the only solution to the ransomware problem," he told The Register. For example, the Biden administration deciding to make ransom payments illegal as of February 1 would be "Problematic, given the lack of overall resilience and maturity across the economy, particularly when you think about all those soft targets the report identifies," Stifel told The Register, echoing the conclusion [PDF] reached by the Ransomware Task Force.

The U.S. division of Xerox Business Solutions has been compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation. INC Ransom ransomware gang added the corporation to its extortion portal on December 29, claiming to have stolen sensitive data and confidential documents from its systems.

The court system of Victoria, Australia, was subject to a suspected ransomware attack in which audiovisual recordings of court hearings may have been accessed. The Supreme Court of Victoria, aside from two regional hearings in November, only had recordings accessed between December 1 and 21, for example.

Australia's Court Services Victoria is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack. Supreme Court - hearings from the Court of Appeal, Criminal Division, and Practice Court between December 1 and 21, and two regional hearings in November 2023.

Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free. The decryptor allows Black Basta victims from November 2022 to this month to potentially recover their files for free.

We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals. The most concerning news is that LockBit affiliates increasingly target hospitals in attacks, even though the ransomware operation says it's against the rules.