Security News

DUCK. I don't know whether that's true, but I like to think it is. Before we get to stuff that's in the news, we are pleased, nay thrilled, to announce the first of three episodes of Think You Know Ransomware?

Ransomware - as readers here know only too well - is one of the biggest cybercrime challenges we collectively face today. That's why Sophos has spent has recently visited cities around the globe to dive deep into the real story behind ransomware.

The year previous to that, LockBit was known to be the most active global ransomware group and RaaS provider in terms of the number of victims claimed on their data leak site. As ransomware continues to rise and evolve, new strains develop.

Des Moines Public Schools, Iowa's largest school district, confirmed today that a ransomware attack was behind an incident that forced it to take all networked systems offline on January 9, 2023. While the school district also received a ransom demand following the attack from an unnamed ransomware group, the ransom has not been paid.

The BlackCat ransomware gang is behind a February cyberattack on Reddit, where the threat actors claim to have stolen 80GB of data from the company. On February 9th, Reddit disclosed that its systems were hacked on February 5th after an employee fell victim to a phishing attack.

The U.S. State Department's Rewards for Justice program announced up to a $10 million bounty yesterday for information linking the Clop ransomware attacks to a foreign government. "Do you have info linking CL0P Ransomware Gang or any other malicious cyber actors targeting U.S. critical infrastructure to a foreign government? Send us a tip. You could be eligible for a reward," tweeted the Rewards for Justice Twitter account.

The MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations breached in the attacks. We also learned more about ransomware attacks this week, with the Medusa operation extorting Argentina's National Securities Commission and Rhysida ransomware leaking data stolen from the Chilean Army.

The U.S. Department of Justice on Thursday unveiled charges against a Russian national for his alleged involvement in deploying LockBit ransomware to targets in the U.S., Asia, Europe, and Africa. "Astamirov allegedly participated in a conspiracy with other members of the LockBit ransomware campaign to commit wire fraud and to intentionally damage protected computers and make ransom demands through the use and deployment of ransomware," the DoJ said.

Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The company is urging all its customers to disable all HTTP and HTTPs traffic to MOVEit Transfer on ports 80 and 443 to safeguard their environments while a patch is being prepared to address the weakness.

Threat actors behind a recently surfaced ransomware operation known as Rhysida have leaked online what they claim to be documents stolen from the network of the Chilean Army.The leak comes after the Chilean Army confirmed on May 29 that its systems were impacted in a security incident detected over the weekend on May 27, according to a statement shared by Chilean cybersecurity firm CronUp.