While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void.
A relatively new operation called RansomHub gained media attention this week after a BlackCat affiliate used the newer operation's data leak site to
extort Change HealthCare once again.
Change HealthCare allegedly already paid a ransom, which was stolen from an affiliate in an
exit scam by the BlackCat/ALPHV ransomware operation. However, the affiliate behind the attack claims to have kept the stolen data and is now extorting the company again through RansomHub.
So far, the Change Healthcare attack has cost UnitedHealth Group
$872 million, with losses expected to continue.
Another disruptive attack we learned more about this week is the
Daixin operation claiming the cyberattack on
Omni Hotels. This attack caused the hotel chain to shut down its IT systems, impacting reservations and requiring hotel staff to let guests into their rooms.
Other attacks targeted chipmaker
Nexpira,
the United Nations Development Programme (UNDP),
Octapharma Plasma, and the
Atlantic States Marine Fisheries Commission (ASMFC).
There were other cyberattacks this week, such as the one on
Frontier Communications, but they have not been confirmed to be ransomware.
In other news, the
U.S. Justice Department charged a Moldovan national for running a large-scale botnet that infected thousands of computers and deployed ransomware.
Last but not least, the FBI reported that the
Akira ransomware operation had earned $42 million from 250+ victims, and
HelloKitty returned, rebranding as HelloGookie.
