Nevertheless, the gang was seen last month exploiting vulnerabilities in PaperCut servers to steal corporate data. Known ransomware attacks by gang, April 2023 Known ransomware attacks by country, April 2023 Known ransomware attacks by industry sector, April 2023Ĭl0p ransomware, which gained prominence in March by exploiting a zero-day vulnerability in GoAnywhere MFT, went comparatively silent with just four attacks in April. Keep an eye out, because LockBit's work in developing a macOS ransomware variant-plagued though it may currently be-could signal a trend toward more Mac-targeting ransomware in the future. Or it may not, if their tests aren’t promising.” “The viability may improve in the future. “The LockBit encryptor doesn’t look particularly viable in its current form, but I’m definitely going to be keeping an eye on it,” says Thomas Reed, director of Mac and mobile platforms at Malwarebytes. The LockBit macOS samples analyzed by Malwarebytes seem ineffective due to being unsigned, not accounting for TCC/SIP restrictions, and being riddled with bugs, like buffer overflows, causing premature termination when executed on macOS. The variant, targeting macOS arm64 architecture, first appeared on VirusTotal in November and December 2022 but went unnoticed until late April when it was discovered by MalwareHunterTeam. LockBit's macOS ransomware is an interesting development in the threat landscape, showing that the group is dipping its toes into the historically ransomware-free Mac environment. Meanwhile, Cl0p, which dramatically expanded its attack operations in March, has gone quiet this month, despite Microsoft observing them exploiting PaperCut vulnerabilities. In April, LockBit maintained its position as the top ransomware attacker and was also observed expanding into the Mac space. This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. In this report, "known attacks" are those where the victim didn't pay a ransom. This article is based on research by Marcelo Rivero, Malwarebytes' ransomware specialist, who monitors information published by ransomware gangs on their Dark Web sites.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |