Weekly Ransomware Review (June 12-18)
Weekly Ransomware Review (June 12-18)

Let’s take a look at a brief overview of ransomware attacks from the past week. In the spotlight: CyberArk, Rhysida, Chile, SmartPay, LockBit, Granules India, Shell, St. Margaret’s Health.

CyberArk, an information security company, announced on Sunday that in 2022, a staggering 91% of organizations in India were subjected to ransomware attacks. Interestingly, 55% of these organizations ended up paying ransoms twice or more for recovery, which indicates a probable involvement in double extortion campaigns.

A ransomware operation named Rhysida has reportedly leaked documents allegedly stolen from the network of Chile’s Army (Ejército de Chile). This leak follows the Chilean Army’s confirmation on May 29 about a security incident detected on May 27 over the weekend, as revealed in a statement by Chilean cybersecurity company CronUp.

Eftpos provider, SmartPay, has disclosed a breach of some customer data due to a cyber attack. While making this announcement to the Australian Securities Exchange, SmartPay stressed that it doesn’t “collect or store individual cardholder information” during transactions but did not elaborate on the nature of the breached data. The company acknowledged detecting the attack on June 10, stating that ransomware had affected “some systems in New Zealand”.

Ransomware group LockBit claimed to have orchestrated a cyberattack on Granules India, a major Indian pharmaceutical company, and has reportedly released segments of the purportedly stolen data. As seen in a listing by TechCrunch, LockBit’s dark web leak site identified Granules India as one of its recent victims on Wednesday. While Granules India hasn’t confirmed the ransomware attack yet, it reported a cybersecurity incident to the Indian stock exchanges last month, mentioning that the impacted IT assets had been isolated.

Oil and gas behemoth Shell confirmed its systems were breached in the Clop ransomware attacks. The breach occurred in the MOVEit file transfer tool, with Shell being named as one of the victims on the Clop group’s extortion site. This incident marks the second instance of Shell being attacked by the Clop gang via a file transfer service.

St. Margaret’s Health, a hospital in Illinois, is set to close this week, partially due to a cyberattack it suffered two years ago. The closure, according to analysts, makes it the first hospital to publicly attribute its shutdown to cybercriminals. The 2021 cyberattack on the hospital resulted in an inability to submit insurance claims for several months, triggering a financial crisis.

US cyber insurance premiums saw a substantial 50% rise in 2022 as the surge in ransomware attacks and online commerce fueled the need for coverage. AM Best, a ratings firm, disclosed in a study published this week that the premiums collected from policies written by insurers amounted to US$7.2 billion (RM33.34 billion) in 2022, marking a threefold increase over the last three years.