Weekly Ransomware Review (June 6-12)
Weekly Ransomware Review (June 6-12)

Let’s take a look at a brief overview of ransomware attacks from the past week. In the spotlight: CL0P, Illinois state agencies, MOVEit Transfer, NordLocker, Obsidian, HWL Ebsworth, BlackCat, ALPHV, Eisai, Xplain.

CL0P hackers launched a ransomware attack against Illinois state agencies, potentially compromising the personal data of numerous individuals, as reported by the Illinois Department of Innovation and Technology. The specifics of the compromised information remain uncertain.

Security experts at Kroll disclosed that the Clop ransomware group has been exploring vulnerabilities in the MOVEit Transfer managed file transfer solution since 2021. A recently discovered web shell, LemurLoot, was identified in the logs of client networks affected by Clop’s data theft attacks, highlighting the method employed by the group.

NordLocker’s new report indicates that ransomware groups are now shifting their focus to specific industries and regions, as targeting US companies is becoming less attractive. While US businesses remain a primary target, other regions are attracting growing attention.

Cybersecurity company Obsidian revealed a successful ransomware strike on Sharepoint Online (Microsoft 365) via a Microsoft Global SaaS admin account. The method of attack was more unusual than the typical compromised endpoint. The identity of the victim remains undisclosed, but Obsidian’s research suggests the group known as 0mega carried out the attack.

Australian legal firm HWL Ebsworth confirmed a network breach after the ALPHV ransomware group, also known as BlackCat, started leaking supposedly stolen data. The group reportedly published 1.45 terabytes of data, containing over a million documents purportedly stolen from the firm in April 2023. They are threatening to leak more if their demands aren’t met.

Japanese pharmaceutical conglomerate Eisai reassured that there is no imminent risk of a stock shortage after experiencing a ransomware attack over the weekend. As per Eisai’s communication, the company maintains a global stocking policy with a supply buffer of over three months at any time.

On Thursday, the Swiss government disclosed potential data theft in a ransomware attack on Xplain, a software provider for various departments. Following data encryption and blackmail, the culprits published some of the stolen data on the darknet, as stated in a government release.