By Ashwani Mishra, Editor-Technology, 63SATS
The ransomware crisis has surged in Q2 2024 with new threats from groups like PLAY and Medusa, Planned Parenthood targeted by RansomHub, rising sextortion scams with personal threats, and a phishing alert from Swan Bitcoin CEO Cory Klippsten.
Keep up with the latest developments and emerging trends from around the world to stay ahead in today’s rapidly evolving landscape.
Ransomware
Ransomware Surge: New Groups Drive Record High Demands and Payouts
The ransomware crisis has intensified in the second quarter of 2024, with new groups like PLAY, Medusa, and RansomHub pushing attack numbers up by 16% from Q1 and 8% from the previous year.
Ransomware demands and payments have surged, with average demands hitting $1,571,667—an increase of 102%—and average payments reaching a record $626,415. Corvus Insurance reports that companies lacking strong backup strategies face higher ransom payouts, with those having effective backups seeing costs 72% lower than their less-prepared counterparts.
Email Scam
Sextortion Scams Escalate with Personal Threats and Home Photos
A new wave of sextortion scams is now including personal information and photos of victims’ homes to pressure them into paying ransom. Scammers send emails featuring the recipient’s name, address, and a threatening message, often with a PDF attachment that personalizes the threat.
As per reports, these emails demand Bitcoin payments, ranging between $2,000-$2,200, and threaten to release compromising video footage if the ransom is not paid. Experts advise against responding and recommend reporting such emails as spam or phishing.
Data Breach
Planned Parenthood Hit by Cyberattack as RansomHub Claims Responsibility
Synopsis: Planned Parenthood has confirmed a cyberattack impacting its IT infrastructure, forcing it to take parts of its systems offline. The organization is investigating the extent of the breach that occurred in late August. RansomHub, a known ransomware group, has claimed responsibility and threatened to leak 93GB of stolen data if their demands are not met within six days.
Crypto
Swan Bitcoin Alerts Users to Phishing Scam Amid Klaviyo and HubSpot Data Breaches
Swan Bitcoin CEO Cory Klippsten has warned users about a new phishing scam targeting the platform. The scam involves fraudulent “Data Breach Notice” emails, exploiting past breaches from Klaviyo and HubSpot. Klippsten emphasized that Swan Bitcoin has not experienced a data breach and cautioned users against transferring Bitcoin based on these fake communications.
Cyberattack
Targeted Cyberattack in Malaysia: Babylon RAT Deployed Against Officials
A targeted cyberattack campaign in Malaysia is using malicious ISO files to deploy the Babylon RAT, a sophisticated remote access Trojan. The attack, active since July, targets political figures and government officials, with ISO files designed to appear legitimate but containing hidden scripts and malicious executables. This campaign is part of a broader trend of advanced cyberattacks on high-profile targets.
Malware Threat
MacroPack Tool Misused for Malware Deployment, Cisco Talos Reports
Cisco Talos has uncovered that MacroPack, a tool designed for red team exercises, is being misused to deploy malware. Research indicates that various Microsoft documents created with MacroPack were uploaded to VirusTotal from different countries, including China, Pakistan, Russia, and the US. This misuse of a legitimate tool highlights the evolving tactics of cybercriminals.