Sophos researchers have discovered that the LockBit, Hive, and BlackCat ransomware operations have simultaneously attacked an unnamed organization, ZDNet reports.
After being subjected to a suspected intrusion from an initial access broker that established a remote desktop protocol session last December, the organization's network was infiltrated by a LockBit ransomware affiliate through vulnerable RDP instance in April, the report revealed.
Nineteen or more systems have been deployed with ransomware by the LockBit affiliate before a Hive ransomware affiliate suspected to use the same RDP credentials worked to immediately encrypt systems. BlackCat attackers were observed to infiltrate the network two weeks later, with the threat actors not only spreading ransomware but also concealing its activities, alongside the attack of LockBit and Hive.
"It's bad enough to get one ransomware note, let alone three. Multiple attackers create a whole new level of complexity for recovery, particularly when network files are triple encrypted. At some point, these groups will have to decide how they feel about cooperation whether to further embrace it or become more competitive but, for now, the playing field is open for multiple attacks by different groups," said Sophos Senior Security Advisor John Shier.
Nearly $115 million worth of cryptocurrency have been stolen so far from the HTX digital currency exchange, formerly Huobi, and the Heco Chain blockchain bridge following a cyberattack last week, CNBC reports.
Tennessee-based hospital system Vanderbilt University Medical Center has confirmed being impacted by a cyber incident that compromised one of its databases after being listed on the data leak site of the Meow ransomware gang on Thanksgiving, according to The Record, a news site by cybersecurity firm Recorded Future.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news