Review of incidents involving ransomware for the period from March 21 to March 28, 2022


The largest Russian meat producer Miratorg suffered from the attack of the BitLocker cryptographer. The attackers used a malicious program disguised as a system Trojan file called Win32:Bitlocker/l!rsm. The malware encrypts data in the disk system of infected computers, servers and workstations. To do this, it uses vulnerabilities in Windows operating systems. In total, more than 15 companies belonging to the Miratorg holding were affected.

The National Postal Service of Greece (Hellenic Post, ELTA) was forced to temporarily shut down its information systems due to a cyber attack. IT specialists found that the attackers exploited an uncorrected vulnerability through which malware was downloaded, giving hackers access to one of the workstations using the HTTPS reverse shell.

A cybersecurity researcher using the pseudonym PCrisk has discovered new variants of the STOP ransomware program that add extensions .mmuz, .hfgd, .kkia, .pphg, .wdlo, .ssoi and .rguy.

Last year, the Federal Bureau of Investigation received more than 847 thousand complaints about cybercrime. According to a new report by the FBI’s Internet Crime Complaint Center (IC3), financial losses due to cybercrime continued to grow sharply during 2021 and totaled $6.9 billion.

Cybersecurity researchers conducted a technical experiment by testing ten variants of ransomware programs in order to determine how quickly they encrypt files and assess the possibility of responding to their attacks in a timely manner. The total average time to encrypt files for all 100 different samples of ten types of ransomware was 42 minutes 52 seconds. The “winner” and the most dangerous was LockBit, which reached an indicator of 5 minutes and 50 seconds. The fastest version of LockBit encrypted 25 thousand files per minute.

According to the FBI, in 2021, cyber-extortionate groups hacked the networks of at least 649 organizations of critical infrastructure in the United States. However, the true figures may be higher, since the bureau began to keep records of allegations of incidents involving the use of extortionate software only in June 2021. In addition, the FBI report does not take into account incidents that the victims did not report. According to the report, last year, out of 16 sectors of critical infrastructure in 14, at least one organization fell victim to ransomware.

Estonian citizen Maxim Berezan, associated with the attacks of ransomware, was sentenced to 66 months in prison for participating in online fraud schemes. From July 2009 to December 2015, Berezan was a member of the exclusive cybercrime forum DirectConnection, specializing in stolen bank card data.

The LockBit operator, known by the pseudonym LockBitSupp, appointed a $1 million reward for providing any confidential information about his group. The award can be given to “any person on the planet”.

Start a discussion …