August 2024 saw a continued surge in ransomware attacks, with various organizations and industries falling victim to these malicious threats. Here are some key highlights from the month:

1. ‘Criminal ransomware attack’ affecting the city of Flint

Targeted city: Flint, Michigan
Published date: August 16, 2024
Targeted sector: Government

The attack caused an internal network and internet outage. The city is unaware whether resident or employee personal data has been impacted.

Impact Of Attack

  1. Some city employees do not have access to email.
  2. Voicemail services are working intermittently, and some messages have been lost.
  3. There is a gap in the city’s phone system. The city of Flint asks anyone to call during normal business hours and be patient.

Reference: https://www.abc12.com/news/local/criminal-ransomware-attack-affecting-the-city-of-flint/article_1de536b2-5b31-11ef-a37d-e7aa437dc171.html

2. Ransomware strikes McLaren Health Care again

Targeted city: Grand Blanc, Michigan.
Published date: August 2024
Targeted sector: Healthcare organization

McLaren Health Care, a major healthcare provider in Michigan, was struck by another ransomware attack in August 2024. This incident marked the second time the health system has fallen victim to cybercriminals within a year.

McLaren first reported phone and IT system problems in early August and later confirmed a cyberattack caused the disruption.

impact

Reference: https://www.beckershospitalreview.com/cybersecurity/ransomware-strikes-mclaren-health-care-again.html

3. Qilin ransomware steals credentials stored in Google Chrome

Targeted Sector: Google Chrome users
Published date: August 24, 2024

The Qilin ransomware, a sophisticated cyber threat, has been identified as targeting Google Chrome users to steal credentials stored in the browser’s password manager. This attack vector poses a significant risk to users’ online security, as compromised credentials can be used to gain unauthorized access to various online accounts.

Impact: Potential for identity theft, financial fraud, and data loss for individuals and organizations using Google Chrome.

Reference: https://securityaffairs.com/167496/cyber-crime/qilin-ransomware-steal-google-chrome-passwords.html

4. Halliburton cyberattack linked to RansomHub ransomware gang

Published date: August 29, 2024

The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company’s IT systems and business operations.

The company provides numerous services to oil and gas companies, including well construction, drilling, hydraulic fracturing (fracking), and IT software and services. Due to the company’s wide range of services, there is a great deal of connectivity between them and their customers.

However, the company has not shared many details about the attack, with a customer in the oil and gas industry telling BleepingComputer that they have been left in the dark about determining if the attack impacted them and how to protect themselves.

potential impact

Reference: https://www.bleepingcomputer.com/news/security/halliburton-cyberattack-linked-to-ransomhub-ransomware-gang/

5. ValleyRAT Malware Attack Windows Systems Using Weaponised Microsoft Office Doc

Published date: August 26, 2024

ValleyRAT is a sophisticated multi-stage malware targeting Windows systems, with a particular focus on Chinese-speaking users. Known for its advanced evasion techniques, ValleyRAT can monitor and control compromised devices, posing a significant threat to affected users. The malware campaign was first identified in June 2024 and has since showcased evolving capabilities, including persistence, privilege escalation, and evasion tactics.

ValleyRAT was analyzed in the ANY.RUN sandbox.
valleyrat attack

Reference: https://cybersecuritynews.com/valleyrat-malware-attack-windows-systems/

6. Ransomware attacks on schools threaten student data nationwide

Published date: August 27, 2024

Ransomware attacks on schools have emerged as a significant threat to student data across the United States, with cybercriminals increasingly targeting educational institutions. According to data from K12 SIX, a nonprofit focused on school cybersecurity, there have been at least 325 ransomware attacks on school districts in the U.S. from April 2016 to November 2022, with an additional 83 potential attacks reported from January 2023 to June 2024. These attacks have resulted in the encryption and theft of critical data, disrupting school operations and compromising the privacy of students, employees, and vendors.

The increasing frequency of ransomware attacks prompted a White House summit in August 2023, aimed at addressing the cybersecurity threats faced by schools and exploring protective measures.

impact of attack

Reference: https://www.cbsnews.com/news/school-ransomware-attacks-threaten-student-data/

7. BlackByte Ransomware Exploits New VMware Flaw in VPN-Based Attacks

Published date: August 29, 2024

The notorious BlackByte ransomware group is at it again, employing new tactics to target businesses worldwide. Recent investigations by Cisco Talos have revealed that the group is now actively exploiting a recently patched vulnerability in VMware ESXi hypervisors, demonstrating their ability to quickly adapt to new exploits and security vulnerabilities.

key implication

Reference: https://hackread.com/blackbyte-ransomware-vmware-flaw-vpn-based-attacks/

8. Iranian Hackers Attacking US Organizations To Deploy Ransomware

Published date:

The primary sectors targeted are education, finance, healthcare, defense, and local government entities. Not only that even some of the countries include Israel, Azerbaijan, and UAE.

According to a Google report, Their methods often depend on exploiting specific CVEs, in Pulse Secure/Ivanti VPNS.

CVEs

They employ webshells (netscaler.php, ctxHeaderLogon.php), Meshcentral, and AnyDesk for persistence and remote access, and they use Shodan for reconnaissance.

Impact on U.S. Organizations:

  • The impact of these ransomware assaults has been enormous, hitting not only local government organizations but also the banking, healthcare, and education sectors.
  • The advice issues a warning that the group has not just targeted American organizations but also ones in Israel, Azerbaijan, and the United Arab Emirates.
  • Attack victims frequently experience serious operational setbacks, monetary losses, and the possibility of sensitive data exposure.
  • To lessen the effects of these attacks and stop further abuse, the advice stresses the significance of prompt reporting and working with authorities.

Reference: https://cybersecuritynews.com/iranian-hackers-us-ransomware-attacks/

9. Researcher sued for sharing data stolen by ransomware with media

Targeted Sector: Businesses, Government Agencies, Critical Infrastructure
Published date: August 30, 2024

A researcher facing a lawsuit for sharing data stolen by ransomware with the media highlights a complex ethical and legal dilemma. While sharing such data can expose cyber threats and raise public awareness, it also raises concerns about intellectual property, privacy, and potential legal repercussions.

key consideration

Reference: https://www.bleepingcomputer.com/news/security/researcher-sued-for-sharing-data-stolen-by-ransomware-with-media/