TLDR:
Key Points:
- Ransomware attacks on U.S. local governments continue to be a significant threat in 2024
- Vulnerabilities remain a common entry point for ransomware attacks, with the exploitation of a high-severity Cisco vulnerability by the Akira ransomware group
Ransomware This Week: ALPHV/BlackCat Bounty, Cisco Exploit, and More
Ransomware attackers targeted multiple local U.S. governments in 2024, adding to the growing concern of cybersecurity threats. According to research by Chainalysis, ransom payments exceeded $1 billion for the first time in 2023, highlighting the lucrative nature of these attacks. Sophos reported that 66% of organizations experienced ransomware attacks in 2022 and 2023, indicating a steady rate of attacks.
In February 2024, some of the top ransomware news included the FBI disrupting the ALPHV/BlackCat ransomware gang, with the group allowing its affiliates to target critical infrastructure in retaliation. The U.S. Department of State offered a $10 million bounty on ALPHV/BlackCat leaders and $5 million for information leading to the arrest of affiliates. Exploitation of vulnerabilities was a common entry point for ransomware attacks, with the U.S. CISA adding a high-severity Cisco vulnerability to its Known Exploited Vulnerabilities Catalog.
RansomHouse Group introduced a new ransomware tool called “MrAgent” targeting VMware ESXi servers, while U.S. government offices and Romanian hospitals faced significant ransomware attacks. U.S. counties and a state law office paid substantial ransoms to recover from attacks, with sensitive data being leaked and systems offline for an extended period. Romanian hospitals had to take systems offline due to a ransomware attack on the Hipocrate IT platform.
Overall, the ongoing threat of ransomware attacks, coupled with the exploitation of vulnerabilities and significant ransom payments, highlights the need for organizations to prioritize cybersecurity measures to protect against these evolving threats.