Ransomware gangs are targeting companies using vulnerable Citrix Netscaler devices to breach networks, steal data, and encrypt files. The Citrix Bleed vulnerability (CVE-2023-4966) is being exploited in these attacks, affecting organizations like Toyota Financial Services and Industrial and Commercial Bank of China. Researchers like Kevin Beaumont are tracking these incidents.
In other news, the BlackCat ransomware gang filed a complaint with the SEC against a victim for not disclosing a cyberattack within the mandated time frame. The Royal ransomware gang has breached 350 organizations worldwide since September 2022. Additionally, Medusa ransomware has been using double extortion tactics to gain financially.
Ransomware indicators have increased by 56% year-over-year in October, with an increase in attacks using new variants like 1337 and GlobeImposter. LockBit ransomware has exploited the Citrix Bleed vulnerability to target large organizations, affecting thousands of servers. The Toronto Public Library confirmed data theft during a ransomware attack. The FBI and CISA issued warnings about Rhysida ransomware targeting multiple sectors.
A new ransomware variant adds the .shanova extension. The FBI shared tactics of the Scattered Spider hacking collective collaborating with the BlackCat ransomware operation. Toyota confirmed a breach after the Medusa ransomware threatened to leak its data. New variants of STOP ransomware with .eqza and .eqew extensions have been identified.
The British Library reported continued disruptions due to a ransomware attack, while Yamaha Motor’s subsidiary in the Philippines experienced a ransomware attack resulting in data theft. These incidents highlight the ongoing threats posed by ransomware attacks worldwide.
Article Source
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/amp/