Ransomware on the Move: LockBit, Hunters International, 8Base, WereWolves

Halcyon publishes a quarterly RaaS and data extortion group reference guide, Power Rankings: Ransomware Malicious Quartile. Here's the ransomware gangs on the move last week:

‍

LockBit

‍

The venerable insurance brokerage firm, Bucher & Strauss, found itself in the crosshairs of the infamous LockBit ransomware group. While details of the attack remain scant, the incident serves as a stark reminder of the indiscriminate nature of ransomware assaults on enterprises irrespective of their stature.

‍

LockBit's brazen resilience was on full display when authorities disrupted its infrastructure on February 19, only to witness the group's swift resurgence less than a week later.  

‍

Emboldened by their ability to evade law enforcement actions, LockBit has vowed to intensify attacks on the public sector, signaling a dire escalation in their nefarious activities.

‍

Since its inception in 2019, LockBit has distinguished itself as the most prolific Ransomware-as-a-Service (RaaS) gang, leveraging advanced encryption techniques and innovative tactics to extort exorbitant ransoms from targeted entities.  

‍

Notably, LockBit's modus operandi encompasses not only file encryption but also data exfiltration, amplifying the stakes for victim organizations. Their audacious demands, exceeding $50 million in some cases, underscore the gravity of the threat posed by this sophisticated cyber syndicate.

‍

Hunters International

‍

The Hunters International ransomware group continues its spree of attacks, targeting a diverse array of organizations spanning multiple sectors and geographies.  

‍

Last week’s victims included Schuster Trucking Company, BS&B Safety Systems, Ayuntamiento de Teo, Wapiti Energy, Griffin Dewatering, the Chicago Zoological Society, Tiete Automobile, and Greater Napanee.  

‍

With each attack, Hunters International leaves a trail of disruption and uncertainty, compelling affected organizations to grapple with the devastating aftermath of data breaches and extortion demands.

‍

The sophistication exhibited by Hunters International, coupled with their penchant for double extortion tactics, underscores the evolving threat landscape faced by businesses worldwide.  

‍

By exfiltrating sensitive data before encrypting files, the group amplifies the financial and reputational repercussions for victims, reinforcing the imperative for robust cybersecurity measures.

‍

8Base

‍

Marching onto the ransomware battleground, the 8Base ransomware group has swiftly carved a niche for itself as a formidable adversary to organizations across diverse sectors.  

‍

With a surge in activity observed since its emergence in 2022, 8Base has demonstrated a penchant for targeting businesses in the manufacturing, construction, and business services domains.  

‍

Employing sophisticated evasion techniques and leveraging customized ransomware payloads, the group poses a significant challenge to cybersecurity professionals tasked with mitigating ransomware risks.

‍

Despite lacking a signature ransomware strain or a public RaaS platform, 8Base's operational agility and strategic targeting highlight the adaptability and resilience of modern cybercriminal syndicates.  

‍

Their propensity for double extortion and the strategic leaking of compromised data underscores the need for proactive defense mechanisms to thwart ransomware incursions effectively.

‍

WereWolves

‍

David's Bridal suffered a ransomware attack by the newcomer WereWolves ransomware group. The impact is unclear, and the company is keeping silent.  

‍

David's Bridal is a clothing store in the United States that specializes in wedding dresses, bridesmaid dresses, prom and homecoming dresses, quinceañera dresses, flower girl dresses, and other formal wear. It also does alterations.  

‍

Emerging in May 2023, the WereWolves ransomware group has quickly made its mark on the cyber threat landscape.  

‍

With a penchant for utilizing variants of the LockBit ransomware and adopting a jovial approach to recruitment and propaganda, WereWolves represent a unique breed of cybercriminals.  

‍

Their indiscriminate targeting strategy, coupled with double extortion tactics, signals a troubling escalation in ransomware tactics, underscoring the imperative for heightened vigilance and preparedness among organizations worldwide.

‍

‍

Halcyon.ai is the leading anti-ransomware company that closes endpoint protection gaps and defeats ransomware through built-in bypass and evasion protection, key material capture, automated decryption, and data exfiltration prevention – talk to a Halcyon expert today to find out more. Halcyon also publishes a quarterly RaaS and extortion group reference guide, Power Rankings: Ransomware Malicious Quartile.