Ransomware Unhinged: A Week of Threats and Extortions


July 19, 2023

World map

June 24th, 2023, marked a flurry of ransomware attacks around the globe, with various sectors falling prey to vicious cyber criminals.

Renowned ransomware gangs flexed their criminal muscles on unsuspecting victims, leveraging their nefarious tactics to compromise data and demand exorbitant ransoms.

Let's dive into these attacks to understand the methods employed and the severity of the threats involved:

Akira Targets Global Finance

Perpetual Limited, a global financial services organization based in Sydney, Australia, faced a brazen attack from the Akira ransomware gang. Having announced their existence only a month ago in May 2023, the Akira gang wasted no time in making their mark.

They claimed to have stolen a staggering 700GB of highly detailed business information from Perpetual Limited, placing this data under a dire threat of exposure.

Akira operates by using the Windows Restart Manager API, effectively shutting down processes or terminating Windows services in use, allowing the encryption process to proceed unhindered. Upon successfully encrypting the files, Akira places a ransom note in every folder - a chilling warning to its victims.

The gang's alarming promise to sell the compromised data on the dark market, should negotiations fail, underscores the severity of the threat. The gang's unique retro-themed data leak site serves as an eerie reminder of their thorough planning and significant resources.

Medusa's Menace on Academia

Simultaneously, the Medusa ransomware gang set its sights on the academic world, specifically targeting Matej Bel University in Slovakia. The public research university, with a student population of 6700, was thrust into a state of uncertainty as the gang claimed to have exfiltrated a significant volume of data.

Medusa has earned a reputation as one of the more active Ransomware-as-a-Service (RaaS) platforms, especially since late 2022. The gang leverages sophisticated methods, such as rebooting infected machines in safe mode, disabling recovery options, and deleting shadow copies to avoid detection and thwart recovery attempts.

The ransom demand from Medusa stands at a hefty $500,000, with threats of publishing the exfiltrated data should the university fail to comply by June 3rd. This attack is a reminder of the ever-looming threat of ransomware in the academic sector.

Akira's Second Blow - Galveston College

The same day, the Akira gang struck again, this time against Galveston College in Texas. The public community college faced a daunting threat as Akira claimed to have stolen 99GB of student information.

Following a similar pattern as their previous attack, Akira threatened to sell the compromised data on the dark market, plunging the institution into a potential crisis.

BianLian's Crane Heist

In a less conventional attack, the BianLian ransomware gang targeted American Crane Rental, a Californian crane company. The gang claims to have stolen a hefty 249GB of data, including accounting and project data, files from user PCs, and information about subcontractors and vendors.

With threats to publish all stolen data by July 5th if a ransom isn't paid, BianLian has raised the stakes considerably.

BianLian, infamous since June 2022, has repeatedly targeted various critical infrastructure sectors in the United States and Australia, and recently expanded their scope to include professional services and property development sectors.

The group primarily focuses on data exfiltration-based extortion and uses valid Remote Desktop Protocol (RDP) credentials to gain unauthorized access to victims' systems.

In conclusion, this week's spate of attacks underscores the escalating threat of ransomware. Whether it's finance, academia, or industry-specific companies, no sector is immune.

These attacks remind us of the importance of robust cybersecurity measures and highlight the need for continuous vigilance against such relentless threats. Stay tuned for more updates on these stories and the world of ransomware.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.