Microsoft stated that there was an uptick of ransomware attacks that occurred in the first two weeks of April that affected aid organizations, medical billing companies, manufacturing, transport, government institutions, and educational software providers. They also stated these attacks likely were carried out by ransomware groups that had infiltrated the network months before. “Attackers have compromised target networks for several months beginning earlier this year and have been waiting to monetize their attacks by deploying ransomware when they would see the most financial gain,” said Microsoft’s Threat Protection Intelligence Team. Actions like these show that the groups behind these attacks really don’t care that they could be affecting important services during these critical times. Attackers typically steal copies of sensitive files before encrypting them, because the files can be sold to other criminals or used to extort the victim company for a larger ransom payment later. The list of top ransomware payloads in April provided by Microsoft included RobbinHood, Maze, PonyFinal, Valet loader, and REvil. Others include Paradise, RagnarLocker, MedusaLocker, and LockBit.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased