A total of 28 ransomware attacks occurred in March 2023, according to figures provided by cybersecurity company BlackFog. The number of attacks were fewer than in the prior two months, but still amounting to a four-year high and a 12% bump over previous years.
The mixed ransomware news comes along with reports by Western Digital, which makes the SanDisk removable memory card, of a cyberattack on its networks, and a distributed denial of service (DDoS) blitz on the Israeli cybersecurity firm Check Point.
A Closer Look at BlackFog's Study
As for BlackFog’s ransomware study, March saw 1,403% of attacks going unreported, up from 478% and 543% in January and February respectively for a nearly three-fold increase from previous months.
Here are some additional data from the BlackFog study:
Meanwhile, Western Digital, which reported $19 billion in 2022 revenue, acknowledged that hackers had gained access to its networks and pilfered some company data in an ongoing attack that began last week. The company said it discovered the digital break in on March 26. At this point Western Digital doesn’t know how much data was taken.
Western Digital issued a statement on the matter:
“In connection with the ongoing incident, an unauthorized third party gained access to a number of the company’s systems. Upon discovery of the incident, the company implemented incident response efforts and initiated an investigation with the assistance of leading outside security and forensic experts."
The company added that the investigation is in its early stages and Western Digital is coordinating with law enforcement authorities.
It’s not known if Western Digital has engaged with managed security service providers. Still, the company said it is “implementing proactive measures” and has taken systems and services offline in some cases.
Considering that officials warned that business operations may be disrupted, it seems likely that the company is dealing with a ransomware event even though no mention so far has been made of it.
Anonymous Sudan Takes Down Check Point Website
In Check Point’s case, hackers calling themselves "Anonymous Sudan" earlier this week took down Check Point’s website. However, after a short while, the website seemed to return to normal operations, the Jerusalem Post reported. The websites of multiple major universities in Israel were also attacked by the same group, and were down for several hours, the news outlet said.
Check Point's spokesperson stated:
"All our sites are functioning well despite a large-scale attack on them. The company's website is protected against DDoS (Distributed Denial of Service) attacks at the highest level. one of the strongest websites in the world."
While the current attacks are service-preventing infiltrations, Check Point said “it can be assumed” that they and other hackers at some point will try to produce ransom attacks and data theft, the company told the Israeli newspaper Maariv.
In unrelated research, Check Point said its incident response team has uncovered a previously unnamed ransomware family it dubbed Rorschach that had been used to attack an unidentified U.S.-based company. Check Point said in an analysis that the Rorschach ransomware appears to be unique in that it does not appear to have any overlaps that could tie it to any known ransomware strain. It does not bear any kind of branding which is a common practice among ransomware groups, Check Point said.
The ransomware is also partly autonomous, carrying out tasks that are usually manually performed during enterprise-wide ransomware deployment. Similar functionality has been linked to LockBit 2.0, Check Point said.
