💰

Palo Alto Networks Security Incident

First Half of 2024 365 days ago Resolved

Incident Overview

Situation Description

The company's Unit 42 threat research team monitored ransomware and extortion leak sites, observing a 4.3% year-over-year increase in compromise announcements in the first half of 2024.

Event Types

Ransomware

Industry Sector

Healthcare

Geographic Scope

National (US)

Impact Analysis

Event Types (1 identified)

Ransomware

Financial Impact

$0 USD

Records Affected

Primary Impacts

Operational Disruption

Key Decisions Made

Unit 42 monitors ransomware and extortion leak sites to track threat activity.; Law enforcement operations have led to the disruption and cessation of operations for several prominent ransomware groups.; Vulnerabilities are the primary driver of ransomware activity, with threat actors exploiting them for network access and lateral movement.

Technical Analysis

Attack Method

Unpatched Vulnerability

Threat Actor Attribution

ALPHV BlackCat CL0P DragonForce LockBit RansomHub

Vulnerability / Tool

CVE-2018-13379 CVE-2020-1472 CVE-2024-1708 CVE-2024-1709 CVE-2024-26169 CVE-2024-27198 CVE-2024-4577

Additional Information

Threat Research Center Trend Reports Ransomware Ransomware Ransomware Review: First Half of 2024 16 min read Related Products Advanced DNS Security Advanced Threat Prevention Advanced URL Filtering Advanced WildFire Cloud-Delivered Security Services Cortex Cortex XDR Cortex Xpanse Cortex XSIAM Next-Generation Firewall Prisma Cloud Unit 42 Incident Response By: Amanda Tanner Kristopher Bleich Published: August 9, 2024 Categories: Cybercrime Ransomware Trend Reports Tags: Alpha ALPHV Ambitious Scorpius Anemic Scorpius AvosLocker Bashful Scorpius Black Basta Blackcat Blackout BreachForums Burning Scorpius Buzzing Scorpius Chubby Scorpius CL0P CVE-2018-13379 CVE-2020-1472 CVE-2024-1708 CVE-2024-1709 CVE-2024-26169 CVE-2024-27198 CVE-2024-4577 Dark Scorpius DoNex DragonForce Drowsy Scorpius Flighty Scorpius GhostSec Healthcare Hive Hunters International Ignoble Scorpius Karakurt KelvinSecurity Leak site LockBit Losttrust LukaLocker Manufacturing Muddled Libra Mushy Scorpius MyData NoEscape Nokoyawa Qilin Quilong Ragnar Locker Ransomed Ransomed.Vc RansomHub Royal Ransomware Salty Scorpius Scattered Spider Screaming Scorpius Shifty Scorpius Slippery Scorpius SocGholish Spicy Scorpius Spikey Scorpius Spoiled Scorpius Stumped Scorpius Trigona Trisec Vice Society Volcano Demon Wandering Scorpius Whiny Scorpius Share Executive Summary Unit 42 monitors ransomware and extortion leak sites closely to keep tabs on threat activity. We reviewed compromise announcements from 53 dedicated leak sites in the first half of 2024 and found 1,762 new posts. This averages to approximately 294 posts a month and almost 68 posts a week. Of the 53 ransomware groups whose leak sites we monitored, six of the groups accounted for more than half of the compromises observed. In February, we reported a 49% increase year-over-year in alleged victims posted on ransomware leak sites. So far, in 2024, comparing the first half of 2023 to the first half of 2024, we see an even further increase of 4.3%....

... (truncated for display)

Quick Facts

Company:: Palo Alto Networks
Date:: First Half of 2024
Status:: Resolved
Decision Maker:: nan
Position:: nan
Published:: 9/08/2024

Source Information

Original Query

FBI takedown of ALPHV/BlackCat infrastructure impact on victim recovery

View Original Source

Timeline

Information Published

9/08/2024

Incident Occurred

First Half of 2024 (365 days ago)

Status: Resolved

Estimated resolution based on age

Actions

View Company Profile

Navigation

Quick Stats