Page 137 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 137
The top 5 nations with the highest number of victims are the United States (195), the United Kingdom
(24), Canada (14), France (11), and Spain (8). These countries are likely targeted due to their economic
significance, advanced technological infrastructure, and high internet connectivity, offering lucrative
targets for cybercriminals.
The Notable Vulnerability That Was Exploited By Ransomware In February 2024:
Sr CVE CVSS NAME Affected Product Associated
No ID Score Ransomware
1 CVE- 10 ConnectWise ScreenConnect 23.9.7 Black Basta,
2024- ScreenConnect and prior Bl00dy
1709 Authentication Ransomware,
Bypass LockBit, Blackcat
Vulnerability
2 CVE- 8.4 Path-Traversal ScreenConnect 23.9.7 Black Basta,
2024- Vulnerability and prior Bl00dy
1708 Ransomware,
LockBit
Evolution Of Ransomware Group in February 2024
• Lockbit Is back and more aggressive than before.
LockBit has promptly resumed its ransomware operations on a restructured infrastructure, employing
upgraded encryption tools and rerouting ransom notes to new servers, all achieved within a week post a
law enforcement breach. The group is escalating its threats, particularly focusing on increased targeting
of government entities.
• RansomHouse automates attacks with MrAgent.
RansomHouse group introduces 'MrAgent,' a tool automating VMware ESXi attacks, aiming to streamline
data encryption on multiple hypervisors simultaneously. It identifies the host system, disables the firewall,
and deploys ransomware with custom configurations received from the command-and-control server.
137
