Key Ransomware Events in February 2024

               •  Source code of Knight Ransomware up for Sale.

            A  cybercriminal  is  reportedly  selling  the  purported  source  code  for  the  third  version  of  the  Knight
            ransomware  on  a  hacker  forum.  Knight  ransomware,  which  emerged  in  July  2023,  succeeded  the
            Cyclops operation, functioning on Windows, macOS, and Linux/ESXi systems. Notably, it offered info-
            stealers and a 'lite' encryptor for lower-tier affiliates targeting smaller organizations.

            Also, the members of the ransomware group have been inactive since December 2023.



               •  Hyundai Motor hit by Black Basta.

            Hyundai Motor Europe Hit by Black Basta Ransomware Attack, Threat Actors Claim Theft of 3TB of
            Corporate Data



               •  Warning Issued on Blackcat Ransomware Attacks.

            The FBI, CISA, and HHS issue a warning on ALPHV/BlackCat ransomware targeting U.S. healthcare.
            Responsible  for  numerous  breaches  and  $300  million  in  ransoms,  BlackCat  intensified  attacks  on
            healthcare since December 2023. The recent cyberattack on UnitedHealth Group's Optum is attributed
            to  BlackCat,  possibly  exploiting  a  ScreenConnect  vulnerability.  The  advisory  stresses  cybersecurity
            measures for critical infrastructure and healthcare. FBI offers up to $10 million in rewards for identifying
            or locating BlackCat leaders.




               •  Akira hits Sweden Municipality

            Bjuv, a municipality in Sweden faces a threat from the Akira ransomware group, which vows to expose
            almost  200GB  of  pilfered  data.  The  dark  web  message  details  the  compromised  information,
            encompassing confidential documents and personal HR files.



               •  Arrests of three suspected SugarLocker members.


            Russian  authorities  have  arrested  three  members  of  the  SugarLocker  ransomware  group,  operating
            under the guise of tech company Shtazi-IT. The arrests coincide with a broader international operation
            against the Lockbit ransomware group. SugarLocker, active since 2021, operates on a ransomware-as-
            a-service model, receiving a percentage of profits from victims. The group primarily uses Remote Desktop
            Protocol for attacks. The arrested individuals face charges of creating, using, and distributing malicious
            computer programs, potentially leading to up to four years in prison.







                                                                                                            139