Risky Business #744 -- Ransomware upstarts jostle in Lockbit's absence

On this week’s show Patrick and Adam discuss the week’s security news, including:


Ransomware: down but not out
Zero day prices on the rise…
… and what it means for enterprise software
Geopolitical conflict comes to computers in Palau
Ukraine cyber chief Illia Vitiuk suspended
More x86 microarchitectural bad times
And much much more


Proofpoint’s chief strategy officer Ryan Kalember is this week’s sponsor guest. He takes aim at some recent vendor trends, like security companies describing themselves as “platforms”.



Show notes


CyberCX_Report_DFIR 2023 Year in Review_Online.pdf

Ransomlook Stats

Vlad Styran 🇺🇦 on X: ".@riskybusiness has noted recently that there is an “orthodox Easter”-like low season in the ransomware village. Although my sources do not support this assessment, if true, there might be a simple explanation https://t.co/kM8lu6KbyY" / X

Price of zero-day exploits rises as companies harden products against hackers | TechCrunch

Mandiant spots advanced exploit activity in Ivanti devices | Cybersecurity Dive

Pricing - Knocknoc

ALPHV steps up laundering of Change Healthcare ransom payments | CyberScoop

Extortion group threatens to sell Change Healthcare data | CyberScoop

Attempted hack on NYC continues wave of cyberattacks against municipal governments

Missouri county declares state of emergency amid suspected ransomware attack | Ars Technica

Medusa cybercrime gang takes credit for another attack on US municipality

Omni Hotels & Resorts hit by cyberattack | Cybersecurity Dive

Targus says cyberattack is causing operational outage | TechCrunch

German database company Genios confirms ransomware attack

Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses

‘An attack on the reputation of Palau’: officials question who was really behind ransomware incident

'They’re lying': Palau denies claims by ransomware gang over recent cyberattack

Ukrainian security service’s cyber chief suspended following media investigation

Russia seeks criminal charges against executives at flight booking service accused of failing to protect consumer data

House hurtles toward showdown over expiring surveillance tools | CyberScoop

D-Link tells customers to sunset actively exploited storage devices | Cybersecurity Dive

A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask | WIRED

Ahoi Attacks

Linux Kernel Patched For Branch History Injection "BHI" Intel CPU Vulnerability - Phoronix

Ransomware gang’s new extortion trick? Calling the front desk | TechCrunch

Evolving Threat Landscape: A Deep Dive into Multichannel Attacks Targeting Retailers | Proofpoint US