Commit 11_28_2023: The ransomware hydra

Jan Huber / Unsplash

Welcome to Commit 11_28_2023! README senior editor Nathaniel Mott here with a bit of good news about ransomware, a lot of bad news about ransomware and then some bad news that doesn’t involve ransomware

The Record: Europol arrests members of ‘high-profile’ ransomware gang


Another head’s been lopped off the ransomware hydra. The Record today reported that “more than 20 investigators from several European countries, as well as Canada and the U.S., arrested the alleged 32-year-old ringleader and the four most active accomplices” of a “high-profile ransomware gang” that’s been operating out of Ukraine since 2018.

Ukrainian police reportedly said the group has attacked more than 1,000 organizations over the last five years, so the arrests represent a clear win for law enforcement. But there’s a reason I used the hydra metaphor--there’s a good chance that anyone affiliated with this gang who wasn’t arrested will simply join or spin up another operation. Just keep swinging, Herc.

BleepingComputer: Ransomware attack leads to ER diversions

BleepingComputer reported on Monday that a ransomware attack on Ardent Health Services, which forced the company “to take its entire network offline, notify law enforcement, and hire external experts to investigate the attack's extent and impact,” has also required several of the hospitals it operates to divert patients from their emergency rooms to other healthcare facilities.

This isn’t exactly a surprise. We reported earlier this year that attacks on hospitals can significantly affect their ability to care for patients. By now it’s clear the cybercriminals conducting these attacks are fully aware of the risks; they simply don’t care. Fortunately the Ardent Health Services hospitals can still provide “stabilizing care,” BleepingComputer reported.

TechCrunch: FNF attack leaves homeowners over a barrel

A ransomware attack on Fidelity National Financial is causing problems for homeowners (and buyers) across the U.S. TechCrunch reported Monday that disruptions to FNF’s systems have made it impossible for the company’s customers to make their mortgage payments and, in some cases, left people selling their homes clueless as to the whereabouts of their money.

I can’t imagine the stress of wondering how FNF and its subsidiaries will respond to the attack. How long will people have to worry about being able to make or receive payments for their properties? Will payments deemed “late” by the system incur additional penalties, even though it’s not the customers’ fault FNF got popped? The sooner the company responds, the better.

Ars Technica: NXP hackers lurked for two-plus years

The call is coming from inside the house… and has been for a while now. Ars Technica, citing Dutch news outlet NRC Handelsblad, reported that hackers of a chipmaker called NXP “ periodically accessed employee mailboxes and network drives in search of chip designs and other NXP intellectual property” while they dwelled in the company’s network from 2017-2020.

Saying that’s bad news would be an understatement. Ars Technica noted that NXP chips can be found in everything from the latest iPhone to “the MIFARE card used by transit companies, FIDO-compliant security keys, and tools for relaying data inside the networks of electric vehicles.” Whoever hacked the company now knows quite a bit about those chips.