January 1-11, 2023 | Issue 1 - CICYBER
Marina Tovar, Isaiah Johnson, Christine Saddy
Deepankar Patil, Editor; Jennifer Loy, Chief Editor
Locky ransomware: instructions
Date: January 2, 2023
Location: Toronto, Canada
Parties involved: ransomware group, LockBit; LockBit’s unnamed partner; The Hospital for Sick Children
The event: LockBit issued a public apology and offered a decryption key to unlock The Hospital for Sick Children’s data system after one of its unnamed partners targeted the facility in a ransomware attack. The hospital has recovered 60% of its priority systems since the attack and is yet to use the decryption key LockBit offered, to fully restore the system.
Analysis & Implications:
Delayed administrative tasks, like collecting pending invoices or providing lab and imaging results, will very likely harm the hospital’s reputation as patients will unlikely understand the technical nature of decryption efforts. To avoid loss of revenue and reputation, the hospital will likely use the decryption key to expedite the decryption process. The system’s normalization and the hospital’s rapid response will likely positively impact the hospital’s image.
LockBit likely publicly apologized on behalf of their associates for the ransomware attack to avoid further investigations from law enforcement agencies. LockBit will likely successfully establish a dominant role over its partners by taking a leading role in apologizing to the target. The apology is likely intended to improve LockBit’s public image while establishing guidelines for acceptable targets.
Date: January 5, 2023
Location: California, USA
Parties involved: unknown hacking group; Twitter; co-founder of cybersecurity firm Hudson Rock, Alon Gal; US; EU; Ireland’s Data Protection Commission; US Federal Trade Commission
The event: Gal claimed an unknown hacking group leaked around 200 million email addresses of Twitter users on a hacker forum in early 2021. Twitter has not released an official statement regarding the claims. Ireland’s Data Protection Commission and the US Federal Trade Commission have been monitoring Twitter for compliance, as Twitter is subject to digital privacy regulations in Europe and the US.
Analysis & Implications
The EU will likely closely monitor Twitter’s activity after the claims, likely to increase privacy regulations regarding user data. Twitter will likely face an investigation and fines for improperly handling user data. Users within the EU will likely sue the company for non-compliance, likely harming Twitter’s reputation. EU Twitter users will likely petition their governments for increased data privacy rights, for instance opting out of digital tracking metrics like cookies.
The lack of a public statement by Twitter likely indicates that Twitter is unaware of the extent of the leak. Twitter leadership is likely withholding information about the leak to give internal teams time to investigate the leak, assuage investor concerns, and reassure current users. Twitter very likely seeks plausible deniability by not admitting to the data breach, likely to advocate against increased privacy laws in Europe.
Date: January 6, 2023
Location: United Kingdom
Parties involved: hacker group Vice Society; British schools; British academic institutions; Gloucestershire Police Department; cybersecurity professionals
The event: The Vice Society leaked private documents and sensitive data of 14 British schools after allegedly stealing it in 2022. The hacking group usually demands a ransom from victims before leaking the documents on the dark web. Local Gloucestershire police are investigating the data breaches and working with cybersecurity professionals.
Analysis & Implications:
British academic institutions will likely update their cybersecurity protocols for employees, like implementing solid passwords and installing security software updates. British schools will very likely restrict internet access for students to avoid external parties accessing devices connected to the network and conducting cyberattacks, like session hijacking and distributed denial-of-service (DDoS) attacks. Administrators will likely seek more secure alternatives to various office applications, like Microsoft Office, by likely opting for in-house closed systems, like Outlook, Apache OpenOffice, or LibreOffice. Schools and universities will likely seek advice from cybersecurity professionals and publish approved digital applications and rules of usage, likely to decrease the risk of cyberattacks.
The Vice Society very likely intended for the theft of these documents to remain undetected to later extract a ransom. The Vice Society very likely targeted education centers due to the extensive sensitive data stored on their systems, likely expecting a high likelihood of acquiring a ransom. The success of collecting school data likely indicates that the ransomware group had members experienced in understanding the specific methods, systems, and tools that education centers use.
 “Locky ransomware: instructions” by Christiaan Colen licensed under CC BY-SA 2.0
 Ransomware group LockBit apologizes and says “partner” was behind SickKids attack, CBC, January 2023, https://www.cbc.ca/news/canada/toronto/ransomware-group-sickkids-cybersecurity-update-1.6701688
 Twitter hacked, 200 million email addresses leaked, researcher says, Reuters, January 2023 https://www.reuters.com/technology/twitter-hacked-200-million-user-email-addresses-leaked-researcher-says-2023-01-05/
 Schools hit by cyber attack and documents leaked, BBC, January 2023 https://www.bbc.com/news/uk-england-gloucestershire-63637883