SOCshare: cyber threat tendencies in Lithuania during December 2023

Ransomware – the most popular attack type in Europe  

According to ENISA, ransomware attacks are one of the most common types of cyber incidents in Europe. 2022 was a year when ransomware attacks were extremely common and became the “leading” type of cyber attack. To carry out such attacks, cybercriminals are using continuously evolving techniques and a wider range of tools. Often this is a coordinated effort by organised groups. Ransomware as a Service (RaaS) becomes increasingly more popular. 

The December ransomware attack also targeted Vilnius City Council

In the first half of December, cyber criminals encrypted the data of the Vilnius District Municipality and the most recent backup copies of the data. Within a few days, Kaunas University of Technology (KTU) also reported a similar cyber-attack.   

Our SOCShare project partner Vilnius City Municipal Administration (VMSA) was also targeted, but thanks to automated tools and vigilant staff who quickly reported potentially malicious emails, the threat was quickly removed. 

According to the Lithuania’s NCSC, it is noticeable that ransomware attackers are becoming more “diligent” – they are preparing for attacks in a very systematic and targeted way, and no longer leave encryption errors as before. Lithuania’s position is not to support such crimes with payments, as the money will be used for further development of similar criminal tools and the likelihood of data recovery is not high. The solution is therefore to prevent such attacks.  

What do we see?  

During the SOCShare project, the NRD Cyber Security CyberSOC team and VMSA security analysts share prominent threat indicators. In December, there were no major changes, with the majority of attacks focusing on ransomware-type threats, while the primary access point remained malicious emails and links. However, in December, a trend towards providing text in both SMS and malicious emails in Lithuanian, pretending to be a parcel service, became apparent. 

 

 

 

CTI-AI project: end of year update
CTI-AI project: end of year update
The most common myths related to the implementation of the DORA Regulation
The most common myths related to the implementation of the DORA Regulation
SOCcare December 2025: RondoDox Campaign: Routers Beware
SOCcare December 2025: RondoDox Campaign: Routers Beware
Engaging management and operational teams to do trainings, TTXs, practice sessions, etc.
Engaging management and operational teams to do trainings, TTXs, practice sessions, etc.
Designing an engaging and realistic TTX for an organisation
Designing an engaging and realistic TTX for an organisation
Weekly cyber drills? How to make them a mission possible
Weekly cyber drills? How to make them a mission possible
How to design and lead multi-organisational and multi-national TTXs?
How to design and lead multi-organisational and multi-national TTXs?
NRD Cyber Security liquidates NRD Bangladesh
NRD Cyber Security liquidates NRD Bangladesh