The variety of assaults had slowed down after the winter holidays, however after the previous two weeks, it is evident that the ransomware assaults are again at full velocity.
Over the previous two weeks, we had some vital assaults, together with assaults on Discount Car and Truck Rentals, an alleged attack on Kia Motors/Hyundai, UL, TietoEVRY, Ecuador’s Ministry of Finance, and its largest financial institution, Banco Pichincha.
A latest ransomware assault at Computerized Funds Switch Providers (AFTS) additionally led to a series of data breach notifications from US cities that used them as a cost processor.
Lastly, Mandiant reported that latest Accellion FTA breaches had been carried out by hackers affiliated with the Clop ransomware operation.
In a win for legislation enforcement, an operation between the USA, France, and Ukraine has led to quite a few Egregor members’ arrests, virtually shutting down the ransomware operation.
On the technical aspect, we realized that Ryuk now has worm-like functionality permitting it to unfold to different Home windows gadgets.
Contributors and people who offered new ransomware data and tales this week embody: @jorntvdw, @PolarToffee, @DanielGallagher, @LawrenceAbrams, @demonslay335, @VK_Intel, @BleepinComputer, @Ionut_Ilascu, @malwareforme, @fwosar, @Seifreed, @struppigel, @serghei, @malwrhunterteam, @FourOctets, @chum1ng0, @cyb5r3Gene, @Mandiant, @CISecurity, @JakubKroustek, @coveware, @fbgwls245, @c3rb3ru5d3d53c, @Amigo_A_, @petrovic082, @siri_urz, and @1ZRR4H.
February thirteenth 2021
A ransomware gang who says they stole unencrypted supply code for the corporate’s hottest video games after which encrypted CD Projekt’s servers claims to have offered the info.
Canadian Low cost Automobile and Truck Leases has been hit with a DarkSide ransomware assault the place the hackers declare to have stolen 120GB of information.
February 14th 2021
A joint operation between French and Ukrainian legislation enforcement has reportedly led to the arrests of a number of members of the Egregor ransomware operation in Ukraine.
February seventeenth 2021
Kia Motors America has suffered a ransomware assault by the DoppelPaymer gang, demanding $20 million for a decryptor and to not leak stolen information.
Petrovic discovered a brand new variant of the Makop ransomware that appends the .vassago extension.
Michael Gillespie discovered a brand new ransomware that appends the .cadq extension to encrypted recordsdata.
February 18th 2021
A ransomware assault towards the broadly used cost processor ATFS has sparked information breach notifications from quite a few cities and companies inside California and Washington.
February nineteenth 2021
The Middle for Web Safety (CIS), a non-profit devoted to securing IT methods and information, has introduced the launch of free ransomware safety for US non-public hospitals by the Malicious Area Blocking and Reporting (MDBR) service.
UL LLC, higher often called Underwriters Laboratories, has suffered a ransomware assault that encrypted its servers and prompted them to close down methods whereas they get better.
February twenty first 2021
Canadian undergraduate analysis college Lakehead has been coping with a cyberattack that compelled the establishment earlier this week to chop off entry to its servers.
Jakub Kroustek discovered a brand new Dharma ransomware variant that appends the .pauq extension to encrypted recordsdata.
February twenty second 2021
Menace actors related to financially-motivated hacker teams mixed a number of zero-day vulnerabilities and a brand new internet shell to breach as much as 100 firms utilizing Accellion’s legacy File Switch Equipment and steal delicate recordsdata.
Jakub Kroustek discovered a brand new Dharma ransomware variant that appends the .4 extension to encrypted recordsdata.
February twenty third 2021
Finnish IT providers big TietoEVRY has suffered a ransomware assault that compelled them to disconnect purchasers’ providers.
Emmanuel_ADC-Soft discovered a brand new Dharma ransomware variant that appends the .urs extension to encrypted recordsdata.
The evaluation that follows relies on an examination of ransomware doxxing victims whose identities had been printed between September and December of 2020. The information for this weblog submit was collected from 100% public sources. Not like the vast majority of analysis on cyber extortion tendencies, which relies on data collected from self-identified victims of ransomware, these information factors are collected from the risk actor’s personal public ledgers of victims and aren’t topic to the identical limitations of self-reporting. Right now one yr in the past, solely two or three ransomware gangs had developed the apply of naming-and-shaming victims who did not pay the ransom.
dnwls0719 discovered a brand new ThunderX/Ranzy ransomware variant that appends the .RANZYLOCKED extension to encrypted recordsdata.
February twenty fourth 2021
CD Projekt Pink introduced at present that they’re delaying the anticipated Cyberpunk 2077 Patch 1.2 to the second half of March 2021 attributable to their latest cyberattack.
Enterprise jet maker Bombardier is the most recent firm to undergo a knowledge breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal firm information.
Jakub Kroustek discovered a brand new Dharma ransomware variant that appends the .clman extension to encrypted recordsdata.
February twenty fifth 2021
The latest cyberattack that compelled the Dutch Analysis Council (NWO) to take its servers offline and droop grant allocation processes was attributable to the DoppelPaymer ransomware gang.
Michael Gillespie discovered a brand new ransomware that appends the .Snoopdoog and drops a ransom notice named Decrypt-me.txt.
S!ri discovered a brand new ransomware that appends the .help extension.
February twenty sixth 2021
A brand new Ryuk ransomware variant with worm-like capabilities that permit it to unfold to different gadgets on victims’ native networks has been found by the French nationwide cyber-security company whereas investigating an assault in early 2021.
A hacking group known as ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the nation’s largest financial institution, Banco Pichincha, the place they declare to have stolen inside information.