Home Internet Security The Week in Ransomware – February 26th 2021

The Week in Ransomware – February 26th 2021



The variety of assaults had slowed down after the winter holidays, however after the previous two weeks, it is evident that the ransomware assaults are again at full velocity.

Over the previous two weeks, we had some vital assaults, together with assaults on Discount Car and Truck Rentals, an alleged attack on Kia Motors/HyundaiULTietoEVRYEcuador’s Ministry of Finance, and its largest financial institution, Banco Pichincha.

A latest ransomware assault at Computerized Funds Switch Providers (AFTS) additionally led to a series of data breach notifications from US cities that used them as a cost processor.

Lastly, Mandiant reported that latest Accellion FTA breaches had been carried out by hackers affiliated with the Clop ransomware operation.

In a win for legislation enforcement, an operation between the USA, France, and Ukraine has led to quite a few Egregor members’ arrests, virtually shutting down the ransomware operation.

On the technical aspect, we realized that Ryuk now has worm-like functionality permitting it to unfold to different Home windows gadgets.

Contributors and people who offered new ransomware data and tales this week embody: @jorntvdw, @PolarToffee, @DanielGallagher, @LawrenceAbrams, @demonslay335, @VK_Intel, @BleepinComputer, @Ionut_Ilascu, @malwareforme, @fwosar, @Seifreed, @struppigel, @serghei, @malwrhunterteam, @FourOctets, @chum1ng0, @cyb5r3Gene, @Mandiant, @CISecurity, @JakubKroustek, @coveware, @fbgwls245, @c3rb3ru5d3d53c, @Amigo_A_, @petrovic082, @siri_urz, and @1ZRR4H.

February thirteenth 2021

CD Projekt’s stolen source code allegedly sold by ransomware gang

A ransomware gang who says they stole unencrypted supply code for the corporate’s hottest video games after which encrypted CD Projekt’s servers claims to have offered the info.

Leading Canadian rental car company hit by DarkSide ransomware

Canadian Low cost Automobile and Truck Leases has been hit with a DarkSide ransomware assault the place the hackers declare to have stolen 120GB of information.

Tortoise ransomware decryptor released

Cerberus launched a decryptor for the Tortoise Ransomware.

February 14th 2021

Egregor ransomware affiliates arrested by Ukrainian, French police

A joint operation between French and Ukrainian legislation enforcement has reportedly led to the arrests of a number of members of the Egregor ransomware operation in Ukraine.

February seventeenth 2021

Kia Motors America suffers ransomware attack, $20 million ransom

Kia Motors America has suffered a ransomware assault by the DoppelPaymer gang, demanding $20 million for a decryptor and to not leak stolen information.

New Makop variant

Petrovic discovered a brand new variant of the Makop ransomware that appends the .vassago extension.

New Stop ransomware variant

Michael Gillespie discovered a brand new ransomware that appends the .cadq extension to encrypted recordsdata.

February 18th 2021

US cities disclose data breaches after vendor’s ransomware attack

A ransomware assault towards the broadly used cost processor ATFS has sparked information breach notifications from quite a few cities and companies inside California and Washington.

February nineteenth 2021

CIS now offers free ransomware protection to all US hospitals

The Middle for Web Safety (CIS), a non-profit devoted to securing IT methods and information, has introduced the launch of free ransomware safety for US non-public hospitals by the Malicious Area Blocking and Reporting (MDBR) service.

Underwriters Laboratories (UL) certification giant hit by ransomware

UL LLC, higher often called Underwriters Laboratories, has suffered a ransomware assault that encrypted its servers and prompted them to close down methods whereas they get better.

February twenty first 2021

Lakehead University shuts down campus network after cyberattack

Canadian undergraduate analysis college Lakehead has been coping with a cyberattack that compelled the establishment earlier this week to chop off entry to its servers.

New Dharma ransomware variant

Jakub Kroustek discovered a brand new Dharma ransomware variant that appends the .pauq extension to encrypted recordsdata.

February twenty second 2021

Global Accellion data breaches linked to Clop ransomware gang

Menace actors related to financially-motivated hacker teams mixed a number of zero-day vulnerabilities and a brand new internet shell to breach as much as 100 firms utilizing Accellion’s legacy File Switch Equipment and steal delicate recordsdata.

New ‘Four’ Dharma ransomware variant

Jakub Kroustek discovered a brand new Dharma ransomware variant that appends the .4 extension to encrypted recordsdata.

February twenty third 2021

Finnish IT services giant TietoEVRY discloses ransomware attack

Finnish IT providers big TietoEVRY has suffered a ransomware assault that compelled them to disconnect purchasers’ providers.

New ‘Urs’ Dharma ransomware variant

Emmanuel_ADC-Soft discovered a brand new Dharma ransomware variant that appends the .urs extension to encrypted recordsdata.

Q4 2020 Doxxing Victim Trends: Industrial Sector Emerges as Primary Ransom “Non-Payor”

The evaluation that follows relies on an examination of ransomware doxxing victims whose identities had been printed between September and December of 2020. The information for this weblog submit was collected from 100% public sources. Not like the vast majority of analysis on cyber extortion tendencies, which relies on data collected from self-identified victims of ransomware, these information factors are collected from the risk actor’s personal public ledgers of victims and aren’t topic to the identical limitations of self-reporting. Right now one yr in the past, solely two or three ransomware gangs had developed the apply of naming-and-shaming victims who did not pay the ransom. 

New ThunderX/Ranzy variant

dnwls0719 discovered a brand new ThunderX/Ranzy ransomware variant that appends the .RANZYLOCKED extension to encrypted recordsdata.

February twenty fourth 2021

Cyberpunk 2077 patch 1.2 delayed by CD Projekt ransomware attack

CD Projekt Pink introduced at present that they’re delaying the anticipated Cyberpunk 2077 Patch 1.2 to the second half of March 2021 attributable to their latest cyberattack.

Ransomware gang extorts jet maker Bombardier after Accellion breach

Enterprise jet maker Bombardier is the most recent firm to undergo a knowledge breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal firm information.

New ‘Clman’ Dharma ransomware variant

Jakub Kroustek discovered a brand new Dharma ransomware variant that appends the .clman extension to encrypted recordsdata.

February twenty fifth 2021

Dutch Research Council (NWO) confirms ransomware attack, data leak

The latest cyberattack that compelled the Dutch Analysis Council (NWO) to take its servers offline and droop grant allocation processes was attributable to the DoppelPaymer ransomware gang.

Looking for the Snoopdoog ransomware

Michael Gillespie discovered a brand new ransomware that appends the .Snoopdoog and drops a ransom notice named Decrypt-me.txt.

New Team Assist ransomware

S!ri discovered a brand new ransomware that appends the .help extension.


February twenty sixth 2021

Ryuk ransomware now self-spreads to other Windows LAN devices

A brand new Ryuk ransomware variant with worm-like capabilities that permit it to unfold to different gadgets on victims’ native networks has been found by the French nationwide cyber-security company whereas investigating an assault in early 2021.

Ransomware gang hacks Ecuador’s largest private bank, Ministry of Finance

​A hacking group known as ‘Hotarus Corp’ has hacked Ecuador’s Ministry of Finance and the nation’s largest financial institution, Banco Pichincha, the place they declare to have stolen inside information.

That is it for this week! Hope everybody has a pleasant weekend!

Source link