Whereas the start of this week was pretty quiet, it undoubtedly ended with a bang as information got here out of the biggest ransom demand but.
It was revealed on the finish of the week that pc maker Acer suffered a REvil ransomware attack the place the menace actors are demanding a large $50,000,000 ransom.
REvil additionally made this information this week with the addition of a new -smode argument that causes Home windows to reboot into Secure Mode with Networking to carry out the encryption. REvil’s ‘Unknown’ additionally conducted an interview with TheRecord.
Lastly, we noticed an FBI warning about PYSA and new variants of ransomware households launched.
Contributors and those that offered new ransomware data and tales this week embrace: @malwareforme, @struppigel, @LawrenceAbrams, @Seifreed, @DanielGallagher, @VK_Intel, @fwosar, @malwrhunterteam, @FourOctets, @demonslay335, @BleepinComputer, @serghei, @jorntvdw, @Ionut_Ilascu, @PolarToffee, @Amigo_A_, @GrujaRS, @ddd1ms, @campuscodi, @ValeryMarchive, @3xp0rtblog, @Kangxiaopao, and @fbgwls245.
March thirteenth 2021
GrujaRSA discovered a brand new variant of the RunExeMemory that appends the .z8sj2c extension and drops a ransom word named Learn me, if you wish to get well your information.txt.
March sixteenth 2021
The Federal Bureau of Investigation (FBI) Cyber Division has warned system directors and cybersecurity professionals of elevated Pysa ransomware exercise concentrating on academic establishments.
Unknown talked to Recorded Future professional menace intelligence analyst Dmitry Smilyanets just lately about utilizing ransomware as a weapon, staying out of politics, experimenting with new techniques, and way more. The interview was carried out in Russian and translated to English with the assistance of an expert translator, and has been edited for readability.
Jakub Kroustek discovered a brand new Dharma Ransomware variant that appends the .liz extension.
dnwls0719 discovered a brand new Fast ransomware variant that appends the .lock extension.
xiaopao discovered a brand new variant of the SFile ransomware that appends the .sandboxtest extension.
March seventeenth 2021
A member of the cybercriminal group has found and disclosed a bug within the LockBit ransomware that would have been used without spending a dime decryptions.
xiaopao discovered a brand new variant of the SFile ransomware that appends the .PROM extension.
xiaopao discovered a brand new variant of the SFile ransomware that appends the .zuadr extension and drops a ransom word named RESTORE_FILES_INFO.hta and RESTORE_FILES_INFO.txt.
March 18th 2021
Amigo-A discovered a brand new PewPew Ransomware variant that calls itself ‘Artemis’ and appends the .optimus extension to encrypted information.
dnwls0719 discovered a brand new STOP Djvu ransomware variant that appends the .enfp and drops a ransom word named _readme.txt.
March nineteenth 2021
The REvil ransomware operation has added a brand new capacity to encrypt information in Home windows Secure Mode, more likely to evade detection by safety software program and for higher success when encrypting information.
Electronics large Acer has been hit by a REvil ransomware assault the place the menace actors are demanding the biggest identified ransom thus far, $50,000,000.
Les opérateurs du rançongiciel Revil, aussi connu sous le nom Sodinokibi, ont ajouté le constructeur à la liste de victimes. Ils laissent encore près de 9 jours à Acer pour négocier, faute de quoi ils doubleront leurs exigences.
2020, the 12 months of the pandemic, was one other profitable 12 months for ransomware. As nations all over the world scrambled to gradual the unfold of the virus, cybercriminals tried to capitalize on the chaos.
xiaopao discovered a brand new variant of the SFile ransomware that appends the .Technomous-zbtrqyd extension.