Home Internet Security The Week in Ransomware – March 19th 2021

The Week in Ransomware – March 19th 2021

14
0


Encryption

Whereas the start of this week was pretty quiet, it undoubtedly ended with a bang as information got here out of the biggest ransom demand but.

It was revealed on the finish of the week that pc maker Acer suffered a REvil ransomware attack the place the menace actors are demanding a large $50,000,000 ransom.

REvil additionally made this information this week with the addition of a new -smode argument that causes Home windows to reboot into Secure Mode with Networking to carry out the encryption. REvil’s ‘Unknown’ additionally conducted an interview with TheRecord.

Lastly, we noticed an FBI warning about PYSA and new variants of ransomware households launched.

Contributors and those that offered new ransomware data and tales this week embrace: @malwareforme, @struppigel, @LawrenceAbrams, @Seifreed, @DanielGallagher, @VK_Intel, @fwosar, @malwrhunterteam, @FourOctets, @demonslay335, @BleepinComputer, @serghei, @jorntvdw, @Ionut_Ilascu, @PolarToffee, @Amigo_A_, @GrujaRS, @ddd1ms, @campuscodi, @ValeryMarchive, @3xp0rtblog, @Kangxiaopao, and @fbgwls245.

March thirteenth 2021

New RunExeMemory ransomware variant

GrujaRSA discovered a brand new variant of the RunExeMemory that appends the .z8sj2c extension and drops a ransom word named Learn me, if you wish to get well your information.txt.

March sixteenth 2021

FBI warns of escalating Pysa ransomware attacks on education orgs

The Federal Bureau of Investigation (FBI) Cyber Division has warned system directors and cybersecurity professionals of elevated Pysa ransomware exercise concentrating on academic establishments.

An interview with REvil’s Unknown

Unknown talked to Recorded Future professional menace intelligence analyst Dmitry Smilyanets just lately about utilizing ransomware as a weapon, staying out of politics, experimenting with new techniques, and way more. The interview was carried out in Russian and translated to English with the assistance of an expert translator, and has been edited for readability.

New Liz Dharma ransomware variant

Jakub Kroustek discovered a brand new Dharma Ransomware variant that appends the .liz extension.

New Rapid ransomware variant

dnwls0719 discovered a brand new Fast ransomware variant that appends the .lock extension.

New Xorist ransomware variant

xiaopao discovered a brand new variant of the SFile ransomware that appends the .sandboxtest extension.

March seventeenth 2021

Missed opportunity: Bug in LockBit ransomware allowed free decryptions

A member of the cybercriminal group has found and disclosed a bug within the LockBit ransomware that would have been used without spending a dime decryptions.

New Hakbit ransomware variant

xiaopao discovered a brand new variant of the SFile ransomware that appends the .PROM extension.

New SFile ransomware variant

xiaopao discovered a brand new variant of the SFile ransomware that appends the .zuadr extension and drops a ransom word named RESTORE_FILES_INFO.hta and RESTORE_FILES_INFO.txt.

March 18th 2021

New PewPew Ransomware variant

Amigo-A discovered a brand new PewPew Ransomware variant that calls itself ‘Artemis’ and appends the .optimus extension to encrypted information.

New Stop ransomware variant

dnwls0719 discovered a brand new STOP Djvu ransomware variant that appends the .enfp and drops a ransom word named _readme.txt.

STOP Ransomware ransom note

March nineteenth 2021

REvil ransomware has a new ‘Windows Safe Mode’ encryption mode

The REvil ransomware operation has added a brand new capacity to encrypt information in Home windows Secure Mode, more likely to evade detection by safety software program and for higher success when encrypting information.

Computer giant Acer hit by $50 million ransomware attack

Electronics large Acer has been hit by a REvil ransomware assault the place the menace actors are demanding the biggest identified ransom thus far, $50,000,000.

Cyberattaque : une rançon de 50 millions de dollars demandée à Acer

Les opérateurs du rançongiciel Revil, aussi connu sous le nom Sodinokibi, ont ajouté le constructeur à la liste de victimes. Ils laissent encore près de 9 jours à Acer pour négocier, faute de quoi ils doubleront leurs exigences.

Ransomware statistics for 2020: Year in summary

2020, the 12 months of the pandemic, was one other profitable 12 months for ransomware. As nations all over the world scrambled to gradual the unfold of the virus, cybercriminals tried to capitalize on the chaos.

New SFile ransomware variant

xiaopao discovered a brand new variant of the SFile ransomware that appends the .Technomous-zbtrqyd extension.

That is it for this week! Hope everybody has a pleasant weekend!





Source link