Home News The Week in Ransomware – May 7th 2021

    The Week in Ransomware – May 7th 2021



    Whereas ransomware assaults continued all through the week, for probably the most half, it has been quieter than typical, with only some new variants launched.

    The largest information was the attack on health care giant Scripps Health whose operations had been severely impacted by a ransomware assault. 

    We additionally noticed a brand new ransomware referred to as N3TW0RM focusing on Israeli firms utilizing an attention-grabbing client-server encryption methodology.

    Lastly, we discovered that Cuba Ransomware is now partnered with Hancitor to compromise and encrypt company networks extra rapidly.

    Contributors and those that supplied new ransomware data and tales this week embrace: @jorntvdw, @Ionut_Ilascu, @malwareforme, @LawrenceAbrams, @PolarToffee, @serghei, @demonslay335, @DanielGallagher, @malwrhunterteam, @FourOctets, @struppigel, @VK_Intel, @fwosar, @BleepinComputer, @Seifreed, @Intel_by_KELA, @AndreGironda, @GroupIB_GIB, @SophosLabs, @AltShiftPrtScn, @M0teki, @fbgwls245, @pcrisk, @chum1ng0, @PogoWasRight, @3xp0rtblog, @ProferoSec, @SecurityJoes, @cPeterr, and @y_advintel.

    Might third 2021

    Health care giant Scripps Health hit by ransomware attack

    Nonprofit well being care supplier Scripps Well being in San Diego is at the moment coping with a ransomware assault that compelled the group to droop person entry to its on-line portal and change to different strategies for affected person care operations.

    N3TW0RM ransomware emerges in wave of cyberattacks in Israel

    A brand new ransomware gang referred to as ‘N3TW0RM’ is focusing on Israeli firms in a wave of cyberattacks beginning final week.

    New Nitro Ransomware variant

    MalwareHunterTeam discovered a brand new Nitro Ransomware variant calling itself  ‘ArchAngel Ransomware.’

    New Galaxy Ransomware

    Yelisey Boguslavskiy found {that a} new Galaxy Ransomware operation was on the point of launch and can be stealing knowledge from victims.

    New Henry Ransomware

    dnwls0719 discovered the brand new Henry Ransomware that appends the .henry217 extension.


    Might 4th 2021

    New WastedLocker variant

    dnwls0719 discovered a WastedLocker variant that appends the .saverswasted extension.

    New Toxin Ransomware sold on hacker forums

    3xp0rt observed {that a} new Toxin Ransomware was being promoted on hacking boards.Might fifth 2021

    New STOP Ransomware variant

    Michael Gillespie has discovered a brand new STOP Ransomware variant that appends the .rejg extension.

    Cuba Ransomware Group on a Roll

    On the finish of 2020, our crew, made up of SecurityJoes and Profero incident responders, led an investigation into a posh assault wherein lots of of machines had been encrypted, knocking the sufferer firm offline fully. The menace actors behind the assault deployed the Cuba ransomware throughout the company community, utilizing a mix of PowerShell scripts, SystemBC, and Cobalt Strike to propagate it. Cuba Ransomware makes use of the symmetric ChaCha20 algorithm for encrypting information, and the uneven RSA algorithm for encrypting key data

    They Told Their Therapists Everything. Hackers Leaked It All

    “If we obtain €200 price of Bitcoin inside 24 hours, your data might be completely deleted from our servers,” the e-mail stated in Finnish. If Jere missed the primary deadline, he’d have one other 48 hours to fork over €500, or about $600. After that, “your data might be printed for all to see.”

    Might sixth 2021

    A student pirating software led to a full-blown Ryuk ransomware attack

    A pupil’s try and pirate an costly knowledge visualization software program led to a full-blown Ryuk ransomware assault at a European biomolecular analysis institute.

    Darkside Ransomware Overview

    That is my report for one of many newest Home windows samples of Darkside Ransomware v1.8.6.2!

    Might seventh 2021

    Data leak marketplaces aim to take over the extortion economy

    Cybercriminals are embracing data-theft extortion by creating darkish net marketplaces that exist solely to promote stolen knowledge.

    Cuba Ransomware partners with Hancitor for spam-fueled attacks

    The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to achieve simpler entry to compromised company networks.

    New GoNNaCry ransomware

    dnwls0719 discovered a ransomware that appends the .GoNNaCry extension.


    Insurer AXA halts ransomware crime reimbursement in France

    In an obvious business first, the worldwide insurance coverage firm AXA stated Thursday it should cease writing cyber-insurance insurance policies in France that reimburse prospects for extortion funds made to ransomware criminals.

    That is it for this week! Hope everybody has a pleasant weekend!

    Source link