Home Internet Security The Week in Ransomware – May 14th 2021

The Week in Ransomware – May 14th 2021


Darth Vader

Ransomware took the media highlight this week after a ransomware gang often called DarkSide focused essential infrastructure within the USA.

The DarkSide gang dominated the ransomware information cycle after they attacked Colonial Pipeline, the most important US gas pipeline. On account of this assault, the pipeline was shut down, and President Biden issued a state of emergency.

Colonial restored the operation of the pipeline on Thursday after information broke that Colonial paid a $5 million ransom. This was a worthwhile week for DarkSide as chemical distributor Brenntag also paid a $4.4 million ransom.

After DarkSide’s public-facing servers and cryptocurrency wallets have been reportedly seized by regulation enforcement, the ransomware gang announced that they have been closing their operation “as a result of stress from the US.”

Different information this week contains probably the most fashionable Russian-speaking hacking boards banning topics promoting ransomware and particulars a couple of new ransomware operation known as Lorenz.

Lastly, the Conti ransomware hit Ireland’s Health Service Executive (HSE), which has disrupted the Eire well being care system.

Contributors and people who offered new ransomware info and tales this week embody: @serghei, @Seifreed, @VK_Intel, @BleepinComputer, @DanielGallagher, @fwosar, @FourOctets, @struppigel, @demonslay335, @malwrhunterteam, @jorntvdw, @PolarToffee, @LawrenceAbrams, @malwareforme, @Ionut_Ilascu, @darktracer_int, @Amigo_A_, @ValeryMarchive, @fbgwls245, @y_advintel, @ddd1ms, @campuscodi, @chum1ng0, @PogoWasRight, @MikaelThalen, and @FireEye.

Might eighth 2021

Ransomware gangs have leaked the stolen data of 2,100 companies so far

Since 2019, ransomware gangs have leaked the stolen knowledge for two,103 firms on darkish net knowledge leaks websites.

Largest U.S. pipeline shuts down operations after ransomware attack

Colonial Pipeline, the most important gas pipeline in america, has shut down operations after struggling what’s reported to be a ransomware assault.

Might ninth 2021

New STOP ransomware variant

Amigo-A discovered a brand new STOP ransomware variant that appends the .pcqq extension.

New LegionLocker version

dnwls0719 discovered a brand new model of LegionLocker 3.0 that appends the .LGNLCKD extension and drops a ransom word named LegionReadMe.txt.


Might tenth 2021

US declares state of emergency after ransomware hits largest pipeline

After a ransomware attack on Colonial Pipeline compelled the corporate to close down 5,500 miles of gas pipeline, the Federal Motor Provider Security Administration (FMCSA) issued a regional emergency declaration affecting 17 states and the District of Columbia.

DarkSide ransomware will now vet targets after pipeline cyberattack

The DarkSide ransomware gang posted a brand new “press launch” at this time stating that they’re apolitical and can vet all targets earlier than they’re attacked.

US and Australia warn of escalating Avaddon ransomware attacks

The Federal Bureau of Investigation (FBI) and the Australian Cyber Safety Centre (ACSC) are warning of an ongoing Avaddon ransomware marketing campaign concentrating on organizations from an intensive array of sectors within the US and worldwide.

City of Tulsa’s online services disrupted in ransomware incident

The Metropolis of Tulsa, Oklahoma, has suffered a ransomware assault that compelled the Metropolis to close down its techniques to forestall the additional unfold of the malware.

Might eleventh 2021

Ransomware gang leaks data from Metropolitan Police Department

Babuk Locker ransomware operators have leaked private information belonging to law enforcement officials from the Metropolitan Police Division (also called MPD or DC Police) after negotiations went stale.

Shining a Light on DARKSIDE Ransomware Operations

Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their associates have launched a worldwide crime spree affecting organizations in additional than 15 international locations and a number of business verticals. Like lots of their friends, these actors conduct multifaceted extortion the place knowledge is each exfiltrated and encrypted in place, permitting them to demand fee for unlocking and the non-release of stolen knowledge to exert extra stress on victims.

Might twelfth 2021

Darkside: an increasingly used ransomware … with a high success rate

Darkside ransomware just lately got here into the highlight with the assault on Colonial Pipeline , the operator of a essential oil pipeline throughout the Atlantic. However he truly began his profession someday final summer season, quite quietly. In accordance with our observations, its operators commit a brand new web page to every sufferer, specifying the date when the encryption load was triggered. The net pages are numbered, which provides an thought of ​​the acceleration within the tempo of assaults performed with Darkside in current months.

Biden issues executive order to increase U.S. cybersecurity defenses

President Biden signed an government order Wednesday to modernize the nation’s defenses in opposition to cyberattacks and provides extra well timed entry to info obligatory for regulation enforcement to conduct investigations.

Might thirteenth 2021

Colonial Pipeline restores operations, $5 million ransom demanded

Colonial Pipeline has recovered shortly from the ransomware assault suffered lower than every week in the past and expects all its infrastructure to be absolutely operational at this time.

Meet Lorenz — A new ransomware gang targeting the enterprise

A brand new ransomware operation often called Lorenz targets organizations worldwide with custom-made assaults demanding tons of of 1000’s of {dollars} in ransoms.

Insurance giant CNA fully restores systems after ransomware attack

Main US-based insurance coverage firm CNA Monetary has absolutely restored techniques following a Phoenix CryptoLocker ransomware assault that disrupted its on-line providers and enterprise operations throughout late March.

Chemical distributor pays $4.4 million to DarkSide ransomware

Chemical distribution firm Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to obtain a decryptor for encrypted information and stop the menace actors from publicly leaking stolen knowledge.

Popular Russian hacking forum XSS bans all ransomware topics

One of the crucial fashionable Russian-speaking hacker boards, XSS, has banned all matters selling ransomware to forestall undesirable consideration.

Might 14th 2021

Irish healthcare shuts down IT systems after Conti ransomware attack

Eire’s Well being Service Govt (HSE), the nation’s publicly funded healthcare system, has shut down all IT techniques after its community was breached in a ransomware assault.

DarkSide ransomware servers reportedly seized, operation shuts down

The DarkSide ransomware operation has allegedly shut down after the menace actors misplaced entry to servers and their cryptocurrency was transferred to an unknown pockets.

In a message to affiliate, the DarkSide gang introduced they have been shutting down their RaaS, and would offer decryptors for unpaid victims to associates.

QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day

QNAP warns prospects of an actively exploited Roon Server zero-day bug and eCh0raix ransomware assaults concentrating on their Community Connected Storage (NAS) units.

Apex America hit by Sodinokibi ransomware

That’s how they describes themselves. The menace actors often called REvil (Sodinokibi) describe them as targets who’ve to date refused to pay ransom calls for.

That is it for this week! Hope everybody has a pleasant weekend!

Source link