Home News The Week in Ransomware – May 14th 2021

    The Week in Ransomware – May 14th 2021


    Darth Vader

    Ransomware took the media highlight this week after a ransomware gang often called DarkSide focused important infrastructure within the USA.

    The DarkSide gang dominated the ransomware information cycle after they attacked Colonial Pipeline, the biggest US gas pipeline. As a result of this assault, the pipeline was shut down, and President Biden issued a state of emergency.

    Colonial restored the operation of the pipeline on Thursday after information broke that Colonial paid a $5 million ransom. This was a worthwhile week for DarkSide as chemical distributor Brenntag also paid a $4.4 million ransom.

    After DarkSide’s public-facing servers and cryptocurrency wallets had been reportedly seized by regulation enforcement, the ransomware gang announced that they had been closing their operation “because of the stress from the US.”

    Different information this week consists of probably the most common Russian-speaking hacking boards banning topics promoting ransomware and particulars a few new ransomware operation known as Lorenz.

    Lastly, the Conti ransomware hit Ireland’s Health Service Executive (HSE), which has disrupted the Eire well being care system.

    Contributors and those that supplied new ransomware info and tales this week embody: @serghei, @Seifreed, @VK_Intel, @BleepinComputer, @DanielGallagher, @fwosar, @FourOctets, @struppigel, @demonslay335, @malwrhunterteam, @jorntvdw, @PolarToffee, @LawrenceAbrams, @malwareforme, @Ionut_Ilascu, @darktracer_int, @Amigo_A_, @ValeryMarchive, @fbgwls245, @y_advintel, @ddd1ms, @campuscodi, @chum1ng0, @PogoWasRight, @MikaelThalen, and @FireEye.

    Could eighth 2021

    Ransomware gangs have leaked the stolen data of 2,100 companies so far

    Since 2019, ransomware gangs have leaked the stolen knowledge for two,103 firms on darkish net knowledge leaks websites.

    Largest U.S. pipeline shuts down operations after ransomware attack

    Colonial Pipeline, the biggest gas pipeline in the US, has shut down operations after struggling what’s reported to be a ransomware assault.

    Could ninth 2021

    New STOP ransomware variant

    Amigo-A discovered a brand new STOP ransomware variant that appends the .pcqq extension.

    New LegionLocker version

    dnwls0719 discovered a brand new model of LegionLocker 3.0 that appends the .LGNLCKD extension and drops a ransom be aware named LegionReadMe.txt.


    Could tenth 2021

    US declares state of emergency after ransomware hits largest pipeline

    After a ransomware attack on Colonial Pipeline compelled the corporate to close down 5,500 miles of gas pipeline, the Federal Motor Service Security Administration (FMCSA) issued a regional emergency declaration affecting 17 states and the District of Columbia.

    DarkSide ransomware will now vet targets after pipeline cyberattack

    The DarkSide ransomware gang posted a brand new “press launch” in the present day stating that they’re apolitical and can vet all targets earlier than they’re attacked.

    US and Australia warn of escalating Avaddon ransomware attacks

    The Federal Bureau of Investigation (FBI) and the Australian Cyber Safety Centre (ACSC) are warning of an ongoing Avaddon ransomware marketing campaign focusing on organizations from an in depth array of sectors within the US and worldwide.

    City of Tulsa’s online services disrupted in ransomware incident

    The Metropolis of Tulsa, Oklahoma, has suffered a ransomware assault that compelled the Metropolis to close down its techniques to stop the additional unfold of the malware.

    Could eleventh 2021

    Ransomware gang leaks data from Metropolitan Police Department

    Babuk Locker ransomware operators have leaked private information belonging to cops from the Metropolitan Police Division (also referred to as MPD or DC Police) after negotiations went stale.

    Shining a Light on DARKSIDE Ransomware Operations

    Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their associates have launched a world crime spree affecting organizations in additional than 15 nations and a number of business verticals. Like lots of their friends, these actors conduct multifaceted extortion the place knowledge is each exfiltrated and encrypted in place, permitting them to demand fee for unlocking and the non-release of stolen knowledge to exert extra stress on victims.

    Could twelfth 2021

    Darkside: an increasingly used ransomware … with a high success rate

    Darkside ransomware just lately got here into the highlight with the assault on Colonial Pipeline , the operator of a important oil pipeline throughout the Atlantic. However he truly began his profession someday final summer time, quite quietly. Based on our observations, its operators dedicate a brand new web page to every sufferer, specifying the date when the encryption load was triggered. The online pages are numbered, which provides an concept of ​​the acceleration within the tempo of assaults performed with Darkside in latest months.

    Biden issues executive order to increase U.S. cybersecurity defenses

    President Biden signed an government order Wednesday to modernize the nation’s defenses towards cyberattacks and provides extra well timed entry to info crucial for regulation enforcement to conduct investigations.

    Could thirteenth 2021

    Colonial Pipeline restores operations, $5 million ransom demanded

    Colonial Pipeline has recovered shortly from the ransomware assault suffered lower than every week in the past and expects all its infrastructure to be totally operational in the present day.

    Meet Lorenz — A new ransomware gang targeting the enterprise

    A brand new ransomware operation often called Lorenz targets organizations worldwide with personalized assaults demanding a whole bunch of 1000’s of {dollars} in ransoms.

    Insurance giant CNA fully restores systems after ransomware attack

    Main US-based insurance coverage firm CNA Monetary has totally restored techniques following a Phoenix CryptoLocker ransomware assault that disrupted its on-line companies and enterprise operations throughout late March.

    Chemical distributor pays $4.4 million to DarkSide ransomware

    Chemical distribution firm Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to obtain a decryptor for encrypted information and stop the risk actors from publicly leaking stolen knowledge.

    Popular Russian hacking forum XSS bans all ransomware topics

    One of the vital common Russian-speaking hacker boards, XSS, has banned all subjects selling ransomware to stop undesirable consideration.

    Could 14th 2021

    Irish healthcare shuts down IT systems after Conti ransomware attack

    Eire’s Well being Service Government (HSE), the nation’s publicly funded healthcare system, has shut down all IT techniques after its community was breached in a ransomware assault.

    DarkSide ransomware servers reportedly seized, operation shuts down

    The DarkSide ransomware operation has allegedly shut down after the risk actors misplaced entry to servers and their cryptocurrency was transferred to an unknown pockets.

    In a message to affiliate, the DarkSide gang introduced they had been shutting down their RaaS, and would offer decryptors for unpaid victims to associates.

    QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day

    QNAP warns clients of an actively exploited Roon Server zero-day bug and eCh0raix ransomware assaults focusing on their Community Hooked up Storage (NAS) gadgets.

    Apex America hit by Sodinokibi ransomware

    That’s how they describes themselves. The risk actors often called REvil (Sodinokibi) describe them as targets who’ve to this point refused to pay ransom calls for.

    That is it for this week! Hope everybody has a pleasant weekend!

    Source link