Home Internet Security The Week in Ransomware – June 11th 2021

The Week in Ransomware – June 11th 2021



It has been fairly the week in terms of ransomware, with ransoms being paid, ransoms being taken again, and a ransomware gang shutting down.

This week’s greatest information was the FBI asserting that they have been capable of recover the majority of the $4.4 million ransom payment paid by Colonial Pipeline. It’s not solely clear how they obtained the personal key for the cryptocurrency pockets, however it’s believed DarkSide saved it on a seized server.

We additionally discovered that JBS paid $11 million to the REvil ransomware operation to retrieve a decryptor and forestall stolen recordsdata from being leaked.

In a bit of excellent information, the Avaddon ransomware operation shut down and released the decryption keys of close to 3,000 victims to BleepingComputer. Utilizing these, cybersecurity agency Emsisoft was capable of release a free decryptor.

Lastly, information broke this week that reminiscence maker ADATA and meals companies provider Edward Don suffered ransomware assaults.

Contributors and those that supplied new ransomware data and tales this week embrace: @Ionut_Ilascu, @demonslay335, @FourOctets, @Seifreed, @fwosar, @jorntvdw, @BleepinComputer, @struppigel, @malwrhunterteam, @PolarToffee, @serghei, @DanielGallagher, @LawrenceAbrams, @VK_Intel, @malwareforme, @jonallendc, @kevincollier, @RobertScammell@KimZetter@RakeshKrish12, @fbgwls245, @Jirehlov, @SecurityJoes, @Kangxiaopao, and @GrujaRS.

June fifth 2021

New BigLock ransomware

dnwls0719 discovered a brand new ransomware named BigLock that appends the .nermer extension and drops a ransom be aware named PROTECT_INFO.TXT.

BigLock ransomware

June sixth 2021

New Evil Corp ransomware mimics PayloadBin gang to evade US sanctions

The brand new PayloadBIN ransomware has been attributed to the Evil Corp cybercrime gang, rebranding to evade sanctions imposed by the US Treasury Division’s Workplace of International Belongings Management (OFAC).

New Findnotefile ransomware

Jirehlov Solace discovered a brand new Findnotefile ransomware variant that appends the .reddot extension.

New ransomware hunt

Michael Gillespie is searching for a ransomware that appends the .ramsome.encrypt(rsw).nat extension and drops a be aware named readme-instructions.txt. The ransomware turns recordsdata into password-protected RAR archives.

June seventh 2021

US recovers most of Colonial Pipeline’s $4.4M ransomware payment

The US Division of Justice has recovered the vast majority of the $4.4 million ransom cost paid by Colonial Pipeline to the DarkSide ransomware operation.

Fujifilm refuses to pay ransomware demand, restores network from backups

Japanese multinational conglomerate Fujifilm mentioned it has refused to pay a ransom demand to the cyber gang that attacked its community in Japan final week and is as a substitute counting on backups to revive operations.

June eighth 2021

Computer memory maker ADATA hit by Ragnar Locker ransomware

Taiwan-based main reminiscence and storage producer ADATA says {that a} ransomware assault pressured it to take programs offline after hitting its community in late Could.

New HimalayA Ransomware-as-a-Service

RAKESH KRISHNAN discovered a brand new RaaS named HimalayA marketed on the darkweb.

HimalayA RaaS

June ninth 2021

New Ryuk impersonator

Security Joes discovered a .NET Ryuk impersonator that may be personalized with a ransomware builder.

Ryuk ransomware builder

June tenth 2021

JBS paid $11 million to REvil ransomware, $22.5M first demanded

JBS, the world’s largest beef producer, has confirmed that they paid an $11 million ransom after the REvil ransomware operation initially demanded $22.5 million.

CD Projekt: Data stolen in ransomware attack now circulating online

CD Projekt is warning right now that inner knowledge stolen throughout their February ransomware assault is circulating on the Web.

Foodservice supplier Edward Don hit by a ransomware attack

Foodservice provider Edward Don has suffered a ransomware assault that has brought about the corporate to close down parts of the community to stop the assault’s unfold.

New Vice Society ransomware

Michael Gillespie discovered a brand new Vice Society ransomware that appends the .v-society extension when encrypting Linux machines. Seems to be a spin-off of HelloKitty.

New Anubis ransomware variant

xiaopao discovered a brand new Anubis ransomware variant that appends the .ChupaCabra extension.

June eleventh 2021

Avaddon ransomware shuts down and releases decryption keys

The Avaddon ransomware gang has shut down operation and launched the decryption keys for his or her victims to BleepingComputer.com.

Relentless REvil, revealed: RaaS as variable as the criminals who use it

One of many ransomware-as-a-service (RaaS) we encounter most continuously, recognized alternately as Sodinokibi or REvil, is as typical a ransomware as we’ve seen: Its routines, configuration, and conduct what we’ve come to count on from a mature household that’s, clearly, effectively used within the felony underground.

Ransomware attack hit Teamsters in 2019 — but they refused to pay

When the Teamsters have been hit by a ransomware assault over Labor Day weekend in 2019, the hackers requested for a seven-figure cost.

Negotiating Ransoms: When to Play and When to Fold

An interview with the CEO of Coveware, which negotiates funds on behalf of ransomware victims.

That is it for this week! Hope everybody has a pleasant weekend!

Source link