Home News The Week in Ransomware – June 18th 2021

    The Week in Ransomware – June 18th 2021



    In comparison with the previous few weeks, it has been a comparatively quiet week with no ransomware assaults inflicting widespread disruption.

    It was week for regulation enforcement, with Ukrainian police arresting members of the Clop ransomware gang and the South Korean police arresting computer repairment installing ransomware.

    We additionally noticed some fascinating analysis launched on LockBit and the Hades ransomware, in addition to an updated Avaddon Ransomware decryptor that may decrypt extra sufferer’s recordsdata.

    Lastly, President Biden met with Russian President Putin to debate the latest cyberattacks. Whether or not one thing adjustments from that assembly is just too quickly to inform.

    Contributors and people who offered new ransomware data and tales this week embody: @DanielGallagher, @malwareforme, @PolarToffee, @fwosar, @BleepinComputer, @LawrenceAbrams, @serghei, @VK_Intel, @struppigel, @demonslay335, @malwrhunterteam, @FourOctets, @Ionut_Ilascu, @jorntvdw, @Seifreed, @TrendMicroRSRCH, @IntelAdvanced, @y_advintel, @ZeroLogon, @Gl3bGl4z, @campuscodi, @GrujaRS, @emsisoft, @LittleRedBean2, , @PogoWasRight, @chum1ng0, @PRODAFT, @Secureworks, and @ValeryMarchive.

    June 14th 2021

    REvil ransomware hits US nuclear weapons contractor

    US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly by the hands of the REvil ransomware gang, which claims to be auctioning knowledge stolen through the assault.

    G7 leaders ask Russia to hunt down ransomware gangs within its borders

    G7 (Group of seven) leaders have requested Russia to urgently disrupt ransomware gangs believed to be working inside its borders, following a stream of assaults focusing on organizations from essential sectors worldwide.

    Fujifilm resumes normal operations after ransomware attack

    Japanese multinational conglomerate Fujifilm says that it has resumed regular enterprise and buyer operations following a ransomware assault that pressured it to close your complete community on June 4.

    Theoretically untouchable, but still struck down with Avaddon

    The explanations for Avaddon’s disappearance usually are not recognized at this level. Maybe the worldwide strain had develop into too sturdy for the operators. Except some errors have began to point out a bit of an excessive amount of.

    June fifteenth 2021

    Avaddon ransomware’s exit sheds light on victim landscape

    A brand new report analyzes the not too long ago launched Avaddon ransomware decryption keys to make clear the forms of victims focused by the risk actors and potential income they generated all through their operation.

    Paradise Ransomware source code released on a hacking forum

    The whole supply code for the Paradise Ransomware has been launched on a hacking discussion board permitting any would-be cyber felony to develop their very own custom-made ransomware operation.

    Updated Avaddon decryptor released

    Emsisoft launched an up to date Avaddon decryptor to assist extra victims.

    Hades Ransomware Operators Use Distinctive Tactics and Infrastructure

    Hades ransomware has been on the scene since December 2020, however there was restricted public reporting on the risk group that operates it. Secureworks® incident response (IR) engagements within the first quarter of 2021 offered Secureworks Counter Menace Unit™ (CTU) researchers with distinctive perception into the group’s use of distinctive techniques, strategies, and procedures (TTPs).

    June sixteenth 2021

    Ukraine arrests Clop ransomware gang members, seizes servers

    Ukrainian regulation enforcement arrested cybercriminals related to the Clop ransomware gang and shut down infrastructure utilized in assaults focusing on victims worldwide since at least 2019.

    South Korean police arrest computer repairmen who made and distributed ransomware

    South Korean authorities have filed fees right now towards 9 workers of a neighborhood pc restore firm for creating and putting in ransomware on their clients’ computer systems.

    MA: UMass Lowell closed due to cybersecurity incident

    The College of Massachusetts Lowell (UMass Lowell) has suffered a cybersecurity breach that has prompted faculty closures for the previous two days. The incident was first introduced on June 15 as an “IT outage:”

    SCOOP: UnitingCare paid hundreds of thousands of dollars to REvil for decryption key and deletion of files

    On April 25, UnitingCare Queensland (UCQ) was the sufferer of a ransomware attack that impacted a number of Queensland hospitals and aged care centres. The subsequent day, they posted a discover on their website online informing individuals as to what was taking place and its affect. And on Might 5, they posted a second replace the place they revealed that it was REvil (Sodinokibi) risk actors who had attacked them. That replace described steps that they had taken for the reason that incident to securely recuperate and restore companies.

    June seventeenth 2021

    Carnival Cruise hit by data breach, warns of data misuse risk

    Carnival Company, the world’s largest cruise ship operator, has disclosed a knowledge breach after attackers gained entry to a few of its IT programs and the private, monetary, and well being data belonging to clients, workers, and crew.

    June 18th 2021

    Fake DarkSide gang targets energy, food industry in extortion emails

    Menace actors impersonate the now-defunct DarkSide Ransomware operation in faux extortion emails despatched to corporations within the vitality and meals sectors.

    LockBit RaaS In-Depth Analysis

    The PRODAFT Menace Intelligence (PTI) Group has revealed this report to supply in-depth data concerning the risk actors who function LockBit ransomware. The PTI Group has managed to extract decryption instruments for many of the victims who had been affected by the LockBit. All associates of the ransomware group, together with the developer, had been additionally recognized through the investigation of the PTI Group. This report solutions questions corresponding to : How do they choose their targets ? What number of targets did they breach ? How does the community function ? Who’re the associates ?

    New STOP Ransomware variant

    GrujaRS discovered a brand new STOP ransomware variant that appends the .iqll extension to encrypted recordsdata.

    New STOP Ransomware variant

    LittleRedBean discovered a brand new STOP ransomware variant that appends the .sspq extension to encrypted recordsdata.

    That is it for this week! Hope everybody has a pleasant weekend!

    Source link