Home News The Week in Ransomware – July 16th 2021

    The Week in Ransomware – July 16th 2021



    Ransomware operations have been quieter this week because the White House engages in talks with the Russian government about cracking down on cybercriminals believed to be working in Russia.

    This increased scrutiny by law enforcement and the rising worry that Russia is now not a protected haven for cybercriminals has led to what’s believed to be the shutdown of the notorious REvil ransomware operation.

    Earlier this week, all the infrastructures for the REvil ransomware operation shut down with no phrase from the public-facing consultant ‘Unknown’ or the group’s associates.

    This shutdown will not be believed to be attributable to legislation enforcement, and it’s possible we’ll see this group rebrand as a brand new operation sooner or later.

    This week’s different information consists of discovering a Linux version of the HelloKitty ransomware used to focus on VMware ESXi servers and its digital machines.

    Lastly, the US authorities launched the StopRansomware web site that features data on defending, mitigating, and recovering from ransomware assaults.

    The US authorities introduced a brand new initiative beneath the Rewards for Justice applications that may reward as much as $10 million for information about state-sponsored hackers concentrating on crucial infrastructure and US pursuits.

    Contributors and people who offered new ransomware data and tales this week embrace: @malwrhunterteam, @fwosar, @PolarToffee, @VK_Intel, @FourOctets, @serghei, @demonslay335, @LawrenceAbrams, @Ionut_Ilascu, @BleepinComputer, @Seifreed, @DanielGallagher, @malwareforme, @struppigel, @jorntvdw, @uuallan, @pcrisk, @Artilllerie, @Unit42_Intel, @AuCyble, and @fbgwls245.

    July tenth 2021

    Biden asks Putin to crack down on Russian-based ransomware gangs

    President Biden requested Russian President Putin throughout a cellphone name right now to disrupt ransomware teams working inside Russia’s borders behind the continuing wave of assaults impacting the USA and different nations worldwide.

    New Phobos ransomware variant

    dnwls0719 discovered a brand new Phobos Ransomware variant that appends the .LOWPRICE extension to encrypted information.

    Phobos ransom note

    New STOP Djvu ransomware variant

    PCrisk discovered a brand new STOP ransomware variant that appends the .wwka extension.

    July eleventh 2021

    Kaseya patches VSA vulnerabilities used in REvil ransomware attack

    Kaseya has launched a safety replace for the VSA zero-day vulnerabilities utilized by the REvil ransomware gang to assault MSPs and their clients.

    July twelfth 2021

    Fashion retailer Guess discloses data breach after ransomware attack

    American trend model and retailer Guess is notifying affected clients of an information breach following a February ransomware assault that led to knowledge theft.

    Interpol urges police to unite against ‘potential ransomware pandemic’

    Interpol (Worldwide Felony Police Organisation) Secretary Common Jürgen Inventory urged police companies and business companions to work collectively to stop what seems to be like a future ransomware pandemic.

    July thirteenth 2021

    REvil ransomware gang’s web sites mysteriously shut down

    The infrastructure and web sites for the REvil ransomware operation have mysteriously gone offline as of final night time.

    New STOP Djvu ransomware variant

    PCrisk discovered a brand new STOP ransomware variant that appends the .gujd extension.

    July 14th 2021

    SonicWall warns of ‘critical’ ransomware risk to EOL SMA 100 VPN appliances

    SonicWall has issued an “pressing safety discover” warning clients of ransomware assaults concentrating on unpatched end-of-life (EoL) Safe Cellular Entry (SMA) 100 collection and Safe Distant Entry (SRA) merchandise.

    New Dharma ransomware variant

    PCrisk discovered a brand new Dharma ransomware variant that appends the .PcS extension.

    July fifteenth 2021

    Linux version of HelloKitty ransomware targets VMware ESXi servers

    ?The ransomware gang behind the extremely publicized assault on CD Projekt Purple makes use of a Linux variant that targets VMware’s ESXi digital machine platform for max injury.

    New Dharma ransomware variant

    PCrisk discovered new Dharma ransomware variants that appends the .OFF and .pause extensions.

    Mespinoza Ransomware Gang Calls Victims “Partners,” Attacks with Gasket, “MagicSocks” Tools

    As cyber extortion prospers, ransomware gangs are continuously altering ways and enterprise fashions to extend the probabilities that victims can pay more and more massive ransoms. As these felony organizations turn out to be extra subtle, they’re more and more taking over the looks {of professional} enterprises. One good instance is Mespinoza ransomware, which is run by a prolific group with a penchant for utilizing whimsical phrases to call its hacking instruments.

    AvosLocker Under The Lens: A New Sophisticated Ransomware Group

    Throughout our routine Open-source Intelligence (OSINT) analysis, we got here throughout a brand new ransomware group named AvosLocker. It’s a bug that infects Home windows machines to encrypt doc information of the sufferer and asks for ransom as a part of its extortion program. AvosLocker appends the encrypted information with the extension .avos and forces victims to pay ransom for the decryption device for recovering their knowledge. The AvosLocker ransomware group makes use of spam e-mail campaigns or distrustful ads as the first supply mechanisms for the malware. It makes use of a personalized Superior Encryption Normal (AES) with block measurement 256 to encrypt the information.

    New AvosLocker ransomware launches a data leak site

    Artilllerie famous that the AvosLocker ransomware launched an information leak web site.?

    AvosLocker data leak site

    July sixteenth 2021

    US govt offers $10 million reward for tips on nation-state hackers

    The USA authorities has taken two extra lively measures to combat and defend in opposition to malicious cyber actions affecting the nation’s enterprise and demanding infrastructure sectors.

    Kaseya victim struggling with decryption after REvil goes dark

    Many victims of the Kaseya ransomware attack are nonetheless within the means of recovering however one sufferer is dealing with a very tough problem.

    That is it for this week! Hope everybody has a pleasant weekend!

    Source link