Home Cyber Crime The Week in Ransomware – August 13th 2021

The Week in Ransomware – August 13th 2021



This week we noticed an present operation rise in assaults whereas present ransomware operations flip to Home windows vulnerabilities to raise their privileges.

Over the previous week, we now have seen growing LockBit 2.0 ransomware operation assaults, with the Australian government issuing an alert.

It was additionally revealed that the ransomware gang pulled off a successful attack on IT giant Accenture and started leaking their information for a short while.

We additionally noticed REvil’s universal decryption key used in the Kaseya attack leaked on a hacking discussion board, and ransomware gangs begin using the Windows PrintNightmare vulnerability to achieve elevated privileges on compromised gadgets.

Lastly, the SynAck ransomware operation released their master decryption keys after rebranding because the El_Cometa group.

Contributors and those that offered new ransomware data and tales this week embody: @BleepinComputer, @DanielGallagher, @malwareforme, @FourOctets, @jorntvdw, @malwrhunterteam, @PolarToffee, @Ionut_Ilascu, @LawrenceAbrams, @serghei, @VK_Intel, @Seifreed, @demonslay335, @fwosar, @struppigel, @pcrisk, @markloman, @SophosLabs, @TalosSecurity, @pancak3lullz, @Unit42_Intel, @LiviuArsene, @CrowdStrike, @PogoWasRight, @chum1ng0, @fbgwls245, and @AuCyble.

August seventh 2021

New Zeppelin ransomware variant

dnwls0719 discovered a brand new Zeppelin Ransomware variant that appends the .payfast500 extension.


August eighth 2021

Australian govt warns of escalating LockBit ransomware attacks

The Australian Cyber Safety Centre (ACSC) warns of a rise of LockBit 2.0 ransomware assaults in opposition to Australian organizations beginning July 2021.

August ninth 2021

Synology warns of malware infecting NAS devices with ransomware

Taiwan-based NAS maker Synology has warned prospects that the StealthWorker botnet is focusing on their network-attached storage gadgets in ongoing brute-force assaults that result in ransomware infections.

Microsoft adds Fusion ransomware attack detection to Azure Sentinel

Microsoft says that the Azure Sentinel cloud-native SIEM (Safety Data and Occasion Administration) platform is now in a position to detect potential ransomware exercise utilizing the Fusion machine studying mannequin.

BlackMatter ransomware emerges from the shadow of DarkSide

In late July, a brand new RaaS appeared on the scene. Calling itself BlackMatter, the ransomware claims to fill the void left by DarkSide and REvil – adopting the perfect instruments and strategies from every of them, in addition to from the still-active LockBit 2.0.

New STOP ransomware variant

PCrisk discovered a brand new STOP Ransomware variant that appends the .repg extension.

New Dharma ransomware variant

PCrisk discovered a brand new Dharma Ransomware variant that appends the .JRB extension.

August tenth 2021

eCh0raix ransomware now targets both QNAP and Synology NAS devices

A newly found eCh0raix ransomware variant has added assist for encrypting each QNAP and Synology Community-Hooked up Storage (NAS) gadgets.

Crytek confirms Egregor ransomware attack, customer data theft

Recreation developer and writer Crytek has confirmed that the Egregor ransomware gang breached its community in October 2020, encrypting programs and stealing information containing prospects’ private data later leaked on the gang’s darkish internet leak web site.

k-12 school districts fall prey to Pysa ransomware

As a preface, we be aware that Pysa are usually not the one ransomware menace actors attacking the k-12 sector, which has a repute of being “low-hanging fruit” for hacks. We have now additionally seen many different teams attacking k-12 districts. A partial itemizing of ransomware assaults on k-12 is embedded beneath this dialogue of Pysa victims.

August eleventh 2021

Kaseya’s universal REvil decryption key leaked on a hacking forum

The common decryption key for REvil’s assault on Kaseya’s prospects has been leaked on hacking boards permitting researchers their first glimpse of the mysterious key.

Kaseya decryption key

Accenture confirms hack after LockBit ransomware data leak threats

Accenture, a world IT consultancy big has allegedly been hit by a ransomware cyberattack from the LockBit ransomware gang.

​BlackMatter Ransomware Attack Impacting Multiple Financial Institutions

In the middle of our routine menace searching train, the Cyble Analysis Lab found that Pine Labs, an Indian service provider platform firm that gives financing and last-mile retail transaction expertise, was impacted by a ransomware assault. Our investigation showcased that the BlackMatter ransomware group is behind the assault on Pine Labs. The group has been garnering appreciable media consideration due to this assault.  

New Phobos ransomware variant

dnwls0719 discovered a brand new Phobos Ransomware variant that appends the .HORSEMONEY extension.

Phobos Horsemoney

August twelfth 2021

Ransomware gang uses PrintNightmare to breach Windows servers

Ransomware operators have added PrintNightmare exploits to their arsenal and are focusing on Home windows servers to deploy Magniber ransomware payloads.

August thirteenth 2021

Vice Society ransomware joins ongoing PrintNightmare attacks

The Vice Society ransomware gang is now additionally actively exploiting Home windows print spooler PrintNightmare vulnerability for lateral motion via their victims’ networks.

SynAck ransomware releases decryption keys after El_Cometa rebrand

The SynAck ransomware gang launched the grasp decryption keys for his or her operation after rebranding as the brand new El_Cometa group.

That is it for this week! Hope everybody has a pleasant weekend!

Source link