This week we noticed an present operation rise in assaults whereas present ransomware operations flip to Home windows vulnerabilities to raise their privileges.
Over the previous week, we now have seen growing LockBit 2.0 ransomware operation assaults, with the Australian government issuing an alert.
It was additionally revealed that the ransomware gang pulled off a successful attack on IT giant Accenture and started leaking their information for a short while.
We additionally noticed REvil’s universal decryption key used in the Kaseya attack leaked on a hacking discussion board, and ransomware gangs begin using the Windows PrintNightmare vulnerability to achieve elevated privileges on compromised gadgets.
Lastly, the SynAck ransomware operation released their master decryption keys after rebranding because the El_Cometa group.
Contributors and those that offered new ransomware data and tales this week embody: @BleepinComputer, @DanielGallagher, @malwareforme, @FourOctets, @jorntvdw, @malwrhunterteam, @PolarToffee, @Ionut_Ilascu, @LawrenceAbrams, @serghei, @VK_Intel, @Seifreed, @demonslay335, @fwosar, @struppigel, @pcrisk, @markloman, @SophosLabs, @TalosSecurity, @pancak3lullz, @Unit42_Intel, @LiviuArsene, @CrowdStrike, @PogoWasRight, @chum1ng0, @fbgwls245, and @AuCyble.
August seventh 2021
dnwls0719 discovered a brand new Zeppelin Ransomware variant that appends the .payfast500 extension.
August eighth 2021
The Australian Cyber Safety Centre (ACSC) warns of a rise of LockBit 2.0 ransomware assaults in opposition to Australian organizations beginning July 2021.
August ninth 2021
Taiwan-based NAS maker Synology has warned prospects that the StealthWorker botnet is focusing on their network-attached storage gadgets in ongoing brute-force assaults that result in ransomware infections.
Microsoft says that the Azure Sentinel cloud-native SIEM (Safety Data and Occasion Administration) platform is now in a position to detect potential ransomware exercise utilizing the Fusion machine studying mannequin.
In late July, a brand new RaaS appeared on the scene. Calling itself BlackMatter, the ransomware claims to fill the void left by DarkSide and REvil – adopting the perfect instruments and strategies from every of them, in addition to from the still-active LockBit 2.0.
PCrisk discovered a brand new STOP Ransomware variant that appends the .repg extension.
PCrisk discovered a brand new Dharma Ransomware variant that appends the .JRB extension.
August tenth 2021
A newly found eCh0raix ransomware variant has added assist for encrypting each QNAP and Synology Community-Hooked up Storage (NAS) gadgets.
Recreation developer and writer Crytek has confirmed that the Egregor ransomware gang breached its community in October 2020, encrypting programs and stealing information containing prospects’ private data later leaked on the gang’s darkish internet leak web site.
As a preface, we be aware that Pysa are usually not the one ransomware menace actors attacking the k-12 sector, which has a repute of being “low-hanging fruit” for hacks. We have now additionally seen many different teams attacking k-12 districts. A partial itemizing of ransomware assaults on k-12 is embedded beneath this dialogue of Pysa victims.
August eleventh 2021
The common decryption key for REvil’s assault on Kaseya’s prospects has been leaked on hacking boards permitting researchers their first glimpse of the mysterious key.
Accenture, a world IT consultancy big has allegedly been hit by a ransomware cyberattack from the LockBit ransomware gang.
In the middle of our routine menace searching train, the Cyble Analysis Lab found that Pine Labs, an Indian service provider platform firm that gives financing and last-mile retail transaction expertise, was impacted by a ransomware assault. Our investigation showcased that the BlackMatter ransomware group is behind the assault on Pine Labs. The group has been garnering appreciable media consideration due to this assault.
dnwls0719 discovered a brand new Phobos Ransomware variant that appends the .HORSEMONEY extension.
August twelfth 2021
Ransomware operators have added PrintNightmare exploits to their arsenal and are focusing on Home windows servers to deploy Magniber ransomware payloads.
August thirteenth 2021
The Vice Society ransomware gang is now additionally actively exploiting Home windows print spooler PrintNightmare vulnerability for lateral motion via their victims’ networks.
The SynAck ransomware gang launched the grasp decryption keys for his or her operation after rebranding as the brand new El_Cometa group.