Home Cyber Crime The Week in Ransomware – August 20th 2021

The Week in Ransomware – August 20th 2021



Ransomware gangs proceed to assault colleges, firms, and even hospitals worldwide with little signal of letting up. Under we have now tracked a few of the ransomware tales that we’re following this week.

Tales of explicit curiosity revolve round new options and techniques utilized by a few of the ransomware operations.

After analyzing the Conti training material leaked earlier this month, we realized that they use a professional distant entry software program to retain persistence on a compromised community. We additionally realized that they prioritize looking for cyber insurance policies and financial documents after taking management of a community.

One other report illustrates how menace actors are monitoring researchers on Twitter as a brand new ransomware gang often known as LockFile uses the PetitPotam attack to take over Home windows domains.

Among the assaults we noticed this week have been towards the Brazilian National TreasuryMemorial Health System, and Japanese insurer Tokio Marine.

Lastly, there’s some excellent news, as Emsisoft has launched a SynAck ransomware decryptor after the master decryption keys were released by the menace actors earlier this month.

Contributors and those that offered new ransomware info and tales this week embrace: @malwareforme, @DanielGallagher, @jorntvdw, @Seifreed, @Ionut_Ilascu, @struppigel, @PolarToffee, @demonslay335, @VK_Intel, @BleepinComputer, @serghei, @malwrhunterteam, @FourOctets, @fwosar, @LawrenceAbrams, @symantec, @emsisoft, @AdvIntel, @IBMSecurity, and @fbgwls245.

August 14th 2021

New Karma ransomware

dnwls0719 discovered a a brand new Karma ransomware that appends the .KARMA extension and has a devoted leak website.

Karma ransomware

August sixteenth 2021

Hive ransomware attacks Memorial Health System, steals patient data

In what seems to be an assault from the Hive ransomware gang, computer systems of the non-profit Memorial Well being System have been encrypted, forcing employees to work with paper charts.

Colonial Pipeline reports data breach after May ransomware attack

Colonial Pipeline, the most important gas pipeline in america, is sending notification letters to people affected by the info breach ensuing from the DarkSide ransomware assault that hit its community in Might.

August seventeenth 2021

Conti ransomware prioritizes revenue and cyberinsurance data theft

Coaching materials utilized by Conti ransomware associates was leaked on-line this month, permitting an inside take a look at how attackers abuse professional software program and search out cyber insurance coverage insurance policies.

Brazilian government discloses National Treasury ransomware attack

The Brazilian Ministry of Economic system has disclosed a ransomware assault that hit a few of Nationwide Treasury’s computing programs on Friday night time, proper earlier than the beginning of the weekend.

New Dharma ransomware variant

Jakub Kroustek discovered a brand new Dharma variant that appends the .c0v extension.

August 18th 2021

Diavol ransomware sample shows stronger connection to TrickBot gang

A brand new evaluation of a Diavol ransomware pattern reveals a extra clear reference to the gang behind the TrickBot botnet and the evolution of the malware.

Japanese insurer Tokio Marine discloses ransomware attack

Tokio Marine Holdings, a multinational insurance coverage holding firm in Japan, introduced this week that its Singapore department, Tokio Marine Insurance coverage Singapore (TMiS), suffered a ransomware assault.

August nineteenth 2021

CISA shares guidance on how to prevent ransomware data breaches

The US Cybersecurity and Infrastructure Safety Company (CISA) has launched steerage to assist authorities and personal sector organizations forestall information breaches ensuing from ransomware double extortion schemes.

New Malki Ransomware

dnwls0719 discovered a brand new ransomware that appends the .MALKI extension.


August twentieth 2021

SynAck ransomware decryptor lets victims recover files for free

Emsisoft has launched a decryptor for the SynAck Ransomware, permitting victims to decrypt their encrypted recordsdata without spending a dime.

LockFile ransomware uses PetitPotam attack to hijack Windows domains

At the least one ransomware menace actor has began to leverage the just lately found PetitPotam NTLM relay attack technique to take over the Home windows area on varied networks worldwide.

That is it for this week! Hope everybody has a pleasant weekend!

Source link