Ransomware gangs proceed to assault colleges, firms, and even hospitals worldwide with little signal of letting up. Under we have now tracked a few of the ransomware tales that we’re following this week.
Tales of explicit curiosity revolve round new options and techniques utilized by a few of the ransomware operations.
After analyzing the Conti training material leaked earlier this month, we realized that they use a professional distant entry software program to retain persistence on a compromised community. We additionally realized that they prioritize looking for cyber insurance policies and financial documents after taking management of a community.
One other report illustrates how menace actors are monitoring researchers on Twitter as a brand new ransomware gang often known as LockFile uses the PetitPotam attack to take over Home windows domains.
Contributors and those that offered new ransomware info and tales this week embrace: @malwareforme, @DanielGallagher, @jorntvdw, @Seifreed, @Ionut_Ilascu, @struppigel, @PolarToffee, @demonslay335, @VK_Intel, @BleepinComputer, @serghei, @malwrhunterteam, @FourOctets, @fwosar, @LawrenceAbrams, @symantec, @emsisoft, @AdvIntel, @IBMSecurity, and @fbgwls245.
August 14th 2021
dnwls0719 discovered a a brand new Karma ransomware that appends the .KARMA extension and has a devoted leak website.
August sixteenth 2021
In what seems to be an assault from the Hive ransomware gang, computer systems of the non-profit Memorial Well being System have been encrypted, forcing employees to work with paper charts.
Colonial Pipeline, the most important gas pipeline in america, is sending notification letters to people affected by the info breach ensuing from the DarkSide ransomware assault that hit its community in Might.
August seventeenth 2021
Coaching materials utilized by Conti ransomware associates was leaked on-line this month, permitting an inside take a look at how attackers abuse professional software program and search out cyber insurance coverage insurance policies.
The Brazilian Ministry of Economic system has disclosed a ransomware assault that hit a few of Nationwide Treasury’s computing programs on Friday night time, proper earlier than the beginning of the weekend.
Jakub Kroustek discovered a brand new Dharma variant that appends the .c0v extension.
August 18th 2021
A brand new evaluation of a Diavol ransomware pattern reveals a extra clear reference to the gang behind the TrickBot botnet and the evolution of the malware.
Tokio Marine Holdings, a multinational insurance coverage holding firm in Japan, introduced this week that its Singapore department, Tokio Marine Insurance coverage Singapore (TMiS), suffered a ransomware assault.
August nineteenth 2021
The US Cybersecurity and Infrastructure Safety Company (CISA) has launched steerage to assist authorities and personal sector organizations forestall information breaches ensuing from ransomware double extortion schemes.
dnwls0719 discovered a brand new ransomware that appends the .MALKI extension.
August twentieth 2021
Emsisoft has launched a decryptor for the SynAck Ransomware, permitting victims to decrypt their encrypted recordsdata without spending a dime.
At the least one ransomware menace actor has began to leverage the just lately found PetitPotam NTLM relay attack technique to take over the Home windows area on varied networks worldwide.