Over the previous two weeks, it has been busy with ransomware information starting from a gang shutting down and releasing a grasp decryption key to risk actors turning to Microsoft Trade exploits to breach networks.
The largest information is the Ragnarok ransomware operation shutting down and releasing a grasp decryptor on their web site. Utilizing the launched keys, Emsisoft was in a position to create its own decryptor.
The FBI and CISA have additionally been busy, releasing advisories warning of ransomware attacks over holiday weekends, gangs targeting food and agriculture organizations, information about the 1% group, and IOCs for the Hive Ransomware.
A risk actor released the complete source code for the Babuk Ransomware, permitting any wannabe risk actor to begin their very own ransomware operation. Sadly, this leak will result in many risk actors worldwide creating their very own Ransomware-as-a-Service.
Contributors and people who supplied new ransomware data and tales this week embody: @VK_Intel, @fwosar, @struppigel, @malwrhunterteam, @PolarToffee, @Ionut_Ilascu, @BleepinComputer, @demonslay335, @LawrenceAbrams, @jorntvdw, @FourOctets, @DanielGallagher, @Seifreed, @serghei, @malwareforme, @vxunderground, @AltShiftPrtScn, @thepacketrat, @TalosSecurity, @GossiTheDog, @pcrisk, @fbgwls245, @ddd1ms, and @darktracer_int.
August twenty first 2021
A brand new ransomware gang often called LockFile encrypts Home windows domains after hacking into Microsoft Trade servers utilizing the not too long ago disclosed ProxyShell vulnerabilities.
August twenty third 2021
The Federal Bureau of Investigation (FBI) has shared data a couple of risk actor often called OnePercent Group that has been actively focusing on US organizations in ransomware assaults since at the least November 2020.
SAC Wi-fi, a US-based Nokia subsidiary, has disclosed a knowledge breach following a ransomware assault the place Conti operators have been in a position to efficiently breach its community, steal information, and encrypt techniques.
PCRisk discovered a brand new STOP ransomware variant that appends the .orkf extension.
PCRisk discovered a brand new Dharma ransomware variant that appends the .dts extension.
August twenty fourth 2021
A PowerShell script utilized by the Pysa ransomware operation provides us a sneak peek on the kinds of information they try and steal throughout a cyberattack.
dnwls0719 discovered a BlackKingdom variant that appends the .svyx extension.
August twenty sixth 2021
Ragnarok ransomware gang seems to have known as it quits and launched the grasp key that may decrypt information locked with their malware.
The Federal Bureau of Investigation (FBI) has launched some technical particulars and indicators of compromise related to Hive ransomware assaults.
PCRisk discovered new Dharma ransomware variants that appends the .6ix9 and .TCYO extensions.
PCRisk discovered a brand new Phobos ransomware variant that appends the .PERDAK extension.
August twenty seventh 2021
The Boston Public Library (BPL) has disclosed at present that its community was hit by a cyberattack on Wednesday, resulting in a system-wide technical outage.
PCRisk discovered a brand new Dharma ransomware variant that appends the .RZA extension.
dnwls0719 discovered a brand new ransomware known as HQ_52_42 that appends the .HQ_52_42 extension.
August twenty eighth 2021
dnwls0719 discovered a brand new ransomware known as SanwaiWare 2021 that appends the .sanwai extension.
August thirtieth 2021
PCRisk discovered a brand new STOP ransomware variant that appends the .lqqw extension.
dnwls0719 discovered a brand new ransomware known as Loki Locker that appends the .Loki extension.
August thirty first 2021
The FBI and CISA urged organizations to not let down their defenses towards ransomware assaults throughout weekends or holidays in a joint cybersecurity advisory issued earlier at present.
September 1st 2021
Bangkok Airways, a significant airline firm in Thailand, confirmed it was the sufferer of a cyberattack earlier this month that compromised private information of passengers.
On this publish, we talked about the actual fact of BlackMatter and Babuk utilizing the identical net server for sharing the leaked information.
September 2nd 2021
Virtually a month after a disgruntled Conti affiliate leaked the gang’s assault playbook, safety researchers shared a translated variant that clarifies any misinterpretation brought on by automated translation.
The FBI says ransomware gangs are actively focusing on and disrupting the operations of organizations within the meals and agriculture sector, inflicting monetary loss and immediately affecting the meals provide chain.
September third 2021
The Conti ransomware gang is hacking into Microsoft Trade servers and breaching company networks utilizing not too long ago disclosed ProxyShell vulnerability exploits.
A risk actor has leaked the entire supply code for the Babuk ransomware on a Russian-speaking hacking discussion board.
DarkTracer discovered that each one three ransomware teams are using the identical Tor information leak web site. They don’t seem to be believed to be affiliated, aside from doable being a part of the identical cartel.
DarkTracer discovered that Astro Staff, Mount Locker, and XING Locker are sharing the identical Tor community infrastructure. Astro Staff and MountLocker are believed to be affiliated with each other.
PCRisk discovered a brand new STOP ransomware variant that appends the .efdc extension.