Home Cyber Crime The Week in Ransomware – September 3rd 2021

The Week in Ransomware – September 3rd 2021

7
0


Ransomware

Over the previous two weeks, it has been busy with ransomware information starting from a gang shutting down and releasing a grasp decryption key to risk actors turning to Microsoft Trade exploits to breach networks.

The largest information is the Ragnarok ransomware operation shutting down and releasing a grasp decryptor on their web site. Utilizing the launched keys, Emsisoft was in a position to create its own decryptor.

We have now additionally seen ransomware gangs, akin to LockFile and Conti, start to make use of the not too long ago disclosed Microsoft Exchange ProxyShell vulnerabilities.

The FBI and CISA have additionally been busy, releasing advisories warning of ransomware attacks over holiday weekends, gangs targeting food and agriculture organizations, information about the 1% group, and IOCs for the Hive Ransomware.

A risk actor released the complete source code for the Babuk Ransomware, permitting any wannabe risk actor to begin their very own ransomware operation. Sadly, this leak will result in many risk actors worldwide creating their very own Ransomware-as-a-Service.

Lastly, leaked Conti training material and a Pysa data exfiltration script have given us perception into how ransomware gangs conduct their assaults and what information they’re focusing on.

Contributors and people who supplied new ransomware data and tales this week embody: @VK_Intel, @fwosar, @struppigel, @malwrhunterteam, @PolarToffee, @Ionut_Ilascu, @BleepinComputer, @demonslay335, @LawrenceAbrams, @jorntvdw, @FourOctets, @DanielGallagher, @Seifreed, @serghei, @malwareforme, @vxunderground, @AltShiftPrtScn, @thepacketrat, @TalosSecurity, @GossiTheDog, @pcrisk, @fbgwls245, @ddd1ms, and @darktracer_int.

August twenty first 2021

Microsoft Exchange servers being hacked by new LockFile ransomware

A brand new ransomware gang often called LockFile encrypts Home windows domains after hacking into Microsoft Trade servers utilizing the not too long ago disclosed ProxyShell vulnerabilities.

August twenty third 2021

FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020

The Federal Bureau of Investigation (FBI) has shared data a couple of risk actor often called OnePercent Group that has been actively focusing on US organizations in ransomware assaults since at the least November 2020.

Nokia subsidiary discloses data breach after Conti ransomware attack

SAC Wi-fi, a US-based Nokia subsidiary, has disclosed a knowledge breach following a ransomware assault the place Conti operators have been in a position to efficiently breach its community, steal information, and encrypt techniques.

New STOP ransomware variant

PCRisk discovered a brand new STOP ransomware variant that appends the .orkf extension.

New Dharma ransomware variant

PCRisk discovered a brand new Dharma ransomware variant that appends the .dts extension.

August twenty fourth 2021

Ransomware gang’s script shows exactly the files they’re after

A PowerShell script utilized by the Pysa ransomware operation provides us a sneak peek on the kinds of information they try and steal throughout a cyberattack.

New BlackKingdom ransomware variant

dnwls0719 discovered a BlackKingdom variant that appends the .svyx extension.

Black Kingdom

August twenty sixth 2021

Ragnarok ransomware releases master decryptor after shutdown

Ragnarok ransomware gang seems to have known as it quits and launched the grasp key that may decrypt information locked with their malware.

FBI shares technical details for Hive ransomware

The Federal Bureau of Investigation (FBI) has launched some technical particulars and indicators of compromise related to Hive ransomware assaults.

New Dharma ransomware variants

PCRisk discovered new Dharma ransomware variants that appends the .6ix9 and .TCYO extensions.

New Phobos ransomware variant

PCRisk discovered a brand new Phobos ransomware variant that appends the .PERDAK extension.

August twenty seventh 2021

Boston Public Library discloses cyberattack, system-wide technical outage

The Boston Public Library (BPL) has disclosed at present that its community was hit by a cyberattack on Wednesday, resulting in a system-wide technical outage.

New Dharma ransomware variant

PCRisk discovered a brand new Dharma ransomware variant that appends the .RZA extension.

New HQ_52_42 ransomware

dnwls0719 discovered a brand new ransomware known as HQ_52_42 that appends the .HQ_52_42 extension.

HQ_52_42

August twenty eighth 2021

New SanwaiWare 2021 ransomware

dnwls0719 discovered a brand new ransomware known as SanwaiWare 2021 that appends the .sanwai extension.

SanwaiWare 2021

August thirtieth 2021

New STOP ransomware variant

PCRisk discovered a brand new STOP ransomware variant that appends the .lqqw extension.

dnwls0719 discovered a brand new ransomware known as Loki Locker that appends the .Loki extension.

Loki Locker

August thirty first 2021

FBI, CISA: Ransomware attack risk increases on holidays, weekends

The FBI and CISA urged organizations to not let down their defenses towards ransomware assaults throughout weekends or holidays in a joint cybersecurity advisory issued earlier at present.

September 1st 2021

LockBit gang leaks Bangkok Airways data, hits Accenture customers

Bangkok Airways, a significant airline firm in Thailand, confirmed it was the sufferer of a cyberattack earlier this month that compromised private information of passengers.

BlackMatter x Babuk : Using the same web server for sharing leaked files

On this publish, we talked about the actual fact of BlackMatter and Babuk utilizing the identical net server for sharing the leaked information.

September 2nd 2021

Translated Conti ransomware playbook gives insight into attacks

Virtually a month after a disgruntled Conti affiliate leaked the gang’s assault playbook, safety researchers shared a translated variant that clarifies any misinterpretation brought on by automated translation.

FBI warns of ransomware gangs targeting food, agriculture orgs

The FBI says ransomware gangs are actively focusing on and disrupting the operations of organizations within the meals and agriculture sector, inflicting monetary loss and immediately affecting the meals provide chain.

September third 2021

Conti ransomware now hacking Exchange servers with ProxyShell exploits

The Conti ransomware gang is hacking into Microsoft Trade servers and breaching company networks utilizing not too long ago disclosed ProxyShell vulnerability exploits.

Babuk ransomware’s full source code leaked on hacker forum

A risk actor has leaked the entire supply code for the Babuk ransomware on a Russian-speaking hacking discussion board.

Babuk, BlackMatter, and Groove share the same data leak site

DarkTracer discovered that each one three ransomware teams are using the identical Tor information leak web site. They don’t seem to be believed to be affiliated, aside from doable being a part of the identical cartel.

Mount Locker, Astro Team, and XING Locker share same Tor site

DarkTracer discovered that Astro Staff, Mount Locker, and XING Locker are sharing the identical Tor community infrastructure. Astro Staff and MountLocker are believed to be affiliated with each other.

Dmitry Smilyanets famous that risk actors worldwide will probably launch their very own ransomware operations based mostly on the leaked Babuk ransomware source code.

New STOP ransomware variant

PCRisk discovered a brand new STOP ransomware variant that appends the .efdc extension.

That is it for this week! Hope everybody has a pleasant weekend!





Source link