Home News The Week in Ransomware – September 10th 2021

    The Week in Ransomware – September 10th 2021


    Hacker threat

    This week marked the return of the infamous REvil ransomware group, who disappeared in July after conducting an enormous assault utilizing a Kaseya zero-day vulnerability.

    Their July assault affected over 1,500 companies and drew the complete consideration of worldwide legislation enforcement and the White Home, who demanded that Russia do one thing about these assaults.

    Quickly after, REvil shut down all of its servers and mysteriously disappeared.

    That’s till this week when REvil’s servers started back up, and a brand new pattern of their ransomware was noticed on VirusTotal.

    It’s nonetheless too quickly to inform if the ransomware gang is absolutely operational, however we’ll doubtless see new assaults shortly.

    In different information, a report was launched this week outlining what a ransomware gang’s ideal target is for assaults, and the Ragnar Locker gang threatened to mechanically launch stolen knowledge if victims contact negotiators or legislation enforcement.

    Contributors and those that offered new ransomware info and tales this week embrace: @BleepinComputer, @malwareforme, @malwrhunterteam, @VK_Intel, @fwosar, @serghei, @struppigel, @LawrenceAbrams, @PolarToffee, @FourOctets, @Seifreed, @jorntvdw, @DanielGallagher, @demonslay335, @Ionut_Ilascu, @AdvIntel, @y_advintel, @McAfee_Business, @Glacius_, @Intel471Inc, @PogoWasRight, @ddd1ms, @JakubKroustek, @Libranalysis, @John_Fokker, @cPeterr, @fbgwls245, and @pcrisk.

    September fifth 2021

    BlackMatter Ransomware v2.0

    That is my evaluation for the BlackMatter Ransomware model 2.0.

    September sixth 2021

    Ransomware gangs target companies using these criteria

    Ransomware gangs more and more buy entry to a sufferer’s community on darkish internet marketplaces and from different menace actors. Analyzing their need adverts makes it potential to get an inside take a look at the sorts of corporations ransomware operations are focusing on for assaults.

    September seventh 2021

    REvil ransomware’s servers mysteriously come back online

    The darkish internet servers for the REvil ransomware operation have all of a sudden turned again on after an nearly two-month absence. It’s unclear if this marks their ransomware gang’s return or the servers being turned on by legislation enforcement.

    Ransomware gang threatens to leak data if victim contacts FBI, police

    The Ragnar Locker ransomware group is warning that they are going to leak stolen knowledge from victims that contact legislation enforcement authorities, just like the FBI.

    September eighth 2021

    Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings

    On September 7, 2021, a consultant of the newly-formed Groove ransomware syndicate determined to share their insights and their perspective on the interior facets of the ransomware enterprise.

    Howard University shuts down network after ransomware attack

    The personal Howard College in Washington disclosed that it suffered a ransomware assault late final week and is presently working to revive affected methods.

    How Groove Gang is Shaking up the Ransomware-as-a-Service Market to Empower Affiliates

    McAfee Enterprise ATR believes, with excessive confidence, that the Groove gang is related to the Babuk gang, both as a former affiliate or subgroup. These cybercriminals are pleased to place apart earlier Ransomware-as-a-Service hierarchies to deal with the ill-gotten positive aspects to be constituted of controlling sufferer’s networks, relatively than the earlier method which prioritized management of the ransomware itself.

    September ninth 2021

    First new REvil sample spotted on VirusTotal

    Jakub Kroustek discovered the primary new REvil pattern uploaded to VirusTotal since they disappeared and now have come again alive.

    September tenth 2021

    All of Desert Wells Family Medicine patients’ electronic health records were corrupted and unrecoverable from ransomware attack

    On August 30, HHS added Queen Creek Medical Heart d/b/a Desert Wells Household Medication in Arizona to its public breach instrument. The entity had reported that 35,000 sufferers have been impacted by a breach involving a hack of the community.

    New Chaos Ransomware variant

    dnwls0719 discovered a brand new Chaos ransomware variant that appends the .CRYPTEDPAY extension.

    New Dharma Ransomware variant

    PCrisk discovered a brand new Dharma ransowmare variant that appends the .RME extension.

    That is it for this week! Hope everybody has a pleasant weekend!

    Source link