For this week’s ‘Week in Ransomware’ article we’ve included the most recent ransomware information over the previous two weeks.
The most important information over the previous two weeks is the unsealing of a United States’ Criticism for Forfeiture detailing how the FBI seized 39.89138522 bitcoins from an Exodus wallet belonging to an REvil affiliate. Based mostly on the e-mail listed within the courtroom doc, it’s believed that the affiliate is one often called ‘Lalartu.’
We additionally discovered that the BlackByte ransomware gang exploits the Microsoft Exchange ProxyShell vulnerabilities to realize preliminary entry to inside networks. Due to this fact, make sure that to replace your servers.
The FBI additionally disclosed that Cuba ransomware has attacked 49 US critical infrastructure orgs and obtained at the very least US $43.9 million in ransom funds.
Contributors and people who offered new ransomware data and tales this week embrace: @fwosar, @DanielGallagher, @BleepinComputer, @PolarToffee, @malwrhunterteam, @Ionut_Ilascu, @jorntvdw, @Seifreed, @FourOctets, @billtoulas, @struppigel, @demonslay335, @serghei, @VK_Intel, @malwareforme, @LawrenceAbrams, @redcanary, @John_Fokker, @Mandiant, @siri_urz, @teachemtechy, @fbgwls245, @pcrisk, @Kangxiaopao, @Amigo_A, and @ValeryMarchive.
November twenty second 2021
Vestas Wind Methods, a pacesetter in wind turbine manufacturing, has shut down its IT methods after struggling a cyberattack.
The Cybersecurity and Infrastructure Safety Company (CISA) and the FBI warned essential infrastructure companions and public/personal sector organizations to not let down their defenses towards ransomware assaults through the vacation season.
PCrisk discovered a brand new Dharma ransomware variant that appends the .NEEH extension.
November twenty fourth 2021
dnwls0719 discovered a brand new Thanos variant that appends the .xot5ik extension.
November twenty fifth 2021
PCrisk discovered a brand new STOP ransomware variant that appends the .robm extension.
xiaopao discovered a brand new Av Ghost ransomware that appends the AvGhost extension and drops a ransom word named AvGhost.txt.
November twenty sixth 2021
Marine companies big Swire Pacific Offshore (SPO) has suffered a Clop ransomware assault that allowed risk actors to steal firm knowledge.
Zack Allen discovered a brand new ransomware referred to as ‘Rook’ that’s based mostly on Babuk and appends the .rook extension to encrypted recordsdata.
PCrisk discovered a brand new STOP ransomware variant that appends the .rigj extension.
November twenty ninth 2021
PCrisk discovered a brand new Phobos ransomware variant that appends the .XIII extension.
November thirtieth 2021
An affiliate of the just lately found Yanluowang ransomware operation is focusing its assaults on U.S. organizations within the monetary sector utilizing BazarLoader malware within the reconnaissance stage.
The FBI seized $2.3 million in August from a widely known REvil and GandCrab ransomware affiliate, in line with courtroom paperwork seen by BleepingComputer.
Siri discovered a brand new Blue Locker that appends the .blue extension to encrypted recordsdata.
December 1st 2021
The BlackByte ransomware gang is now breaching company networks by exploiting Microsoft Change servers utilizing the ProxyShell vulnerabilities.
Deliberate Parenthood Los Angeles has disclosed an information breach after struggling a ransomware assault in October that uncovered the non-public data of roughly 400,000 sufferers.
The Spanish specialist in categorical parcel supply Correos Categorical appears to be having difficulties in offering its companies. A pattern of Hive ransomware suggests a cyberattack that occurred round November 27.
PCrisk discovered a brand new STOP ransomware variant that appends the .moia extension.
December 2nd 2021
Siri discovered a brand new ransomware calling itself ‘Hi there’ that makes use of an attention-grabbing ransom word and appends the .whats up extension.
December third 2021
The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at the very least 49 organizations from US essential infrastructure sectors.
DailyMail allegedly tracked down Yeveniy Polyanin, a member of the REvil ransomware group.
dnwls0719 discovered a brand new Makop ransomware variant that appends the .mkp extension.
PCrisk discovered a brand new STOP ransomware variant that appends the .yqal extension.