[ad_1]
Whereas ransomware continues to be conducting assaults and all corporations should keep alert, ransomware information has been comparatively sluggish this week. Nonetheless, there have been nonetheless some fascinating tales that we define under.
This week’s most fascinating story is CNN’s report on Conti Leaks, a Ukrainian researcher who has had entry to Conti’s inner servers for years.
After Conti sided with Russia over the invasion of Ukraine, the researcher fought again by leaking inner chats and supply code for the Conti Ransomware gang, offering researchers and regulation enforcement a glimpse into their operations.
Different fascinating information is a intelligent ‘IPFuscation’ approach utilized by the Hive ransomware gang to obfuscate payloads by representing them as IP addresses to evade detection. By working the listing of IP addresses by means of a decoder, it leads to a binary payload that may be put in.
Contributors and those that supplied new ransomware data and tales this week embrace: @PolarToffee, @FourOctets, @jorntvdw, @LawrenceAbrams, @Seifreed, @serghei, @malwrhunterteam, @DanielGallagher, @VK_Intel, @malwareforme, @Ionut_Ilascu, @struppigel, @demonslay335, @fwosar, @billtoulas, @BleepinComputer, @rivitna2, @MinervaLabs, @Amigo_A_, @SentinelOne, @AquaSecTeam, @ContiLeaks, @snlyngaas, and @pcrisk.
March twenty seventh 2022
Hive ransomware ports its Linux VMware ESXi encryptor to Rust
The Hive ransomware operation has transformed their VMware ESXi Linux encryptor to the Rust programming language and added new options to make it more durable for safety researchers to listen in on sufferer’s ransom negotiations.
March twenty eighth 2022
SunCrypt ransomware continues to be alive and kicking in 2022
SunCrypt, a ransomware as service (RaaS) operation that reached prominence in mid-2020, is reportedly nonetheless lively, even when barely, as its operators proceed to work on giving its pressure new capabilities.
New KalajaTomorr ransomware
Amigo-A discovered a brand new ransomware that drops a ransom notice named Hiya.txt.
March twenty ninth 2022
Menace Alert: First Python Ransomware Assault Concentrating on Jupyter Notebooks
Group Nautilus has uncovered a Python-based ransomware assault that, for the primary time, was concentrating on Jupyter Pocket book, a well-liked software utilized by knowledge practitioners. The attackers gained preliminary entry by way of misconfigured environments, then ran a ransomware script that encrypts each file on a given path on the server and deletes itself after execution to hide the assault. Since Jupyter notebooks are used to research knowledge and construct knowledge fashions, this assault can result in important harm to organizations if these environments aren’t correctly backed up.
New Dharma ransomware variant
PCrisk discovered a brand new Dharma ransomware variant that appends the .snwd extension.
March thirtieth 2022
Hive ransomware makes use of new ‘IPfuscation’ trick to cover payload
Menace analysts have found a brand new obfuscation approach utilized by the Hive ransomware gang, which entails IPv4 addresses and a collection of conversions that finally result in downloading a Cobalt Strike beacon.
‘I can combat with a keyboard’: How one Ukrainian IT specialist uncovered a infamous Russian ransomware gang
As Russian artillery started raining down on his homeland final month, one Ukrainian laptop researcher determined to combat again one of the simplest ways he knew how — by sabotaging some of the formidable ransomware gangs in Russia.
March thirty first 2022
LockBit sufferer estimates price of ransomware assault to be $42 million
Atento, a supplier of buyer relationship administration (CRM) providers, has revealed its 2021 monetary efficiency outcomes, which present a large influence of $42.1 million resulting from a ransomware assault the agency suffered in October final 12 months.
4 new STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .voom, .mpag, .gtys, or .udla extensions.
That is it for this week! Hope everybody has a pleasant weekend!
[ad_2]