[ad_1]
For this week’s ‘Week in Ransomware’ article we now have included the most recent ransomware information over the previous two weeks.
The most important information over the previous two weeks is the unsealing of a United States’ Grievance for Forfeiture detailing how the FBI seized 39.89138522 bitcoins from an Exodus pockets belonging to an REvil affiliate. Primarily based on the e-mail listed within the courtroom doc, it’s believed that the affiliate is one often called ‘Lalartu.’
We additionally discovered that the BlackByte ransomware gang exploits the Microsoft Trade ProxyShell vulnerabilities to realize preliminary entry to inner networks. Due to this fact, be certain to replace your servers.
The FBI additionally disclosed that Cuba ransomware has attacked 49 US crucial infrastructure orgs and acquired at the very least US $43.9 million in ransom funds.
Lastly, a number of the assaults we discovered about over the previous two weeks embrace Deliberate Parenthood Los Angeles, Swire Pacific Offshore, and Correos Specific.
Contributors and those that offered new ransomware data and tales this week embrace: @fwosar, @DanielGallagher, @BleepinComputer, @PolarToffee, @malwrhunterteam, @Ionut_Ilascu, @jorntvdw, @Seifreed, @FourOctets, @billtoulas, @struppigel, @demonslay335, @serghei, @VK_Intel, @malwareforme, @LawrenceAbrams, @redcanary, @John_Fokker, @Mandiant, @siri_urz, @teachemtechy, @fbgwls245, @pcrisk, @Kangxiaopao, @Amigo_A, and @ValeryMarchive.
November twenty second 2021
Wind turbine large Vestas’ information compromised in cyberattack
Vestas Wind Methods, a frontrunner in wind turbine manufacturing, has shut down its IT techniques after struggling a cyberattack.
US govt warns of elevated ransomware dangers throughout holidays
The Cybersecurity and Infrastructure Safety Company (CISA) and the FBI warned crucial infrastructure companions and public/non-public sector organizations to not let down their defenses towards ransomware assaults in the course of the vacation season.
New Dharma Ransomware variant
PCrisk discovered a brand new Dharma ransomware variant that appends the .NEEH extension.
November twenty fourth 2021
New Thanos variant
dnwls0719 discovered a brand new Thanos variant that appends the .xot5ik extension.
November twenty fifth 2021
New STOP Ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .robm extension.
New AV Ghost ransomware
xiaopao discovered a brand new Av Ghost ransomware that appends the AvGhost extension and drops a ransom word named AvGhost.txt.
November twenty sixth 2021
Marine companies supplier Swire Pacific Offshore hit by ransomware
Marine companies large Swire Pacific Offshore (SPO) has suffered a Clop ransomware assault that allowed risk actors to steal firm information.
New Rook Ransomware
Zack Allen discovered a brand new ransomware referred to as ‘Rook’ that’s based mostly on Babuk and appends the .rook extension to encrypted recordsdata.
New STOP Ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .rigj extension.
November twenty ninth 2021
New Phobos Ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .XIII extension.
November thirtieth 2021
Yanluowang ransomware operation matures with skilled associates
An affiliate of the lately found Yanluowang ransomware operation is focusing its assaults on U.S. organizations within the monetary sector utilizing BazarLoader malware within the reconnaissance stage.
FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
The FBI seized $2.3 million in August from a well known REvil and GandCrab ransomware affiliate, based on courtroom paperwork seen by BleepingComputer.
New Blue Locker Ransomware
Siri discovered a brand new Blue Locker that appends the .blue extension to encrypted recordsdata.
December 1st 2021
Microsoft Trade servers hacked to deploy BlackByte ransomware
The BlackByte ransomware gang is now breaching company networks by exploiting Microsoft Trade servers utilizing the ProxyShell vulnerabilities.
Deliberate Parenthood LA discloses information breach after ransomware assault
Deliberate Parenthood Los Angeles has disclosed a knowledge breach after struggling a ransomware assault in October that uncovered the non-public data of roughly 400,000 sufferers.
Ransomware: the Spanish Correos Specific seems to be confronted with Hive
The Spanish specialist in categorical parcel supply Correos Specific appears to be having difficulties in offering its companies. A pattern of Hive ransomware suggests a cyberattack that occurred round November 27.
New STOP Ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .moia extension.
December 2nd 2021
New Hi there Ransomware
Siri discovered a brand new ransomware calling itself ‘Hi there’ that makes use of an attention-grabbing ransom word and appends the .hi there extension.
December third 2021
FBI: Cuba ransomware breached 49 US crucial infrastructure orgs
The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at the very least 49 organizations from US crucial infrastructure sectors.
DailyMail.com tracked suspected Yeveniy Polyanin
DailyMail allegedly tracked down Yeveniy Polyanin, a member of the REvil ransomware group.
New Makop variant
dnwls0719 discovered a brand new Makop ransomware variant that appends the .mkp extension.
New STOP Ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .yqal extension.
That is it for this week! Hope everybody has a pleasant weekend!
[ad_2]