The Week in Ransomware – December twenty fourth 2021

0
85


The vacation season is right here, however there isn’t any relaxation for our weary admins as ransomware gangs are nonetheless conducting assaults over the Christmas and New Years breaks.
That is very true this yr, with the rampant Log4j exploitation over the previous few weeks resulting in compromised networks which might be ripe for ransomware deployment whereas the workforce is on trip.
Community admins and safety researchers are already reporting that BlackCat/ALPHV associates proceed to assault the enterprise at present as we transfer into the Christmas weekend, so it’s vital to keep watch over your networks and reply shortly to uncommon habits.
Good luck on the market and wishing everybody a really joyful and uneventful vacation season!
Contributors and people who supplied new ransomware info and tales this week embody: @LawrenceAbrams, @Ionut_Ilascu, @PolarToffee, @BleepinComputer, @struppigel, @Seifreed, @VK_Intel, @billtoulas, @serghei, @jorntvdw, @FourOctets, @malwareforme, @fwosar, @JakubKroustek, @DanielGallagher, @malwrhunterteam, @demonslay335, @ValeryMarchive, @ESETresearch, @LabsSentinel, @SophosLabs, @threatresearch, @NCCGroupplc, @pcrisk, @th3_protoCOL, @0daydorpher, and @siri_urz.
December 18th 2021
New Dharma Ransomware variant
Jakub Kroustek discovered a brand new Dharma ransomware variant that appends the .ver extension.
December twentieth 2021
New STOP Ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .nnqp extension to encrypted information.
New Dharma Ransomware variant
PCrisk discovered a brand new Dharma ransomware variant that appends the .C1024 extension to encrypted information.
December twenty first 2021
FreeBSD SFile ransomware encryptor
ESET found a brand new FreeBSD model of the SFile ransomware.
PYSA ransomware behind most double extortion assaults in November
Safety analysts from NCC Group report that ransomware assaults in November 2021 elevated over the previous month, with double-extortion persevering with to be a strong instrument in menace actors’ arsenal.
December twenty second 2021
New Dharma Ransomware variant
Jakub Kroustek discovered a brand new Dharma ransomware variant that appends the .RED extension.
New Phobos Ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .well being extension to encrypted information.
December twenty third 2021
AvosLocker ransomware reboots in Secure Mode to bypass safety instruments
In latest assaults, the AvosLocker ransomware gang has began specializing in disabling endpoint safety options that stand of their means by rebooting compromised techniques into Home windows Secure Mode.
New Surtr ransomware
S!Ri discovered a brand new ransomware that appends the .surtr extension to encrypted information.

December twenty fourth 2021
Rook ransomware is yet one more spawn of the leaked Babuk code
A brand new ransomware operation named Rook has appeared not too long ago on the cyber-crime area, declaring a determined must make “some huge cash” by breaching company networks and encrypting units.
International IT companies supplier Inetum hit by ransomware assault
As first reported by Valéry Marchive, lower than per week earlier than the Christmas vacation, French IT companies firm Inetum Group was hit by a ransomware assault that had a restricted influence on the enterprise and its prospects.
Noberus/ALPHV/BlackCat attacking throughout Christmas
It is not unusual for ransomware gangs to take a little bit of day off in the course of the holidays. Nevertheless, appears like BlackCat associates are persevering with to work by means of the vacations.
That is it for this week! Hope everybody has a pleasant weekend!