[ad_1]
Legislation enforcement continues to maintain up the strain on ransomware operations with infrastructure hacks and million-dollar rewards, resulting in the shut down of felony operations.
Resulting from this elevated strain by legislation enforcement, the BlackMatter (DarkSide) ransomware gang introduced to associates that they had been shutting down this week after members had been lacking.
BleepingComputer later found that BlackMatter started shifting current victims to LockBit ransomware’s infrastructure to proceed extortion calls for.
To maintain strain on the DarkSide gang and warn that rebranding to a brand new operation will not cease legislation enforcement, the US Division of State introduced a $10 million reward for figuring out or finding key leaders within the group. As well as, the US authorities can also be providing $5 million for the arrest of any people taking part in future assaults utilizing DarkSide variants.
The FBI additionally issued advisories this week warning that HelloKitty has added DDoS assaults to their arsenal, that ransomware gangs generally conduct assaults “throughout time-sensitive monetary occasions,” and that gangs are concentrating on tribal-owned companies, together with casinos.
Ransomware assaults we noticed this week had been towards the UK Labour Celebration and the Newfoundland and Labrador well being programs.
Contributors and people who offered new ransomware data and tales this week embody: @serghei, @malwareforme, @LawrenceAbrams, @BleepinComputer, @fwosar, @DanielGallagher, @Ionut_Ilascu, @struppigel, @jorntvdw, @VK_Intel, @billtoulas, @malwrhunterteam, @FourOctets, @demonslay335, @PolarToffee, @Seifreed, @CofenseLabs, @TalosSecurity, @vxunderground, @pancak3lullz, @Fortinet, @GelosSnake, @nakashimae, @DDaltonBennett, @fbgwls245, @pcrisk, and @Amigo_A_.
October thirtieth 2021
Chaos ransomware targets players by way of faux Minecraft alt lists
The Chaos Ransomware gang encrypts players’ Home windows gadgets via faux Minecraft alt lists promoted on gaming boards.
November 1st 2021
FBI: HelloKitty ransomware provides DDoS assaults to extortion techniques
The U.S. Federal Bureau of Investigation (FBI) has despatched out a flash alert warning personal trade companions that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) assaults to their arsenal of extortion techniques.
BlackShadow hackers breach Israeli internet hosting agency and extort clients
The BlackShadow hacking group attacked the Israeli internet hosting supplier Cyberserve to steal shopper databases and disrupt the corporate’s providers.
Canadian province well being care system disrupted by cyberattack
The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to extreme disruption to healthcare suppliers and hospitals.
November 2nd 2021
New Dharma ransomware variant
dnwls0719 discovered a brand new Dharma ransomware variant that append the .MS extension to encrypted information.
New STOP ransomware variant
PCrisk discovered new STOP ransomware variants that append the .cool and .palq extensions to encrypted information.
FBI: Ransomware targets firms throughout mergers and acquisitions
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are concentrating on firms concerned in “time-sensitive monetary occasions” equivalent to company mergers and acquisitions to make it simpler to extort their victims.
November third 2021
BlackMatter ransomware claims to be shutting down as a result of police strain
The BlackMatter ransomware is allegedly shutting down its operation as a result of strain from the authorities and up to date legislation enforcement operations.
UK Labour Celebration discloses information breach after ransomware assault
The U.Ok. Labour Celebration notified members that a few of their data was impacted in a knowledge breach after a ransomware assault hit a provider managing the occasion’s information.
BlackMatter ransomware strikes victims to LockBit after shutdown
With the BlackMatter ransomware operation shutting down, current associates are shifting their victims to the competing LockBit ransomware website for continued extortion.
A ransomware gang shut down after Cybercom hijacked its website and it found it had been hacked
A significant abroad ransomware group shut down final month after a pair of operations by U.S. Cyber Command and a overseas authorities concentrating on the criminals’ servers left its leaders too fearful of identification and arrest to remain in enterprise, in response to a number of U.S. officers aware of the matter.
New Polaris ransomware concentrating on Linux
Amigo-A discovered a brand new Polaris ransomware that’s concentrating on Linux and dropping ransom notes named WARNING.txt.
November 4th 2021
Microsoft Alternate ProxyShell exploits used to deploy Babuk ransomware
A brand new risk actor is hacking Microsoft Alternate servers and breaching company networks utilizing the ProxyShell vulnerability to deploy the Babuk Ransomware.
Phishing emails ship spooky zombie-themed MirCop ransomware
A brand new phishing marketing campaign pretending to be provide lists infects customers with the MirCop ransomware that encrypts a goal system in underneath fifteen minutes.
US targets DarkSide ransomware, rebrands with $10 million reward
The US authorities is concentrating on the DarkSide ransomware and its rebrands with as much as a $10,000,000 reward for data resulting in the identification or arrest of members of the operation.
Lockean multi-ransomware associates linked to assaults on French orgs
Particulars concerning the instruments and techniques utilized by a ransomware affiliate group, now tracked as Lockean, have emerged at present in a report from France’s Pc Emergency Response Workforce (CERT).
November fifth 2021
New Dharma ransomware variant
PCrisk discovered a brand new Dharma ransomware variant that append the .WORM extension to encrypted information.
New STOP ransomware variant
PCrisk discovered new STOP ransomware variants that append the .stax and .irkf extensions to encrypted information.
New Thanos ransomware variant
dnwls0719 discovered a brand new Thanos ransomware variant that appends the .stepik extension.
That is it for this week! Hope everybody has a pleasant weekend!
[ad_2]