Ransomware gangs proceed to hammer native governments in assaults, taking down IT methods and disrupting cities’ on-line providers.
Earlier this month, we noticed that with the Royal Ransomware assault on Dallas, and this week the City of Augusta, Georgia, can also be struggling a cyberattack.
While the Augusta mayor’s workplace has disclosed an announcement stating that they suffered a cyberattack, they didn’t share any particulars on the breach.
“The City of Augusta, GA started experiencing technical difficulties this previous Sunday, May 21, 2023, unrelated to final week’s outage, leading to a disruption to sure laptop methods,” reads the City’s assertion.
“We started an investigation and decided that we had been the sufferer of unauthorized entry to our system.”
However, right this moment, the BlackByte ransomware operation claimed duty for the assault on Augusta, leaking knowledge that they declare was stolen throughout the assault.
Other assaults we discovered extra about this week embrace a BlackBasta assault on German arms producer Rheinmetall and ABB confirming knowledge was stolen throughout an assault earlier this month.
The Cuba ransomware gang additionally claimed the assault on The Philadelphia Inquirer. However, after the writer acknowledged the info didn’t belong to them, Cuba took the Inquirer’s entry from their knowledge leak web site.
We additionally noticed some fascinating reviews launched by safety corporations and researchers:
Finally, ransomware affiliate Bassterlord launched a “barely” edited however extremely sought-after model of his ransomware handbook model 2.0 that was being offered for $10,000 on hacker boards.
While some researchers felt the handbook lacked element, risk actors can nonetheless use it to achieve extra information and learn to breach company networks.
While we aren’t sharing this handbook, it’s suggested that each one community defenders and safety professionals learn the translated variations floating round on Twitter, or a number of the linked analyses beneath, to be taught what techniques had been being taught.
Contributors and people who supplied new ransomware data and tales this week embrace: @demonslay335, @malwrhunterteam, @BleepinComputer, @serghei, @billtoulas, @fwosar, @Ionut_Ilascu, @struppigel, @LawrenceAbrams, @Seifreed, @security_score, @Unit42_Intel, @_CPResearch_, @pcrisk, @BroadcomSW, @uuallan, @Jon__DiMaggio, @AShukuhi, @BushidoToken, @BrettCallow, and @UK_Daniel_Card.
May twenty second 2023
Malicious Windows kernel drivers utilized in BlackCat ransomware assaults
The ALPHV ransomware group (aka BlackCat) was noticed using signed malicious Windows kernel drivers to evade detection by safety software program throughout assaults.
New STOP Ransomware variants
PCrisk discovered new STOP Ransomware variants that append the .gapo, .gatq, and .gaze extensions.
New MedusaLocker variant
PCrisk discovered a brand new MedusaLocker variant that appends the .itlock20 extension (the quantity might differ) and drops a ransom observe named How_to_back_files.html.
May twenty third 2023
A Deep Dive into Medusa Ransomware
Medusa ransomware appeared in June 2021, and it turned extra energetic this yr by launching the “Medusa Blog” containing knowledge leaked from victims that didn’t pay the ransom. The malware stops an inventory of providers and processes decrypted at runtime and deletes the Volume Shadow
Copies.
IT worker impersonates ransomware gang to extort employer
A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized laptop entry with prison intent and blackmailing his employer.
Arms maker Rheinmetall confirms BlackBasta ransomware assault
German automotive and arms producer Rheinmetall AG confirms that it suffered a BlackBasta ransomware assault that impacted its civilian enterprise.
Cuba ransomware claims cyberattack on Philadelphia Inquirer
The Cuba ransomware gang has claimed duty for this month’s cyberattack on The Philadelphia Inquirer, which quickly disrupted the newspaper’s distribution and disrupted some enterprise operations.
May twenty fourth 2023
Iranian hackers use new Moneybird ransomware to assault Israeli orgs
A suspected Iranian state-supported risk actor often known as ‘Agrius’ is now deploying a brand new ransomware pressure named ‘Moneybird’ in opposition to Israeli organizations.
May twenty fifth 2023
New Buhti ransomware gang makes use of leaked Windows, Linux encryptors
A brand new ransomware operation named ‘Buhti’ makes use of the leaked code of the LockBit and Babuk ransomware households to focus on Windows and Linux methods, respectively.
New STOP Ransomware variants
PCrisk discovered new STOP Ransomware variants that append the .vapo, .vatq, and .vaze extensions.
New FAST ransomware
PCrisk discovered a brand new ransomware that appends the .FAST extension and drops a ransom observe named #FILEENCRYPTED.txt.
Really? $10K For THIS? A Look at Version 2.0 of Basterlord’s Manual
Basterlord launched the a lot wanted 2nd model of his handbook on Twitter.
May twenty sixth 2023
BlackByte ransomware claims City of Augusta cyberattack
The metropolis of Augusta in Georgia, U.S., has confirmed that the latest IT system outage was brought on by unauthorized entry to its community.
US govt contractor ABB confirms ransomware assault, knowledge theft
Swiss tech multinational and U.S. authorities contractor ABB has confirmed that a few of its methods had been impacted by a ransomware assault, beforehand described by the corporate as “an IT safety incident.”
New EXISC ransomware
PCrisk discovered a brand new ransomware variant that appends the .EXISC extension and drops a ransom observe named Please Contact Us To Restore.txt.
Analysis of “THE MANUAL”
Yesterday Basterlord (an notorious ransomware operator) printed a duplicate of “Networking Manual v2.0” (which I’ll consult with as “the manual”). So I after all thought we must always analyze this and look to see what he was promoting for $10 thousand {dollars}!
On-Demand Webinar: The Lord Has Fallen
Join the writer of Ransomware Diaries: Volume 2- A Ransomware Hacker Origin Story, Jon DiMaggio, for a dive into the ramifications Bassterlord has confronted since his story got here out.