The Week in Ransomware – October twenty first 2022

0
306
The Week in Ransomware – October twenty first 2022


The Week in Ransomware – October twenty first 2022

Cybersecurity researchers didn’t disappoint, with studies linking RansomCartel to REvil, on OldGremlin hackers concentrating on Russia with ransomware, a new information exfiltration instrument utilized by BlackByte, a warning that ransomware actors are exploiting VMware vulnerabilities, and eventually, our personal report on the Venus Ransomware.

The FBI launched an advisory warning that the Daixin ransomware gang is concentrating on U.S. Healthcare and Public Health (HPH) sector in a number of assaults.

This week, Medibank lastly confirmed it was ransomware behind its current cyberattack. We additionally noticed an assault on the Stimme Mediengruppe media group that prevented the printing and distribution of German newspapers.

Contributors and those that supplied new ransomware info and tales this week embody: @malwrhunterteam, @PolarToffee, @Ionut_Ilascu, @FourOctets, @jorntvdw, @struppigel, @BleepinComputer, @demonslay335, @billtoulas, @Seifreed, @LawrenceAbrams, @serghei, @fwosar, @DanielGallagher, @VK_Intel, @malwareforme, @Fortinet, @BroadcomSW, @0verfl0w_, @linuxct, @Unit42_Intel, @Amermelsad, @MsftSecIntel, @CrowdStrike, @GroupIB_GIB, @BushidoToken, @JackRhysider, @Intel471Inc, @NCCGroupplc, and @pcrisk.

October sixteenth 2022

Venus Ransomware targets publicly uncovered Remote Desktop companies

Threat actors behind the comparatively new Venus Ransomware are hacking into publicly-exposed Remote Desktop companies to encrypt Windows units.

October seventeenth 2022

Ransomware assault halts circulation of some German newspapers

German newspaper ‘Heilbronn Stimme’ printed at this time’s 28-page problem in e-paper kind after a Friday ransomware assault crippled its printing methods.

Australian insurance coverage agency Medibank confirms ransomware assault

Health insurance coverage supplier Medibank has confirmed {that a} ransomware assault is answerable for final week’s cyberattack and disruption of on-line companies.

New STOP ransomware variants

PCrisk discovered new STOP ransomware variants that append the .tury and .tuis extension.

New Escanor ransomware

PCrisk discovered the brand new ESCANOR Ransomware that appends the .ESCANOR and drops the HELP_DECRYPT_YOUR_FILES.txt ransom notice.

October 18th 2022

Ransom Cartel linked to infamous REvil ransomware operation

Researchers have linked the comparatively new Ransom Cartel ransomware operation with the infamous REvil gang based mostly on code similarities in each operations’ encryptors.

Defenders beware: A case for post-ransomware investigations

In this weblog, we element a current ransomware incident by which the attacker used a set of commodity instruments and methods, comparable to utilizing living-off-the-land binaries, to launch their malicious code. Cobalt Strike was used for persistence on the community with NT AUTHORITY/SYSTEM (native SYSTEM) privileges to take care of entry to the community after password resets of compromised accounts.

New RONALDIHNO ransomware variant

PCrisk discovered a brand new RONALDIHNO ransomware that appends the .r7 extension and drops a ransom notice named READ_THIS.txt.

New CMLocker ransomware variant

PCrisk discovered a brand new CMlocker ransomware that appends the .CMLOCKER extension and drops a ransom notice named HELP_DECRYPT_YOUR_FILES.txt.

Darknet Diaries – EP 126: REvil

REvil is the identify of a ransomware service in addition to a bunch of criminals inflicting ransomware onto the world. Hear how this ransomware shook the world.

October nineteenth 2022

DeadBolt ransomware: nothing however NASty

The Group-IB Incident Response Team investigated an incident associated to a DeadBolt assault and analyzed a DeadBolt ransomware pattern

New Dcrtr ransomware variants

PCrisk discovered new Dcrtr ransomware variants that append the .flash or .ash extensions to encrypted recordsdata.

October twentieth 2022

OldGremlin hackers use Linux ransomware to assault Russian orgs

OldGremlin, one of many few ransomware teams attacking Russian company networks, has expanded its toolkit with file-encrypting malware for Linux machines.

Leading Ransomware Variants Q3 2022

Researchers at @Intel471Inc noticed 455 #ransomware assaults in Q3 of 2022 with probably the most prevalent variants being #LockBit 3.0, #BlackBasta, #Hive, #ALPHV & #BlackCat. Our newest report analyzes the main variants & the industries most impacted by them.

New Chaos ransomware variant

PCrisk discovered a brand new Chaos ransomware variant that appends the .eu extension and drops a ransom notice named read_instruction.txt.

October twenty first 2022

BlackByte ransomware makes use of new information theft instrument for double-extortion

A BlackByte ransomware affiliate is utilizing a brand new customized information stealing instrument known as ‘ExByte’ to steal information from compromised Windows units shortly.

Hackers exploit important VMware flaw to drop ransomware, miners

Security researchers noticed malicious campaigns leveraging a important vulnerability in VMware Workspace One Access to ship varied malware, together with the RAR1Ransom instrument that locks recordsdata in password-protected archives.

US govt warns of Daixin Team concentrating on well being orgs with ransomware

CISA, the FBI, and the Department of Health and Human Services (HHS) warned {that a} cybercrime group often known as Daixin Team is actively concentrating on the U.S. Healthcare and Public Health (HPH) sector in ransomware assaults.

Playing Hide-and-Seek with Ransomware, Part 2

In Part 1, we defined what Intel SGX enclaves are and the way they profit ransomware authors. In Part 2, we discover a hypothetical step-by-step implementation and description the restrictions of this methodology.

NCC Group Monthly Threat Pulse – September 2022

Claiming the fourth most energetic spot, simply behind BlackCat was new entrant Sparta. With 12 victims reported in someday and 14 over the course of the month, the group has emerged onto the ransomware scene with an explosive begin. Observations counsel it’s presently solely concentrating on Spain-based entities, suggesting it’s a Spanish-speaking organised crime group.

That’s it for this week! Hope everybody has a pleasant weekend!



LEAVE A REPLY

Please enter your comment!
Please enter your name here