As we speak’s column brings you two weeks of data on the most recent ransomware assaults and analysis after we skipped final week’s article.
The massive information over the previous two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure abruptly stopped working for nearly 5 days. A number of sources advised BleepingComputer that this outage was associated to a regulation enforcement operation, however BlackCat claims the outages had been attributable to a {hardware}/internet hosting difficulty.
Nonetheless, BleepingComputer has discovered that a number of the BlackCat/ALPHV associates aren’t shopping for the reason and have began to contact victims straight through e mail to carry out negotiations exterior of the ransomware operation’s Tor negotiation websites.
It’s unclear if that’s as a result of they’re engaged on their last victims beneath this operation earlier than they change to a different gang or in the event that they really feel the ALPHV operation has been compromised in some method.
Regardless of the causes, the LockBit operation is benefiting from the drama. The cybercrime gang has advised BleepingComputer that they see this as a Christmas present and have began recruiting ALPHV’s associates.
In different information, we discovered about quite a few ransomware assaults over the previous two weeks, together with:
Lastly, regulation enforcement has had some confirmed actions this week, together with arresting a cash launderer linked to Hive ransomware and a Russian pleading responsible to working a crypto change utilized by ransomware gangs.
Contributors and people who offered new ransomware info and tales this week embrace: @malwrhunterteam, @demonslay335, @billtoulas, @fwosar, @Seifreed, @serghei, @BleepinComputer, @LawrenceAbrams, @Ionut_Ilascu, @ValeryMarchive, @BushidoToken, @azalsecurity, @SentinelOne, @g0njxa, @AlvieriD, @ShadowStackRE, @AShukuhi, @BrettCallow, @GossiTheDog, @vmiss33, @pcrisk, and @RESecurity.
December third 2023
Linux model of Qilin ransomware focuses on VMware ESXi
A pattern of the Qilin ransomware gang’s VMware ESXi encryptor has been discovered and it might be one of the crucial superior and customizable Linux encryptors seen so far.
December 4th 2023
Tipalti investigates claims of information stolen in ransomware assault
Tipalti says they’re investigating claims that the ALPHV ransomware gang breached its community and stole 256 GB of information, together with knowledge for Roblox and Twitch.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .elpy and drops ransom notes named information.txt and information.hta.
RA World encryptor
PCrisk discovered the encryptor for the brand new RA World operation, which appends the .RAWLD extension and drops a ransom be aware named Information breach warning.txt.
New Xorist variant
PCrisk discovered a brand new Xorist variant that appends the .xro extension and drops a ransom be aware named HOW TO DECRYPT FILES.txt.
December fifth 2023
HTC World Providers confirms cyberattack after knowledge leaked on-line
IT providers and enterprise consulting firm HTC World Providers has confirmed that they suffered a cyberattack after the ALPHV ransomware gang started leaking screenshots of stolen knowledge.
December sixth 2023
Qilin ESXi encryptor evaluation
Qilin ransomware has constructed a extremely configurable malware household that makes use of the native ESXi tooling to extend the success price of encrypting and ransoming their sufferer.
Navy contractor Austal USA confirms cyberattack after knowledge leak
Austal USA, a shipbuilding firm and a contractor for the U.S. Division of Protection (DoD) and the Division of Homeland Safety (DHS) confirmed that it suffered a cyberattack and is presently investigating the influence of the incident.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .nbwr and .nbzi extensions.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .GrafGrafel and drops ransom notes named information.txt and information.hta.
December seventh 2023
Russian pleads responsible to working crypto-exchange utilized by ransomware gangs
Russian nationwide Anatoly Legkodymov pleaded responsible to working the Bitzlato cryptocurrency change that helped ransomware gangs and different cybercriminals launder over $700 million.
December eighth 2023
ALPHV ransomware website outage rumored to be attributable to regulation enforcement
A regulation enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang’s web sites over the past 30 hours.
Norton Healthcare discloses knowledge breach after Might ransomware assault
Kentucky well being system Norton Healthcare has confirmed {that a} ransomware assault in Might uncovered private info belonging to sufferers, workers, and dependents.
New HiddenTear variant
PCrisk discovered a brand new HiddenTear ransomware variant that appends the .humorous extension and drops a ransom be aware named readme.txt.
December eleventh 2023
Toyota warns prospects of information breach exposing private, monetary information
Toyota Monetary Providers (TFS) is warning prospects it suffered a knowledge breach, stating that delicate private and monetary knowledge was uncovered within the assault.
Chilly storage big Americold discloses knowledge breach after April malware assault
Chilly storage and logistics big Americold has confirmed that over 129,000 workers and their dependents had their private info stolen in an April assault, later claimed by Cactus ransomware.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .hhuy and .hhaz extensions.
December twelfth 2023
Spider-Man 2 developer Insomniac Video games hit by Rhysida ransomware assault
Ransomware operator Rhysida has posted restricted knowledge that seems to again up its declare that it has efficiently hacked online game developer Insomniac Video games.
December thirteenth 2023
LockBit ransomware now poaching BlackCat, NoEscape associates
The LockBit ransomware operation is now recruiting associates and builders from the BlackCat/ALPHV and NoEscape after latest disruptions and exit scams.
French police arrests Russian suspect linked to Hive ransomware
French authorities arrested a Russian nationwide in Paris for allegedly serving to the Hive ransomware gang with laundering their victims’ ransom funds.
Technical evaluation of Rhysida
ShadowStackRE has revealed a technical evaluation of the Rhysida ransomware encryptor.
Mallox Resurrected | Ransomware Assaults Exploiting MS-SQL Proceed to Burden Enterprises
On this submit, we spotlight latest Mallox exercise, clarify the group’s preliminary entry strategies and supply a high-level evaluation of latest Mallox payloads to assist defenders higher perceive and defend in opposition to this persistent menace.
December 14th 2023
Kraft Heinz investigates hack claims, says programs ‘working usually’
Kraft Heinz has confirmed that their programs are working usually and that there isn’t any proof they had been breached after an extortion group listed them on a knowledge leak website.
December fifteenth 2023
Exposing The Cyber-Extortion Trinity – BianLian, White Rabbit, And Mario Ransomware Gangs Noticed In A Joint Marketing campaign
Primarily based on a latest Digital Forensics & Incident Response (DFIR) engagement with a regulation enforcement company (LEA) and one of many main funding organizations in Singapore, Resecurity, Inc. (USA) has uncovered a significant hyperlink between three main ransomware teams. Resecurity’s HUNTER (HUMINT) unit noticed the BianLian, White Rabbit, and Mario ransomware gangs collaborating in a joint extortion marketing campaign focusing on publicly-traded monetary providers corporations.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .ljuy and .ljaz extensions.
That is it for this week! Hope everybody has a pleasant weekend!
