This week’s greatest information was the coordinated, worldwide legislation enforcement operation between Europol, the FBI, the Netherlands, Germany, and Ukraine that focused the DoppelPaymer operation.
As a part of this operation, the police arrested two core members of the DoppelPaymer gang and raided a number of places the place they seized electronics.
DoppelPaymer is believed to be one of many ransomware manufacturers operated by the Evil Corp cybercrime operation, additionally identified for managing and distributing the Dridex malware botnet.
After the U.S. sanctioned Evil Corp in 2019 for inflicting over $100 million in monetary damages, many ransomware restoration and negotiation corporations refused to work together with the ransomware operation, inflicting a big lower in ransom funds.
These sanctions led to EvilCorp consistently rebranding their ransomware operations below new names, with DoppelPaymer rebranding as Grief (a.ok.a. Pay or Grief) in the summertime of 2021.
One other important information this week got here as we speak, with the SEC asserting a settlement with BlackBaud for failing to reveal the total affect of a 2020 ransomware assault that affected greater than 13,000 prospects.
New analysis was additionally launched this week on the ESXi encryptor of the Royal Ransomware and a brand new IceFire Linux encryptor.
Lastly, we realized extra about numerous ransomware assaults this week, together with ones on the Metropolis of Oakland, Hospital Clínic de Barcelona, Technion, Fonasa, and the Minneapolis Public Colleges district.
Contributors and people who supplied new ransomware info and tales this week embody: @BleepinComputer, @serghei, @Seifreed, @malwrhunterteam, @demonslay335, @LawrenceAbrams, @billtoulas, @fwosar, @PolarToffee, @LabsSentinel, @BrettCallow, @security_score, @AhnLab_SecuInfo, @AJVicens, @AlvieriD, @pcrisk, @chum1ng0, and @TrendMicro.
March 4th 2023
Ransomware gang leaks knowledge stolen from Metropolis of Oakland
The Play ransomware gang has begun to leak knowledge from the Metropolis of Oakland, California, that was stolen in a current cyberattack.
March sixth 2023
Core DoppelPaymer ransomware gang members focused in Europol operation
Europol has introduced that legislation enforcement in Germany and Ukraine focused two people believed to be core members of the DoppelPaymer ransomware group.
March seventh 2023
Hospital Clínic de Barcelona severely impacted by ransomware assault
The Hospital Clínic de Barcelona suffered a ransomware assault on Sunday morning, severely disrupting its healthcare providers after the establishment’s digital machines had been focused by the assaults.
ESXi Ransomware – A case examine of Royal Ransomware
“Royal ransomware joins different ransomware teams focusing on ESXi servers. The recordsdata are encrypted utilizing the AES algorithm, with the important thing and IV being encrypted utilizing theRSA public key that’s hard-coded within the executable. The method can partially encrypt a filedepending on its measurement and the worth of the “-ep” parameter. The extension of the encrypted filesis modified to “.royal_u”.”
Israel blames prolific Iranian-linked hacking group for February college hack
Iran was behind a cyberattack on a serious analysis college in Israel final month, the Israel Nationwide Cyber Directorate introduced on Tuesday.
Ransomware Focusing on Albanian Authorities – RoadSweep 2.0
Albanian information shops have reported two large-scale focused cyber-attacks of the identical kind and most certainly by the identical attackers as one other earlier ransomware assault on Albania.
New MedusaLocker variant
PCrisk discovered a brand new MedusaLocker variant that appends the .acessd extension and drops a ransom observe named How_to_back_files.html.
March eighth 2023
Ransomware gang posts video of information stolen from Minneapolis colleges
The Medusa ransomware gang is demanding a $1,000,000 ransom from the Minneapolis Public Colleges (MPS) district to delete knowledge allegedly stolen in a ransomware assault.
March ninth 2023
IceFire ransomware now encrypts each Linux and Home windows programs
Menace actors linked to the IceFire ransomware operation now actively goal Linux programs worldwide with a brand new devoted encryptor.
Decryptable iswr Ransomware Being Distributed in Korea
ASEC (AhnLab Safety Emergency response Middle) has lately found the distribution of the iswr ransomware through the crew’s monitoring.
Analyzing Ransomware Funds From a Information-Science Lens
On this entry, we talk about case research that demonstrated how data-science strategies had been utilized in our investigation of ransomware teams’ ransom transactions, as detailed in our joint analysis with Waratah Analytics, “What Choice-Makers Must Know About Ransomware Danger.”
New STOP ransomware variant
PCrisk discovered a STOP variant that appends the .coba extension.
March tenth 2023
Blackbaud to pay $3M for deceptive ransomware assault disclosure
Cloud software program supplier Blackbaud has agreed to pay $3 million to settle fees introduced by the Securities and Change Fee (SEC), alleging that it did not disclose the total affect of a 2020 ransomware assault that affected greater than 13,000 prospects.
BlackCat confirms assault on Fonasa
In a chat on Tox, BlackCat confirmed to DataBreaches that they’re liable for the assault and so they say that they may announce it quickly on their leaks web page. A spokesperson for the group informed DataBreaches that they don’t seem to be giving Fonasa any extra time to reply as a result of they haven’t heard from them in any respect.
