Right now’s column brings you two weeks of knowledge on the newest ransomware assaults and analysis after we skipped final week’s article.
The massive information over the previous two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure instantly stopped working for nearly 5 days. A number of sources informed BleepingComputer that this outage was associated to a legislation enforcement operation, however BlackCat claims the outages had been brought on by a {hardware}/internet hosting problem.
Nonetheless, BleepingComputer has realized that a number of the BlackCat/ALPHV associates will not be shopping for the reason and have began to contact victims instantly by way of e-mail to carry out negotiations exterior of the ransomware operation’s Tor negotiation websites.
It’s unclear if that’s as a result of they’re engaged on their last victims below this operation earlier than they change to a different gang or in the event that they really feel the ALPHV operation has been compromised in some method.
Regardless of the causes, the LockBit operation is making the most of the drama. The cybercrime gang has informed BleepingComputer that they see this as a Christmas reward and have began recruiting ALPHV’s associates.
In different information, we realized about quite a few ransomware assaults over the previous two weeks, together with:
Lastly, legislation enforcement has had some confirmed actions this week, together with arresting a cash launderer linked to Hive ransomware and a Russian pleading responsible to working a crypto change utilized by ransomware gangs.
Contributors and those that offered new ransomware info and tales this week embody: @malwrhunterteam, @demonslay335, @billtoulas, @fwosar, @Seifreed, @serghei, @BleepinComputer, @LawrenceAbrams, @Ionut_Ilascu, @ValeryMarchive, @BushidoToken, @azalsecurity, @SentinelOne, @g0njxa, @AlvieriD, @ShadowStackRE, @AShukuhi, @BrettCallow, @GossiTheDog, @vmiss33, @pcrisk, and @RESecurity.
December third 2023
Linux model of Qilin ransomware focuses on VMware ESXi
A pattern of the Qilin ransomware gang’s VMware ESXi encryptor has been discovered and it might be one of the vital superior and customizable Linux encryptors seen thus far.
December 4th 2023
Tipalti investigates claims of information stolen in ransomware assault
Tipalti says they’re investigating claims that the ALPHV ransomware gang breached its community and stole 256 GB of information, together with information for Roblox and Twitch.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .elpy and drops ransom notes named data.txt and data.hta.
RA World encryptor
PCrisk discovered the encryptor for the brand new RA World operation, which appends the .RAWLD extension and drops a ransom notice named Information breach warning.txt.
New Xorist variant
PCrisk discovered a brand new Xorist variant that appends the .xro extension and drops a ransom notice named HOW TO DECRYPT FILES.txt.
December fifth 2023
HTC World Companies confirms cyberattack after information leaked on-line
IT companies and enterprise consulting firm HTC World Companies has confirmed that they suffered a cyberattack after the ALPHV ransomware gang started leaking screenshots of stolen information.
December sixth 2023
Qilin ESXi encryptor evaluation
Qilin ransomware has constructed a extremely configurable malware household that makes use of the native ESXi tooling to extend the success price of encrypting and ransoming their sufferer.
Navy contractor Austal USA confirms cyberattack after information leak
Austal USA, a shipbuilding firm and a contractor for the U.S. Division of Protection (DoD) and the Division of Homeland Safety (DHS) confirmed that it suffered a cyberattack and is at present investigating the impression of the incident.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .nbwr and .nbzi extensions.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .GrafGrafel and drops ransom notes named data.txt and data.hta.
December seventh 2023
Russian pleads responsible to working crypto-exchange utilized by ransomware gangs
Russian nationwide Anatoly Legkodymov pleaded responsible to working the Bitzlato cryptocurrency change that helped ransomware gangs and different cybercriminals launder over $700 million.
December eighth 2023
ALPHV ransomware web site outage rumored to be brought on by legislation enforcement
A legislation enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang’s web sites over the past 30 hours.
Norton Healthcare discloses information breach after Could ransomware assault
Kentucky well being system Norton Healthcare has confirmed {that a} ransomware assault in Could uncovered private info belonging to sufferers, staff, and dependents.
New HiddenTear variant
PCrisk discovered a brand new HiddenTear ransomware variant that appends the .humorous extension and drops a ransom notice named readme.txt.
December eleventh 2023
Toyota warns prospects of information breach exposing private, monetary data
Toyota Monetary Companies (TFS) is warning prospects it suffered an information breach, stating that delicate private and monetary information was uncovered within the assault.
Chilly storage big Americold discloses information breach after April malware assault
Chilly storage and logistics big Americold has confirmed that over 129,000 staff and their dependents had their private info stolen in an April assault, later claimed by Cactus ransomware.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .hhuy and .hhaz extensions.
December twelfth 2023
Spider-Man 2 developer Insomniac Video games hit by Rhysida ransomware assault
Ransomware operator Rhysida has posted restricted information that seems to again up its declare that it has efficiently hacked online game developer Insomniac Video games.
December thirteenth 2023
LockBit ransomware now poaching BlackCat, NoEscape associates
The LockBit ransomware operation is now recruiting associates and builders from the BlackCat/ALPHV and NoEscape after latest disruptions and exit scams.
French police arrests Russian suspect linked to Hive ransomware
French authorities arrested a Russian nationwide in Paris for allegedly serving to the Hive ransomware gang with laundering their victims’ ransom funds.
Technical evaluation of Rhysida
ShadowStackRE has printed a technical evaluation of the Rhysida ransomware encryptor.
Mallox Resurrected | Ransomware Assaults Exploiting MS-SQL Proceed to Burden Enterprises
On this put up, we spotlight latest Mallox exercise, clarify the group’s preliminary entry strategies and supply a high-level evaluation of latest Mallox payloads to assist defenders higher perceive and defend towards this persistent menace.
December 14th 2023
Kraft Heinz investigates hack claims, says programs ‘working usually’
Kraft Heinz has confirmed that their programs are working usually and that there is no such thing as a proof they had been breached after an extortion group listed them on an information leak web site.
December fifteenth 2023
Exposing The Cyber-Extortion Trinity – BianLian, White Rabbit, And Mario Ransomware Gangs Noticed In A Joint Marketing campaign
Based mostly on a latest Digital Forensics & Incident Response (DFIR) engagement with a legislation enforcement company (LEA) and one of many main funding organizations in Singapore, Resecurity, Inc. (USA) has uncovered a significant hyperlink between three main ransomware teams. Resecurity’s HUNTER (HUMINT) unit noticed the BianLian, White Rabbit, and Mario ransomware gangs collaborating in a joint extortion marketing campaign concentrating on publicly-traded monetary companies companies.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .ljuy and .ljaz extensions.
