A global regulation enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was chargeable for assaults on organizations in 71 international locations.
The menace actors are stated to be associates of quite a few ransomware operations, together with LockerGoga, MegaCortex, HIVE, and Dharma. This cybercriminal operation is alleged to have led to the lack of lots of of hundreds of thousands of euros.
The regulation enforcement operation occurred on November twenty first, with coordinated raids in 30 places in Kyiv, Cherkasy, Rivne, and Vinnytsia. Because of the operation, police arrested the group’s alleged ringleader and 4 of his accomplices.
Of explicit curiosity is that Norway was concerned within the operation, making cybersecurity researchers consider that this affiliate group might have been behind the Norsk Hydro assault, which concerned the LockerGoga ransomware.
Nevertheless, a menace actor disputed these rumors on the Russian-speaking XSS hacking discussion board, claiming that the affiliate group had nothing to do with the assault. The menace actor additional claims to be the one who gave a police drone the finger within the under video of the regulation enforcement operation.
In different information, ransomware assaults have been surging, with additional details about assaults being disclosed this week.
This contains assaults on the Ethyrial: Echoes of Yore recreation developer, Ardent Well being Companies, Slovenia’s largest energy supplier HSE, and a re-encryption of healthcare large Henry Schein as punishment for allegedly not paying the ransom.
We additionally discovered that the assault on DP World didn’t contain encryption. Nevertheless, it may have been a ransomware assault that was stopped earlier than encryptors had been deployed.
Lastly, researchers launched some fascinating details about ransomware, together with Cactus ransomware exploiting Qlik Sense flaws to breach networks, and Black Basta ransomware believed to have revamped $100 million.
Contributors and those that offered new ransomware data and tales this week embrace: @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @billtoulas, @serghei, @Seifreed, @BleepinComputer, @demonslay335, @fwosar, @pcrisk, @CorvusInsurance, @elliptic, @AWNetworks, @ShadowStackRE, @ddd1ms, @3xp0rtblog, @jgreigj, and @BrettCallow.
November twenty seventh 2023
Healthcare large Henry Schein hit twice by BlackCat ransomware
American healthcare firm Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who additionally breached their community in October.
Ransomware assault on indie recreation maker wiped all participant accounts
A ransomware assault on the “Ethyrial: Echoes of Yore” MMORPG final Friday destroyed 17,000 participant accounts, deleting their in-game objects and progress within the recreation.
Ardent hospital ERs disrupted in 6 states after ransomware assault
Ardent Well being Companies, a healthcare supplier working 30 hospitals throughout six U.S. states, disclosed immediately that its methods had been hit by a ransomware assault on Thursday.
Slovenia’s largest energy supplier HSE hit by ransomware assault
Slovenian energy firm Holding Slovenske Elektrarne (HSE) has suffered a ransomware assault that compromised its methods and encrypted recordsdata, but the corporate says the incident didn’t disrupt electrical energy manufacturing.
LostTrust Ransomware evaluation
The LostTrust ransomware household has a reasonably small sufferer pool and has compromised victims earlier this 12 months. The encryptor has comparable characteristcs to the MetaEncryptor ransomware household together with code stream and strings which signifies that the encryptor is a variant from the unique MetaEncryptor supply.
New “MuskOff” Chaos variant
PCrisk discovered a brand new Chaos variant that appends the .MuskOff extension and drops a ransom word named read_it.txt.
November twenty eighth 2023
Police dismantle ransomware group behind assaults in 71 international locations
In cooperation with Europol and Eurojust, regulation enforcement companies from seven nations have arrested in Ukraine the core members of a ransomware group linked to assaults in opposition to organizations in 71 international locations.
Qilin ransomware claims assault on automotive large Yanfeng
The Qilin ransomware group has claimed duty for a cyber assault on Yanfeng Automotive Interiors (Yanfeng), one of many world’s largest automotive components suppliers.
DP World confirms information stolen in cyberattack, no ransomware used
Worldwide logistics large DP World has confirmed that information was stolen throughout a cyber assault that disrupted its operations in Australia earlier this month. Nevertheless, the corporate says no ransomware payloads or encryption was used within the assault.
November twenty ninth 2023
Black Basta ransomware revamped $100 million from extortion
Russia-linked ransomware gang Black Basta has raked in a minimum of $100 million in ransom funds from greater than 90 victims because it first surfaced in April 2022, in line with joint analysis from Corvus Insurance coverage and Elliptic.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .jawr and .jazi extensions.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos variant that appends the .LEAKDB extension and drops a ransom notes named information.txt and information.hta.
November thirtieth 2023
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Cactus ransomware has been exploiting vital vulnerabilities within the Qlik Sense information analytics answer to get preliminary entry on company networks.
December 1st 2023
60 credit score unions dealing with outages on account of ransomware assault on well-liked tech supplier
About 60 credit score unions are coping with outages on account of a ransomware assault on a widely-used know-how supplier.
New “DoctorHelp” MedusaLocker variant
PCrisk discovered a brand new MedusaLocker variant that appends the .doctorhelp extension and drops a ransom word named How_to_back_files.html.
New Dharma ransomware variant
PCrisk discovered a brand new Darhma variant that appends the .intel extension.
