Ransomware gangs proceed to pummel the enterprise, with assaults inflicting disruption in enterprise operations and leading to information breaches if a ransom shouldn’t be paid.
This week, we realized of three assaults impacting well-known corporations, with BianLian claiming the assault on Air Canada and ALPHV claiming an assault on state courts throughout Northwest Florida (a part of the First Judicial Circuit) final week.
A cyberattack on Simpson Manufacturing precipitated the corporate to close down IT techniques, but it surely has not been confirmed as a ransomware assault.
In different information, a menace actor launched the supply code for the first model of Hiya Kitty ransomware, claiming to be growing a brand new one that can rival LockBit.
Lastly, researchers and authorities businesses launched some attention-grabbing information this week:
- A brand new Q3 2023 Ransomware Tendencies Abstract reveals that ransomware continues to blow up, with Q3 being probably the most profitable quarter ever recorded.
- The FBI shared technical particulars, protection ideas, and IOCs for the AvosLocker ransomware, which has not been energetic these days.
- Ransomware assaults have now began to focus on unpatched WS_FTP servers. Nevertheless, these assaults are extra encryption-focused moderately than for information theft.
Contributors and people who supplied new ransomware data and tales this week embrace: @fwosar, @demonslay335, @billtoulas, @Ionut_Ilascu, @serghei, @BleepinComputer, @malwrhunterteam, @Seifreed, @LawrenceAbrams, @SophosXOps, @3xp0rtblog, @AlvieriD, @pcrisk, @cyber_int, and @LikelyMalware.
October eighth 2023
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .mlwq and .mlrd extensions to encrypted recordsdata.
October ninth 2023
ALPHV ransomware gang claims assault on Florida circuit court docket
The ALPHV (BlackCat) ransomware gang has claimed an assault that affected state courts throughout Northwest Florida (a part of the First Judicial Circuit) final week.
HelloKitty ransomware supply code leaked on hacking discussion board
A menace actor has leaked the entire supply code for the primary model of the HelloKitty ransomware on a Russian-speaking hacking discussion board, claiming to be growing a brand new, extra highly effective encryptor.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .mlza and .mlap extensions to encrypted recordsdata.
New Hazard ransomware variant
PCrisk discovered a Hazard ransomware variant that appends the .hazard18 (the digit could also be completely different per sufferer) and drops a ransom word named HOW_TO_BACK_FILES.html.
New MedusaLocker ransomware variant
PCrisk discovered a MedusaLocker ransomware variant that appends the .locknet and drops a ransom word named HOW_TO_BACK_FILES.html.
October tenth 2023
Air Europa information breach: Prospects warned to cancel bank cards
Spanish airline Air Europa, the nation’s third-largest airline and a member of the SkyTeam alliance, warned clients on Monday to cancel their bank cards after attackers accessed their card data in a latest information breach.
October eleventh 2023
BianLian extortion group claims latest Air Canada breach
The BianLian extortion group claims to have stolen 210GB of information after breaching the community of Air Canada, the nation’s largest airline and a founding member of Star Alliance.
Simpson Manufacturing shuts down IT techniques after cyberattack
Simpson Manufacturing disclosed through a SEC 8-Ok submitting a cybersecurity incident that has precipitated disruptions in its operations, that are anticipated to proceed.
Distribution of Magniber Ransomware Stops (Since August twenty fifth)
By a steady monitoring course of, AhnLab Safety Emergency response Middle (ASEC) is swiftly responding to Magniber, the principle malware that’s actively being distributed utilizing the typosquatting methodology which abuses typos in area addresses. After the blocking guidelines of the injection method utilized by Magniber had been distributed, ASEC revealed a publish concerning the related data on August tenth.
Ransomware Tendencies 2023, Q3 Report
Q3 shall be remembered as a brand new report for the ransomware trade because it was probably the most profitable quarter ever recorded.
October twelfth 2023
FBI shares AvosLocker ransomware technical particulars, protection ideas
The U.S. authorities has up to date the checklist of instruments AvosLocker ransomware associates use in assaults to incorporate open-source utilities together with customized PowerShell, and batch scripts.
Ransomware assaults now goal unpatched WS_FTP servers
Web-exposed WS_FTP servers unpatched in opposition to a most severity vulnerability are actually focused in ransomware assaults.