This week’s massive information is the extortion assaults on the Caesars and MGM Las Vegas on line casino chains, with one having already paid the ransom and the opposite nonetheless going through operational disruptions.
Caesers was first quietly breached earlier this month, with the attackers stealing its loyalty program database. This database incorporates driver’s license numbers and social safety for purchasers, and to forestall the leak of the information, Caesers paid a ransom demand.
In accordance with a report by the Wall Road Journal, the menace actors demanded $30 million to not leak the information, however the On line casino negotiated it all the way down to a $15 million cost.
“We’ve got taken steps to make sure that the stolen information is deleted by the unauthorized actor, though we can not assure this outcome,” Caesars stated in an SEC 8-Ok submitting revealed after information of the assault leaked.
This week, MGM Resorts suffered a ransomware assault, inflicting large disruptions in its casinos, similar to ATMs and bank card machines not working, friends locked our of lodge rooms, and slot machines not working.
It was later confirmed that this assault was performed by an affiliate for the BlackCat/ALPHV ransomware operation referred to as Scattered Spider.
In a prolonged assertion on the ransomware gang’s information leak website, the menace actors declare to have gained full entry to the corporate’s community and finally encrypted 100 VMware ESXi servers.
We additionally discovered about ransomware assaults on the UK’s Better Manchester Police (GMP), the Auckland transport authority, and IT options supplier ORBCOMM.
Lastly, some attention-grabbing analysis was launched this week:
Contributors and people who supplied new ransomware info and tales this week embrace: @Seifreed, @malwareforme, @serghei, @malwrhunterteam, @BleepinComputer, @demonslay335, @Ionut_Ilascu, @LawrenceAbrams, @billtoulas, @vxunderground, @BroadcomSW, @MsftSecIntel, @AlvieriD, @WilliamTurton, @GeeksCyber, @pcrisk, and @Mandiant.
September eleventh 2023
MGM Resorts shuts down IT techniques after cyberattack
MGM Resorts Worldwide disclosed in the present day that it’s coping with a cybersecurity problem that impacted a few of its techniques, together with its predominant web site, on-line reservations, and in-casino companies, like ATMs, slot machines, and bank card machines.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .hgfu and .hgew extensions.
September twelfth 2023
Ransomware entry dealer steals accounts through Microsoft Groups phishing
Microsoft says an preliminary entry dealer recognized for working with ransomware teams has not too long ago switched to Microsoft Groups phishing assaults to breach company networks.
New AnonTsugumi ransomware
PCrisk discovered a ransomware referred to as AnonTsugumi that appends the .anontsugumi extension and drops a ransom observe named README.txt.
September thirteenth 2023
Hackers use new 3AM ransomware to avoid wasting failed LockBit assault
A brand new ransomware pressure referred to as 3AM has been uncovered after a menace actor used it in an assault that did not deploy LockBit ransomware on a goal community.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .ooza and .oopl extensions.
September 14th 2023
Manchester Law enforcement officials’ information uncovered in ransomware assault
United Kingdom’s Better Manchester Police (GMP) stated earlier in the present day that a few of its workers’ private info was impacted by a ransomware assault that hit a third-party provider.
Caesars Leisure confirms ransom cost, buyer information theft
Caesars Leisure, self-described as the most important U.S. on line casino chain with essentially the most in depth loyalty program within the business, says it paid a ransom to keep away from the net leak of buyer information stolen in a latest cyberattack.
Auckland transport authority hit by suspected ransomware assault
The Auckland Transport (AT) transportation authority in New Zealand is coping with a widespread outage brought on by a cyber incident, impacting a variety of buyer companies.
MGM on line casino’s ESXi servers allegedly encrypted in ransomware assault
An affiliate of the BlackCat ransomware group, often known as APLHV, is behind the assault that disrupted MGM Resorts’ operations, forcing the corporate to close down IT techniques.
Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety
UNC3944 is a financially motivated menace cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) to acquire credentials to achieve and escalate entry to sufferer organizations. Not less than some UNC3944 menace actors seem to function in underground communities, similar to Telegram and underground boards, which they could leverage to accumulate instruments, companies, and/or different help to reinforce their operations.
September fifteenth 2023
ORBCOMM ransomware assault causes trucking fleet administration outage
Trucking and fleet administration options supplier ORBCOMM has confirmed {that a} ransomware assault is behind latest service outages stopping trucking corporations from managing their fleets.
An in depth evaluation of the Cash Message Ransomware
The menace actor group, Cash Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which incorporates the companies and processes to cease a ransomware assault, might be discovered on the finish of the executable. The ransomware creates a mutex and deletes the Quantity Shadow Copies utilizing vssadmin.exe.
New Elibe ransomware
PCrisk discovered a ransomware variant that appends the .elibe extension and drops a ranom observe named FILES ENCRYPTED.txt.
New STOP ransomware variant
PCrisk discovered a STOP ransomware variant that appends the .oohu extension.