Immediately’s column brings you two weeks of data on the newest ransomware assaults and analysis after we skipped final week’s article.
The large information over the previous two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure out of the blue stopped working for nearly 5 days. A number of sources advised BleepingComputer that this outage was associated to a legislation enforcement operation, however BlackCat claims the outages had been attributable to a {hardware}/internet hosting subject.
Nevertheless, BleepingComputer has discovered that among the BlackCat/ALPHV associates should not shopping for the reason and have began to contact victims straight through electronic mail to carry out negotiations exterior of the ransomware operation’s Tor negotiation websites.
It’s unclear if that’s as a result of they’re engaged on their last victims beneath this operation earlier than they change to a different gang or in the event that they really feel the ALPHV operation has been compromised in some method.
Regardless of the causes, the LockBit operation is making the most of the drama. The cybercrime gang has advised BleepingComputer that they see this as a Christmas reward and have began recruiting ALPHV’s associates.
In different information, we discovered about quite a few ransomware assaults over the previous two weeks, together with:
Lastly, legislation enforcement has had some confirmed actions this week, together with arresting a cash launderer linked to Hive ransomware and a Russian pleading responsible to operating a crypto trade utilized by ransomware gangs.
Contributors and people who supplied new ransomware data and tales this week embrace: @malwrhunterteam, @demonslay335, @billtoulas, @fwosar, @Seifreed, @serghei, @BleepinComputer, @LawrenceAbrams, @Ionut_Ilascu, @ValeryMarchive, @BushidoToken, @azalsecurity, @SentinelOne, @g0njxa, @AlvieriD, @ShadowStackRE, @AShukuhi, @BrettCallow, @GossiTheDog, @vmiss33, @pcrisk, and @RESecurity.
December third 2023
Linux model of Qilin ransomware focuses on VMware ESXi
A pattern of the Qilin ransomware gang’s VMware ESXi encryptor has been discovered and it could possibly be one of the vital superior and customizable Linux encryptors seen so far.
December 4th 2023
Tipalti investigates claims of information stolen in ransomware assault
Tipalti says they’re investigating claims that the ALPHV ransomware gang breached its community and stole 256 GB of information, together with information for Roblox and Twitch.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .elpy and drops ransom notes named data.txt and data.hta.
RA World encryptor
PCrisk discovered the encryptor for the brand new RA World operation, which appends the .RAWLD extension and drops a ransom notice named Information breach warning.txt.
New Xorist variant
PCrisk discovered a brand new Xorist variant that appends the .xro extension and drops a ransom notice named HOW TO DECRYPT FILES.txt.
December fifth 2023
HTC International Providers confirms cyberattack after information leaked on-line
IT providers and enterprise consulting firm HTC International Providers has confirmed that they suffered a cyberattack after the ALPHV ransomware gang started leaking screenshots of stolen information.
December sixth 2023
Qilin ESXi encryptor evaluation
Qilin ransomware has constructed a extremely configurable malware household that makes use of the native ESXi tooling to extend the success charge of encrypting and ransoming their sufferer.
Navy contractor Austal USA confirms cyberattack after information leak
Austal USA, a shipbuilding firm and a contractor for the U.S. Division of Protection (DoD) and the Division of Homeland Safety (DHS) confirmed that it suffered a cyberattack and is at present investigating the influence of the incident.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .nbwr and .nbzi extensions.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .GrafGrafel and drops ransom notes named data.txt and data.hta.
December seventh 2023
Russian pleads responsible to operating crypto-exchange utilized by ransomware gangs
Russian nationwide Anatoly Legkodymov pleaded responsible to working the Bitzlato cryptocurrency trade that helped ransomware gangs and different cybercriminals launder over $700 million.
December eighth 2023
ALPHV ransomware web site outage rumored to be attributable to legislation enforcement
A legislation enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang’s web sites over the past 30 hours.
Norton Healthcare discloses information breach after Could ransomware assault
Kentucky well being system Norton Healthcare has confirmed {that a} ransomware assault in Could uncovered private data belonging to sufferers, staff, and dependents.
New HiddenTear variant
PCrisk discovered a brand new HiddenTear ransomware variant that appends the .humorous extension and drops a ransom notice named readme.txt.
December eleventh 2023
Toyota warns clients of information breach exposing private, monetary data
Toyota Monetary Providers (TFS) is warning clients it suffered a knowledge breach, stating that delicate private and monetary information was uncovered within the assault.
Chilly storage big Americold discloses information breach after April malware assault
Chilly storage and logistics big Americold has confirmed that over 129,000 staff and their dependents had their private data stolen in an April assault, later claimed by Cactus ransomware.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .hhuy and .hhaz extensions.
December twelfth 2023
Spider-Man 2 developer Insomniac Video games hit by Rhysida ransomware assault
Ransomware operator Rhysida has posted restricted information that seems to again up its declare that it has efficiently hacked online game developer Insomniac Video games.
December thirteenth 2023
LockBit ransomware now poaching BlackCat, NoEscape associates
The LockBit ransomware operation is now recruiting associates and builders from the BlackCat/ALPHV and NoEscape after latest disruptions and exit scams.
French police arrests Russian suspect linked to Hive ransomware
French authorities arrested a Russian nationwide in Paris for allegedly serving to the Hive ransomware gang with laundering their victims’ ransom funds.
Technical evaluation of Rhysida
ShadowStackRE has printed a technical evaluation of the Rhysida ransomware encryptor.
Mallox Resurrected | Ransomware Assaults Exploiting MS-SQL Proceed to Burden Enterprises
On this submit, we spotlight latest Mallox exercise, clarify the group’s preliminary entry strategies and supply a high-level evaluation of latest Mallox payloads to assist defenders higher perceive and defend in opposition to this persistent risk.
December 14th 2023
Kraft Heinz investigates hack claims, says programs ‘working usually’
Kraft Heinz has confirmed that their programs are working usually and that there isn’t any proof they had been breached after an extortion group listed them on a knowledge leak web site.
December fifteenth 2023
Exposing The Cyber-Extortion Trinity – BianLian, White Rabbit, And Mario Ransomware Gangs Noticed In A Joint Marketing campaign
Based mostly on a latest Digital Forensics & Incident Response (DFIR) engagement with a legislation enforcement company (LEA) and one of many main funding organizations in Singapore, Resecurity, Inc. (USA) has uncovered a significant hyperlink between three main ransomware teams. Resecurity’s HUNTER (HUMINT) unit noticed the BianLian, White Rabbit, and Mario ransomware gangs collaborating in a joint extortion marketing campaign focusing on publicly-traded monetary providers companies.
New STOP ransomware variants
PCRisk discovered new STOP ransomware variants that append the .ljuy and .ljaz extensions.
That is it for this week! Hope everybody has a pleasant weekend!
