This week has been a busy ransomware week, with ransomware assaults having a large influence on organizations and the fallout of the MOVEit breaches to be disclosed.
BleepingComputer additionally completely broke the story that constructing and automation big Johnson Controls Worldwide suffered a Darkish Angels ransomware assault, with the menace actors claiming to have stolen 27 TB of knowledge from 25 file servers.
The cyberattack was reportedly launched in Asia places of work, from which the menace actors unfold to the remainder of the company community. Throughout this time, the attackers declare to have stolen DWG recordsdata, engineering paperwork, databases, confidential paperwork, and shopper contracts.
Quickly after BleepingComputer broke the information, Johnson Controls submitted a FORM 8-Okay submitting with the SEC, confirming they suffered a cyberattack.
We additionally proceed to see the consequences of Clop’s huge MOVEit data-theft assaults, with the Nationwide Pupil Clearinghouse warning of a information breach that impacted 890 faculties and the BORN Ontario baby registry breach impacting 3.4 million individuals, together with sufferers on the Hospital for Sick Youngsters (SickKids).
Cybersecurity companies, journalists, and regulation enforcement additionally launched attention-grabbing reviews this week:
Contributors and people who supplied new ransomware info and tales this week embody @serghei, @Ionut_Ilascu, @BleepinComputer, @fwosar, @Seifreed, @demonslay335, @billtoulas, @LawrenceAbrams, @malwrhunterteam, @MalGamy12, @billseagull, @coveware, @GroupIB_TI, @briankrebs, @pcrisk, @FBI, @jgreigj, and @DrWeb_antivirus.
September twenty third 2023
Nationwide Pupil Clearinghouse information breach impacts 890 faculties
U.S. academic nonprofit Nationwide Pupil Clearinghouse (NSC) has disclosed an information breach affecting 890 faculties utilizing its companies throughout the USA.
September twenty fifth 2023
BORN Ontario baby registry information breach impacts 3.4 million individuals
The Higher Outcomes Registry & Community (BORN), a healthcare group funded by the federal government of Ontario, has introduced that it’s among the many victims of Clop ransomware’s MOVEit hacking spree.
Megazord: a ransomware written in RUST
Technical writeup on Akira’s new PowerRanges variant, internally referred to as Megazord.
Megazord ransomware is a brand new variant of Akira ransomware. Akira ransomware appeared in March 2023, and a Linux model appeared in June. The encryption methodology is a mix of RSA + AES to encrypt recordsdata. Megazord ransomware is completely different from the earlier one in that it’s written in Rust language and makes use of a mix of curve25519 elliptic curve uneven encryption algorithm and sosemanuk symmetric encryption algorithm to encrypt. The suffix of the encrypted file is .powerranges, and it’s also included in every folder. Drop a ransomware doc.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .azhi, .azqt, and .azop extensions.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .deep extension.
September twenty sixth 2023
SickKids impacted by BORN Ontario information breach that hit 3.4 million
The Hospital for Sick Youngsters, extra generally referred to as SickKids, is amongst healthcare suppliers that had been impacted by the current breach at BORN Ontario.
ShadowSyndicate hackers linked to a number of ransomware ops, 85 servers
Safety researchers have recognized infrastructure belonging to a menace actor now tracked as ShadowSyndicate, who possible deployed seven completely different ransomware households in assaults over the previous yr.
Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
New Night time Crow ransomware
PCrisk discovered a brand new ransomware named Night time Crow that appends the .NIGHT_CROW and drops a ransom be aware named NIGHT_CROW_RECOVERY.txt.
Kettering logistics agency enters administration with 730 jobs misplaced
A logistics and coaching agency focused by a “important” cyber assault has entered administration.
September twenty seventh 2023
Constructing automation big Johnson Controls hit by ransomware assault
Johnson Controls Worldwide has suffered what’s described as a large ransomware assault that encrypted lots of the firm gadgets, together with VMware ESXi servers, impacting the corporate’s and its subsidiaries’ operations.
‘Snatch’ Ransom Group Exposes Customer IP Addresses
The sufferer shaming web site operated by the Snatch ransomware group is leaking information about its true on-line location and inner operations, in addition to the Web addresses of its guests, KrebsOnSecurity has discovered. The leaked information counsel that Snatch is one in all a number of ransomware teams utilizing paid advertisements on Google.com to trick individuals into putting in malware disguised as common free software program, resembling Microsoft Groups, Adobe Reader, Mozilla Thunderbird, and Discord.
New Dharma variant
PCrisk discovered a brand new Dharma variant that appends the .DOOK extension.
New Xorist variant
PCrisk discovered a brand new Xorist variant that appends the .Acquired extension.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .mzhi, .mzop, and .mzqt extensions.
September twenty eighth 2023
FBI: Twin ransomware assault victims now get hit inside 48 hours
The FBI has warned a few new development in ransomware assaults the place a number of strains are deployed on victims’ networks to encrypt techniques in below two days.
New Medusa variant
PCrisk discovered a brand new Medusa variant that appends the .meduza24 extension.
September twenty ninth 2023
Massive Michigan healthcare supplier confirms ransomware assault
One of many largest healthcare techniques in Michigan confirmed that it’s coping with a ransomware assault after a infamous hacker gang boasted in regards to the incident.
New Digital Ransomware
PCrisk discovered a brand new ransomware variant that appends the .ELCTRONIC and drops a ransom be aware named README ELECTRONIC.txt.
That is it for this week! Hope everybody has a pleasant weekend!
