Ransomware gangs proceed to pummel the enterprise, with assaults inflicting disruption in enterprise operations and leading to information breaches if a ransom just isn’t paid.
This week, we realized of three assaults impacting well-known corporations, with BianLian claiming the assault on Air Canada and ALPHV claiming an assault on state courts throughout Northwest Florida (a part of the First Judicial Circuit) final week.
A cyberattack on Simpson Manufacturing brought on the corporate to close down IT techniques, however it has not been confirmed as a ransomware assault.
In different information, a risk actor launched the supply code for the first model of Hey Kitty ransomware, claiming to be growing a brand new one that may rival LockBit.
Lastly, researchers and authorities businesses launched some attention-grabbing information this week:
- A brand new Q3 2023 Ransomware Developments Abstract reveals that ransomware continues to blow up, with Q3 being probably the most profitable quarter ever recorded.
- The FBI shared technical particulars, protection ideas, and IOCs for the AvosLocker ransomware, which has not been energetic currently.
- Ransomware assaults have now began to focus on unpatched WS_FTP servers. Nevertheless, these assaults are extra encryption-focused quite than for information theft.
Contributors and those that supplied new ransomware data and tales this week embrace: @fwosar, @demonslay335, @billtoulas, @Ionut_Ilascu, @serghei, @BleepinComputer, @malwrhunterteam, @Seifreed, @LawrenceAbrams, @SophosXOps, @3xp0rtblog, @AlvieriD, @pcrisk, @cyber_int, and @LikelyMalware.
October eighth 2023
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .mlwq and .mlrd extensions to encrypted information.
October ninth 2023
ALPHV ransomware gang claims assault on Florida circuit court docket
The ALPHV (BlackCat) ransomware gang has claimed an assault that affected state courts throughout Northwest Florida (a part of the First Judicial Circuit) final week.
HelloKitty ransomware supply code leaked on hacking discussion board
A risk actor has leaked the whole supply code for the primary model of the HelloKitty ransomware on a Russian-speaking hacking discussion board, claiming to be growing a brand new, extra highly effective encryptor.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .mlza and .mlap extensions to encrypted information.
New Hazard ransomware variant
PCrisk discovered a Hazard ransomware variant that appends the .hazard18 (the digit could also be totally different per sufferer) and drops a ransom be aware named HOW_TO_BACK_FILES.html.
New MedusaLocker ransomware variant
PCrisk discovered a MedusaLocker ransomware variant that appends the .locknet and drops a ransom be aware named HOW_TO_BACK_FILES.html.
October tenth 2023
Air Europa information breach: Prospects warned to cancel bank cards
Spanish airline Air Europa, the nation’s third-largest airline and a member of the SkyTeam alliance, warned prospects on Monday to cancel their bank cards after attackers accessed their card data in a current information breach.
October eleventh 2023
BianLian extortion group claims current Air Canada breach
The BianLian extortion group claims to have stolen 210GB of knowledge after breaching the community of Air Canada, the nation’s largest airline and a founding member of Star Alliance.
Simpson Manufacturing shuts down IT techniques after cyberattack
Simpson Manufacturing disclosed through a SEC 8-Ok submitting a cybersecurity incident that has brought on disruptions in its operations, that are anticipated to proceed.
Distribution of Magniber Ransomware Stops (Since August twenty fifth)
By a steady monitoring course of, AhnLab Safety Emergency response Heart (ASEC) is swiftly responding to Magniber, the primary malware that’s actively being distributed utilizing the typosquatting technique which abuses typos in area addresses. After the blocking guidelines of the injection method utilized by Magniber have been distributed, ASEC printed a put up in regards to the related data on August tenth.
Ransomware Developments 2023, Q3 Report
Q3 will probably be remembered as a brand new report for the ransomware trade because it was probably the most profitable quarter ever recorded.
October twelfth 2023
FBI shares AvosLocker ransomware technical particulars, protection ideas
The U.S. authorities has up to date the record of instruments AvosLocker ransomware associates use in assaults to incorporate open-source utilities together with customized PowerShell, and batch scripts.
Ransomware assaults now goal unpatched WS_FTP servers
Web-exposed WS_FTP servers unpatched in opposition to a most severity vulnerability at the moment are focused in ransomware assaults.
That is it for this week! Hope everybody has a pleasant weekend!
