[ad_1]
This week’s information is action-packed, with police tricking ransomware into releasing keys to victims calling ransomware operations liars.
Probably the most attention-grabbing information this week is concerning the Dutch Police and Responders.NU working some trickery on the DeadBolt Ransomware operation that triggered them to fork over 155 decryption keys for victims.
Different attention-grabbing analysis consists of fake adult sites pushing data wipers, TTPs on Black Basta, information on a brand new Prestige Ransomware targeting Ukraine and Poland, and Magniber ransomware being installed via JavaScript files.
We additionally realized some details about some assaults that have been made public just lately.
Healthcare org CommonSpirit admitted this week that they suffered a ransomware assault. Nonetheless, ADATA denies they suffered a recent attack by RansomHouse and says the information is being recirculated from a 2021 breach by RagnarLocker.
Contributors and people who offered new ransomware info and tales this week embody: @struppigel, @VK_Intel, @serghei, @BleepinComputer, @billtoulas, @LawrenceAbrams, @malwareforme, @demonslay335, @FourOctets, @jorntvdw, @PolarToffee, @Ionut_Ilascu, @Seifreed, @fwosar, @malwrhunterteam, @DanielGallagher, @AuCyble, @UID_, @linuxct, @MsftSecIntel, @ahnlab, @Amermelsad, @TrendMicro, and @pcrisk.
October eighth 2022
ADATA denies RansomHouse cyberattack, says leaked data from 2021 breach
Taiwanese chip maker ADATA denies claims of a RansomHouse cyberattack after the menace actors started posting stolen recordsdata on their knowledge leak web site.
Fake adult sites push data wipers disguised as ransomware
Malicious grownup web sites push faux ransomware which, in actuality, acts as a wiper that quietly tries to delete nearly the entire knowledge in your machine.
October tenth 2022
New VoidCrypt variant
PCrisk discovered a VoidCrypt variant that appends the .solo extension and drops a ransom notice named unlock-info.txt.
New Dharma variant
PCrisk discovered a brand new Dharma variant that appends the .dkey extension to encrypted recordsdata.
October eleventh 2022
Microsoft Exchange servers hacked to deploy LockBit ransomware
Microsoft is investigating studies of a brand new zero-day bug abused to hack Change servers which have been later used to launch Lockbit ransomware assaults.
FinCEN fines Bittrex $29 million
“For years, Bittrex’s AML program and SAR reporting failures unnecessarily uncovered the U.S. monetary system to menace actors,” mentioned FinCEN Appearing Director Himamauli Das. “Bittrex’s failures created publicity to high-risk counterparties together with sanctioned jurisdictions, darknet markets, and ransomware attackers. Digital asset service suppliers are on discover that they need to implement sturdy risk-based compliance applications and meet their BSA reporting necessities. FinCEN won’t hesitate to behave when it identifies willful violations of the BSA.”
October twelfth 2022
CommonSpirit confirms ransomware attack
As beforehand shared, upon discovering the ransomware assault, we took quick steps to guard our programs, comprise the incident, start an investigation, and guarantee continuity of care. Our amenities are following current protocols for system outages, which incorporates taking sure programs offline, equivalent to digital well being information. As well as, we’re taking steps to mitigate the disruption and preserve continuity of care. To additional help and assist our workforce within the investigation and response course of, we engaged main cybersecurity specialists and notified legislation enforcement.
Black Basta Ransomware Gang Infiltrates Networks via QAKBOT, Brute Ratel, and Cobalt Strike
We analyzed a QAKBOT-related case resulting in a Brute Ratel C4 and Cobalt Strike payload that may be attributed to the menace actors behind the Black Basta ransomware.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .powz and .pohj extensions.
October thirteenth 2022
Magniber ransomware now infects Windows users via JavaScript files
A current malicious marketing campaign delivering Magniber ransomware has been focusing on Home windows residence customers with faux safety updates.
New Dharma variant
PCrisk discovered a brand new Dharma variant that appends the .CYBER extension to encrypted recordsdata and drops a ransom notice named CYBER.txt.
October 14th 2022
Microsoft: New Prestige ransomware targets orgs in Ukraine, Poland
Microsoft says new Status ransomware is getting used to focus on transportation and logistics organizations in Ukraine and Poland in ongoing assaults.
Police tricks DeadBolt ransomware out of 155 decryption keys
The Dutch Nationwide Police, in collaboration with cybersecurity agency Responders.NU, obtained 155 decryption keys from the DeadBolt ransomware gang by faking ransom funds.
Ransom Cartel Ransomware: A Possible Connection With REvil
On this report, we are going to present our evaluation of Ransom Cartel ransomware, in addition to our evaluation of the doable connections between REvil and Ransom Cartel ransomware.
Why call police after a cyber attack? Because they’re waiting for you
For instance, after the RCMP seized cryptocurency held by Canadian Sebastien Vachon-Desjardins, an affiliate of the Netwalker ransomware gang, it tried returning the funds to Canadian victims. Some organizations refused to acknowledge being hit, she mentioned.
That is it for this week! Hope everybody has a pleasant weekend!
[ad_2]
Source link