Home Cyber Security The Week in Ransomware – December 1st 2023

The Week in Ransomware – December 1st 2023

0
The Week in Ransomware – December 1st 2023

[ad_1]

Police arresting a hacker

A world legislation enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was liable for assaults on organizations in 71 international locations.

The risk actors are stated to be associates of quite a few ransomware operations, together with LockerGoga, MegaCortex, HIVE, and Dharma. This cybercriminal operation is claimed to have led to the lack of a whole lot of thousands and thousands of euros.

The legislation enforcement operation occurred on November twenty first, with coordinated raids in 30 places in Kyiv, Cherkasy, Rivne, and Vinnytsia. Because of the operation, police arrested the group’s alleged ringleader and 4 of his accomplices.

Of explicit curiosity is that Norway was concerned within the operation, making cybersecurity researchers imagine that this affiliate group could have been behind the Norsk Hydro assault, which concerned the LockerGoga ransomware.

Nonetheless, a risk actor disputed these rumors on the Russian-speaking XSS hacking discussion board, claiming that the affiliate group had nothing to do with the assault. The risk actor additional claims to be the one who gave a police drone the finger within the beneath video of the legislation enforcement operation.

In different information, ransomware assaults have been surging, with additional details about assaults being disclosed this week.

This contains assaults on the Ethyrial: Echoes of Yore recreation developer, Ardent Well being Providers, Slovenia’s largest energy supplier HSE, and a re-encryption of healthcare large Henry Schein as punishment for allegedly not paying the ransom.

We additionally discovered that the assault on DP World didn’t contain encryption. Nonetheless, it might have been a ransomware assault that was stopped earlier than encryptors had been deployed.

Lastly, researchers launched some fascinating details about ransomware, together with Cactus ransomware exploiting Qlik Sense flaws to breach networks, and Black Basta ransomware believed to have remodeled $100 million.

Contributors and those that offered new ransomware data and tales this week embody: @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @billtoulas, @serghei, @Seifreed, @BleepinComputer, @demonslay335, @fwosar, @pcrisk, @CorvusInsurance, @elliptic, @AWNetworks, @ShadowStackRE, @ddd1ms, @3xp0rtblog, @jgreigj, and @BrettCallow.

November twenty seventh 2023

Healthcare large Henry Schein hit twice by BlackCat ransomware

American healthcare firm Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who additionally breached their community in October.

Ransomware assault on indie recreation maker wiped all participant accounts

A ransomware assault on the “Ethyrial: Echoes of Yore” MMORPG final Friday destroyed 17,000 participant accounts, deleting their in-game gadgets and progress within the recreation.

Ardent hospital ERs disrupted in 6 states after ransomware assault

Ardent Well being Providers, a healthcare supplier working 30 hospitals throughout six U.S. states, disclosed right now that its programs had been hit by a ransomware assault on Thursday.

Slovenia’s largest energy supplier HSE hit by ransomware assault

Slovenian energy firm Holding Slovenske Elektrarne (HSE) has suffered a ransomware assault that compromised its programs and encrypted information, but the corporate says the incident didn’t disrupt electrical energy manufacturing.

LostTrust Ransomware evaluation

The LostTrust ransomware household has a reasonably small sufferer pool and has compromised victims earlier this 12 months. The encryptor has related characteristcs to the MetaEncryptor ransomware household together with code circulation and strings which signifies that the encryptor is a variant from the unique MetaEncryptor supply.

New “MuskOff” Chaos variant

PCrisk discovered a brand new Chaos variant that appends the .MuskOff extension and drops a ransom notice named read_it.txt.

November twenty eighth 2023

Police dismantle ransomware group behind assaults in 71 international locations

In cooperation with Europol and Eurojust, legislation enforcement businesses from seven nations have arrested in Ukraine the core members of a ransomware group linked to assaults in opposition to organizations in 71 international locations.

Qilin ransomware claims assault on automotive large Yanfeng

The Qilin ransomware group has claimed duty for a cyber assault on Yanfeng Automotive Interiors (Yanfeng), one of many world’s largest automotive elements suppliers.

DP World confirms information stolen in cyberattack, no ransomware used

Worldwide logistics large DP World has confirmed that information was stolen throughout a cyber assault that disrupted its operations in Australia earlier this month. Nonetheless, the corporate says no ransomware payloads or encryption was used within the assault.

November twenty ninth 2023

Black Basta ransomware remodeled $100 million from extortion

Russia-linked ransomware gang Black Basta has raked in at the very least $100 million in ransom funds from greater than 90 victims because it first surfaced in April 2022, in response to joint analysis from Corvus Insurance coverage and Elliptic.

New STOP ransomware variants

PCrisk discovered new STOP ransomware variants that append the .jawr and .jazi extensions.

New Phobos ransomware variant

PCrisk discovered a brand new Phobos variant that appends the .LEAKDB extension and drops a ransom notes named data.txt and data.hta.

November thirtieth 2023

Cactus ransomware exploiting Qlik Sense flaws to breach networks

Cactus ransomware has been exploiting crucial vulnerabilities within the Qlik Sense information analytics resolution to get preliminary entry on company networks.

December 1st 2023

60 credit score unions going through outages as a result of ransomware assault on common tech supplier

About 60 credit score unions are coping with outages as a result of a ransomware assault on a widely-used know-how supplier.

New “DoctorHelp” MedusaLocker variant

PCrisk discovered a brand new MedusaLocker variant that appends the .doctorhelp extension and drops a ransom notice named How_to_back_files.html.

New Dharma ransomware variant

PCrisk discovered a brand new Darhma variant that appends the .intel extension.

That is it for this week! Hope everybody has a pleasant weekend!



[ad_2]