[ad_1]
The MOVEit Switch extortion assaults proceed to dominate the information cycle, with the Clop ransomware operation now extorting organizations breached within the assaults.
On Wednesday, the Clop gang began itemizing the names of breached organizations, warning that knowledge could be leaked in seven days if a ransom was not negotiated.
Many organizations have determined to reveal the breaches somewhat than negotiating, warning impacted people who their knowledge was uncovered.
Identified impacted organizations embrace US federal companies, the Louisiana and Oregon DMVs, Zellis (BBC, Boots, and Aer Lingus, Eire’s HSE by way of Zellis), the College of Rochester, the authorities of Nova Scotia, the US state of Missouri, the US state of Illinois, BORN Ontario, Ofcam, Excessive Networks, and the American Board of Inside Drugs.
As for Clop, they’ve now listed thirty-seven organizations impacted by the MOVEit breaches on their web site, hoping it is going to strain them to barter.
This week’s different huge information is the FBI arresting a LockBit affiliate in Arizona simply as CISA warned that the ransomware operation extorted over $90 million in 1,700 assaults on US organizations.
We additionally discovered extra about ransomware assaults this week, with the Medusa operation extorting Argentina’s Nationwide Securities Fee (CNV) and Rhysida ransomware leaking knowledge stolen from the Chilean Military.
Contributors and those that offered new ransomware data and tales this week embrace: @billtoulas, @DanielGallagher, @malwrhunterteam, @BleepinComputer, @VK_Intel, @LawrenceAbrams, @PolarToffee, @struppigel, @jorntvdw, @Ionut_Ilascu, @FourOctets, @serghei, @fwosar, @Seifreed, @malwareforme, @demonslay335, @AuCyble, @pcrisk, @FortiGuardLabs, @1ZRR4H, @SentinelOne, @SttyK, @juanbrodersen, @AShukuhi, @BrettCallow, @Jon__DiMaggio, and @snlyngaas.
June eleventh 2023
Hackers add the Nationwide Securities Fee to their listing of victims: they are saying they’ve delicate knowledge
A gaggle of cybercriminals claims to have 1.5 TB (1,500 gigabytes) of knowledge from the Nationwide Securities Fee (CNV) , the official physique that oversees markets all through the nation. Medusa, the identical ransomware cartel that encrypted Garbarino’s knowledge in March of this yr, is asking for $500,000 and giving a interval of 1 week to publish the information.
June twelfth 2023
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .ahui, .ahgr, and .ahtw extensions.
New Chaos ransomware variant
PCrisk discovered a brand new Chaos ransomware variant that appends the .minime extension.
June thirteenth 2023
New Chaos ransomware variant
PCrisk discovered a brand new Chaos ransomware variant that appends the .LMAO extension and drops a ransom word named read_it.txt.
June 14th 2023
CISA: LockBit ransomware extorted $91 million in 1,700 U.S. assaults
U.S. and worldwide cybersecurity authorities stated in a joint LockBit ransomware advisory that the gang efficiently extorted roughly $91 million following roughly 1,700 assaults in opposition to U.S. organizations since 2020.
WannaCry ransomware impersonator targets Russian “Enlisted” FPS gamers
A ransomware operation targets Russian gamers of the Enlisted multiplayer first-person shooter, utilizing a pretend web site to unfold trojanized variations of the sport.
New Methods: Uncovering Tor Hidden Service with Etag
Report on discovering the general public IP handle for a RagnarLocker Tor website.
This investigation was carried out primarily by way of publicly accessible Open supply intelligence companies comparable to Shodan, in addition to by way of underground group sources. The associated server has already been shut down, and the particular person believed to be the suspect has been indicted, which prompted the discharge of the report. The de-anonymization methodology utilizing Etag is nearly unknown to the general public, and I imagine that it’s a useful contribution to the group.
June fifteenth 2023
Clop ransomware gang begins extorting MOVEit data-theft victims
The Clop ransomware gang has began extorting corporations impacted by the MOVEit knowledge theft assaults, first itemizing the corporate’s names on a knowledge leak website—an often-employed tactic earlier than public disclosure of stolen data
Suspected LockBit ransomware affiliate arrested, charged in US
Russian nationwide Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Division for allegedly deploying LockBit ransomware on the networks of victims in the USA and overseas.
Rhysida ransomware leaks paperwork stolen from Chilean Military
Risk actors behind a just lately surfaced ransomware operation often known as Rhysida have leaked on-line what they declare to be paperwork stolen from the community of the Chilean Military (Ejército de Chile).
US authorities companies hit in world cyberattack
Editor’s word: Extra MOVEit Assaults.
A number of US federal authorities companies have been hit in a world cyberattack by Russian cybercriminals that exploits a vulnerability in extensively used software program, based on a high US cybersecurity company.
June sixteenth 2023
Tens of millions of Oregon, Louisiana state IDs stolen in MOVEit breach
Louisiana and Oregon warn that hundreds of thousands of driver’s licenses have been uncovered in a knowledge breach after a ransomware gang hacked their MOVEit Switch safety file switch techniques to steal saved knowledge.
Ransomware Roundup — Huge Head
FortiGuard Labs got here throughout two new ransomware variants, “Huge Head” and one other seemingly utilized by the identical attacker, focusing on shoppers to extort cash.
That is it for this week! Hope everybody has a pleasant weekend!
[ad_2]