The Week In Ransomware – December 11th 2020 – Targeting K-12
This week we continued to see ransomware target businesses, education, and healthcare with cyberattacks that disrupt operations and lead to school closings.
The most significant attack reported this week was the ransomware attack on the Foxconn electronics giant after the DoppelPaymer operation breached one of the North American facilities.
Education is also getting slammed, with schools being forced to close due to ransomware attacks. These attacks have led the US government to release a joint advisory about increasing attacks on K-12.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @PolarToffee, @Ionut_Ilascu, @Seifreed, @LawrenceAbrams, @BleepinComputer, @serghei, @DanielGallagher, @FourOctets, @demonslay335, @struppigel, @jorntvdw, @malwrhunterteam, @fwosar, @VK_Intel, @Unit42_Intel, @campuscodi, @Emm_ADC_Soft, @siri_urz, @ValeryMarchive, and @chum1ng0.
December 5th 2020
Ransomware hits helicopter maker Kopter
Helicopter maker Kopter has fallen victim to a ransomware attack after hackers breached its internal network and encrypted the company’s files.
December 6th 2020
Boston’s GBMC HealthCare discloses ransomware attack
On the morning of Sunday, December 6, 2020, GBMC HealthCare detected a ransomware incident that impacted information technology systems. Although many of our systems are down, GBMC HealthCare has robust processes in place to maintain safe and effective patient care. We are collectively responding in accordance with our well-planned process and policies for this type of event.
Also Read: PDPA For Companies: Compliance Guide For Singapore Business
December 7th 2020
Foxconn electronics giant hit by ransomware, $34 million ransom
Foxconn electronics giant suffered a ransomware attack at a Mexican facility over the Thanksgiving weekend, where attackers stole unencrypted files before encrypting devices.
December 8th 2020
Ransomware forces hosting provider Netgain to take down data centers
Cloud hosting and IT services provider Netgain was forced to take some of their data centers offline after suffering a ransomware attack in late November.
Egregor ransomware: Maze’s heir apparent
In September, a new ransomware brand emerged just as the Maze ransomware gang began shuttering its operation. Named Egregor (from an occult term derived from the Greek word ἑγρήγορος, “wakeful”—a term used to refer to an angel-like spirit or group mind), the ransomware leverages data stolen during the attack to extort the victim for payment, following a trail blazed by Maze.
Threat Assessment: Egregor Ransomware
Since September 2020, Unit 42 researchers have observed Egregor ransomware affecting multiple industries globally, including those within the U.S, Europe, Asia Pacific and Latin America, following the decline in operations utilizing the Maze ransomware. Egregor operations mimic that of Maze operations, leading us to believe that although Maze operators announced a shutdown of the “Maze Team Project,” the operators behind those activities have simply developed a new ransomware to move their objectives forward.
New Dharma Ransomware variant
Emmanuel_ADC-Soft found a new Dharma variant that appends the .yoAD extension to encrypted files.
December 9th 2020
New Conti Ransomware variants
S!ri found new Conti variants that append the .FBSYW and .TJMBK extensions to encrypted files.
New STOP Djvu ransomware variant
Michael Gillespie found a new STOP Djvu ransomware variant that appends the .igdm extension to encrypted files.
December 10th 2020
U.S. warns of increased cyberattacks against K-12 distance learning
K-12 educational institutions in the U.S. are being targeted by malicious actors for extortion, data theft, and general disruption of normal activity. The trend will continue through the 2020/2021 academic year.
Also Read: Trusted Data Sharing Framework IMDA Announced In Singapore
Ransomware : Ragnar Locker revendique une cyberattaque contre Dassault Falcon Jet Corp.
Non sans une certaine fierté pour leur « travail de recherche », les opérateurs de Ragnar Locker nous ont assuré que si Dassault Falcon Jet « continue à garder le silence, ils seront très surpris du paquet de données que nous avons collectées ».
New Nefilim variant
Michael Gillespie found a Nefilim variant that appends the .INFECTION extension and drops the INFECTION-HELP.txt ransom note.
Payment Processing Giant TSYS: Ransomware Incident “Immaterial” to Company
Payment card processing giant TSYS suffered a ransomware attack earlier this month. Since then reams of data stolen from the company have been posted online, with the attackers promising to publish more in the coming days. But the company says the malware did not jeopardize card data, and that the incident was limited to administrative areas of its business.
December 11th 2020
MountLocker ransomware gets slimmer, now encrypts fewer files
MountLocker ransomware received an update recently that cut its size by half but preserves a weakness that could potentially allow learning the random key used to encrypt files.
0 Comments