The Week in Ransomware – September 24th 2021 – Targeting Crypto

This week’s biggest news is the USA sanctioning a crypto exchange used by ransomware gangs to convert cryptocurrency into fiat currency. By targeting rogue exchanges, the US government is hoping to disrupt ransomware’s payment system.

This other interesting news this week is a list of vulnerabilities commonly used by ransomware gangs and how the REvil operators reportedly use their operator key to hijack negotiations from affiliates.

Attacks we learned about this week include ones against United Health Centers, NEW Cooperative, and Crystal Valley cooperative, GSS, and Greensville County Public Schools.

Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @struppigel, @LawrenceAbrams, @jorntvdw, @malwareforme, @fwosar, @FourOctets, @BleepinComputer, @PolarToffee, @Ionut_Ilascu, @VK_Intel, @demonslay335, @malwrhunterteam, @serghei, @DanielGallagher, @ddd1ms, @ido_cohen2, @uuallan, @pancak3lullz, @Intel471Inc, @McAfee_Business, @fbgwls245, @pcrisk, @y_advintel, @AdvIntel, @tosscoinwitcher, and @PogoWasRight.

September 18th 2021

Researchers compile list of vulnerabilities abused by ransomware gangs

Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims’ networks.

Also Read: 10 Tips For Drafting Key Terms In A Service Agreement

New Kcry Ransomware

dnwls0719 found a new ransomware that appends the .kcry extension to encrypted files.

September 19th 2021

New Redeemer ransomware

dnwls0719 found a new Redeemer ransomware that appends the .redeem extension to encrypted files.

September 20th 2021

US farmer cooperative hit by $5.9M BlackMatter ransomware attack

U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor.

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .koom extension.

Also Read: Data Storage Security Standards: What Storage Professionals Need to Know

September 21st 2021

US sanctions cryptocurrency exchange used by ransomware gangs

The US Treasury Department announced the first-ever sanctions against a cryptocurrency exchange, the Russian-linked Suex, for facilitating ransom transactions for ransomware gangs and helping them evade sanctions.

September 22nd 2021

Second farming cooperative shut down by ransomware this week

Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend.

FBI, CISA, and NSA warn of escalating Conti ransomware attacks

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned today of an increased number of Conti ransomware attacks targeting US organizations.

BlackMatter Ransomware Analysis; The Dark Side Returns

The main goal of BlackMatter is to encrypt files in the infected computer and demand a ransom for decrypting them. As with previous ransomware, the operators steal files and private information from compromised servers and request an additional ransom to not publish on the internet.

Manufacturers should focus on protecting their supply chains

The manufacturing sector is highly dependent on a secure supply chain. Companies powering this sector are acutely aware of how a cyber attack on any part of a supply chain can bring their business to a screeching halt.

New Quantum ransomware

dnwls0719 found a new Quantum ransomware that appends the .quantum extension to encrypted files.

September 23rd 2021

REvil ransomware devs added a backdoor to cheat affiliates

Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments.

New Yandex ransomware variant

PCRisk found a new ransomware variant calling appending the .yandex extension and dropping a ransom note named READ_ME_NOW.txt.

Also Read: IT Governance Framework PDF Best Practices And Guidelines

September 24th 2021

United Health Centers ransomware attack claimed by Vice Society

?California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft.

Major European call center provider goes down in ransomware attack

GSS, the Spanish and Latin America division of Covisian, one of Europe’s largest customer care and call center providers, has suffered a debilitating ransomware attack that froze a large part of its IT systems and crippled call centers across its Spanish-speaking customerbase.

VA: Greensville County Public Schools hit by Grief threat actors

Grief threat actors have added another k-12 district to their list of victims who have refused to pay their ransom demands.

That’s it for this week! Hope everyone has a nice weekend!