It has been a pretty quiet week with only a few large attacks disclosed and only a few new ransomware variants released.
The highest-profile attack this week is the NBA’s Houston Rockets who were transparent about their ransomware attack. Strangely, Babuk Locker who had begun leaking their data has suddenly taken the data leak from their site.
Another large attack is against La Martinière group, which is the fourth largest publisher in France.
Finally, we learned from Emsisoft that severe bugs in Babuk Locker’s decryptor is causing unencrypted files to be decrypted, and trashing the files in the process.
Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @fwosar, @Seifreed, @BleepinComputer, @FourOctets, @struppigel, @DanielGallagher, @LawrenceAbrams, @jorntvdw, @VK_Intel, @serghei, @demonslay335, @PolarToffee, @malwareforme, @malwrhunterteam, @ValeryMarchive, @emsisoft, @Kangxiaopao, and @3xp0rtblog. @fbgwls245, @Amigo_A_, @siri_urz, @chum1ng0, and @GrujaRS.
dnwls0719 found a Maoloa Ransomware variant that appends the .charlie.j0hnson extension.
A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets.
xiaopao found new Dharma ransomware variant that append the .error, .gold, .zphs, and .back extensions to encrypted files.
Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.
xiaopao found new Dharma ransomware variant that append the .graysuit and .swagkarna extensions.
dnwls0719 found a new Hakbit ransomware variant that appends .CRYSTAL extension.
Also Read: How To Secure Your WiFi Camera: 4 Points To Consider
In this particular case, we found a severe issue within the Babuk ransomware strain that targets Linux and more specifically ESXi servers. ESXi is a popular virtualization platform offered by VMware. Virtualization platforms like ESXi have become a very lucrative target for many ransomware groups, like Defray/RansomExx, Darkside, and since recently also Babuk.
The Houston Rockets of the National Basketball Association are investigating a cyber-attack against their networks from a relatively new ransomware group that claims to have stolen internal business data.
dnwls0719 found a new VoidCrypt Ransomware variant that appends the .hydra and drops a ransom note named Decrypt-me.txt.
Michael Gillespie found a new STOP ransomware variant that appends the .wrui extension.
Le téléphone sonne. Le standard peut prendre les appels. Mais les mises en relations directes avec les interlocuteurs sont impossibles. « Pas de mail, pas de réseau, pas d’Internet… c’est compliqué », peut-on s’entendre expliquer. Et c’est ainsi depuis le mardi 13 avril. Les collaborateurs de l’entreprise semblent avoir été informés qu’une cyberattaque est survenue. Nous avons tenté de joindre la direction de la communication, sans succès à ce stade
3xp0rt spotted DarkSide promoting some of their new features:
Another DarkSide update. Added automatic test decrypting, all processes now are automated. Available DDoS (L3, L7), is performing before the target enters online. Also, the DarkSide team expand specialties like network supplies, pentesting.
Also Read: Going Beyond DPO Meaning: Ever Heard Of Outsourced DPO?
Michael Gillespie found a wiper that appends the .combo13 extension TO destroyed files and drops a ransom note named FILES ENCRYPTED.TXT.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
