The Week In Ransomware – April 16th 2021 – The Houston Rockets
It has been a pretty quiet week with only a few large attacks disclosed and only a few new ransomware variants released.
The highest-profile attack this week is the NBA’s Houston Rockets who were transparent about their ransomware attack. Strangely, Babuk Locker who had begun leaking their data has suddenly taken the data leak from their site.
Another large attack is against La Martinière group, which is the fourth largest publisher in France.
Finally, we learned from Emsisoft that severe bugs in Babuk Locker’s decryptor is causing unencrypted files to be decrypted, and trashing the files in the process.
Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @fwosar, @Seifreed, @BleepinComputer, @FourOctets, @struppigel, @DanielGallagher, @LawrenceAbrams, @jorntvdw, @VK_Intel, @serghei, @demonslay335, @PolarToffee, @malwareforme, @malwrhunterteam, @ValeryMarchive, @emsisoft, @Kangxiaopao, and @3xp0rtblog. @fbgwls245, @Amigo_A_, @siri_urz, @chum1ng0, and @GrujaRS.
April 10th 2021
New Maoloa Ransomware ransomware variant
dnwls0719 found a Maoloa Ransomware variant that appends the .charlie.j0hnson extension.
April 12th 2021
Dutch supermarkets run out of cheese after ransomware attack
A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets.
New Dharma ransomware variants
xiaopao found new Dharma ransomware variant that append the .error, .gold, .zphs, and .back extensions to encrypted files.
April 13th 2021
Capcom: Ransomware gang used old VPN device to breach the network
Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.
New Runsomware variants
xiaopao found new Dharma ransomware variant that append the .graysuit and .swagkarna extensions.
New Hakbit ransomware variant
dnwls0719 found a new Hakbit ransomware variant that appends .CRYSTAL extension.
Also Read: How To Secure Your WiFi Camera: 4 Points To Consider
April 14th 2021
PSA: Severe bug in Babuk ransomware decryptor leads to data loss
In this particular case, we found a severe issue within the Babuk ransomware strain that targets Linux and more specifically ESXi servers. ESXi is a popular virtualization platform offered by VMware. Virtualization platforms like ESXi have become a very lucrative target for many ransomware groups, like Defray/RansomExx, Darkside, and since recently also Babuk.
NBA’s Houston Rockets Face Cyber-Attack by Ransomware Group
The Houston Rockets of the National Basketball Association are investigating a cyber-attack against their networks from a relatively new ransomware group that claims to have stolen internal business data.
New VoidCrypt Ransomware ransomware variant
dnwls0719 found a new VoidCrypt Ransomware variant that appends the .hydra and drops a ransom note named Decrypt-me.txt.
New STOP Ransomware variant
Michael Gillespie found a new STOP ransomware variant that appends the .wrui extension.
April 15th 2021
Cyberattaque : le groupe La Martinière rejoint la trop longue liste de victimes
Le téléphone sonne. Le standard peut prendre les appels. Mais les mises en relations directes avec les interlocuteurs sont impossibles. « Pas de mail, pas de réseau, pas d’Internet… c’est compliqué », peut-on s’entendre expliquer. Et c’est ainsi depuis le mardi 13 avril. Les collaborateurs de l’entreprise semblent avoir été informés qu’une cyberattaque est survenue. Nous avons tenté de joindre la direction de la communication, sans succès à ce stade
DarkSide adding more features
3xp0rt spotted DarkSide promoting some of their new features:
Another DarkSide update. Added automatic test decrypting, all processes now are automated. Available DDoS (L3, L7), is performing before the target enters online. Also, the DarkSide team expand specialties like network supplies, pentesting.
Also Read: Going Beyond DPO Meaning: Ever Heard Of Outsourced DPO?
April 16th 2021
New wiper destroys your files
Michael Gillespie found a wiper that appends the .combo13 extension TO destroyed files and drops a ransom note named FILES ENCRYPTED.TXT.
0 Comments