Ransomware attacks continue over the past two weeks with a continuation of the massive initial ransom demands we have seen recently.
Over the past two weeks, we have learned of attacks against Asteelflash, the Broward County Public Schools, Applus Technologies, Pierre Fabre, and Harris Federation, with many of the attack’s initial ransoms ranging between $24 – $40 million.
The Applus Technologies attack was particularly disruptive as it prevented emissions testing in eight US states.
Accellion FTA-related data breaches continue with the Clop ransomware gang leaking the data for Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California.
Contributors and those who provided new ransomware information and stories this week include: @PolarToffee, @fwosar, @Seifreed, @LawrenceAbrams, @Ionut_Ilascu, @VK_Intel, @DanielGallagher, @jorntvdw, @demonslay335, @struppigel, @malwrhunterteam, @BleepinComputer, @malwareforme, @serghei, @FourOctets, @R3MRUM, @kaspersky, @PogoWasRight, @CheckPointSW, @troyhunt, @alexscroxton, @ValeryMarchive, @snlyngaas, @fbgwls245, @Amigo_A_, @campuscodi, @siri_urz, @chum1ng0, and @GrujaRS.
British clothing brand FatFace has sent a controversial ‘confidential’ data breach notification to customers after suffering a ransomware attack earlier this year.
After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back.
American managed service provider CompuCom is expecting losses of over $20 million following this month’s DarkSide ransomware attack that took down most of its systems.
The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday.
The recently patched vulnerabilities in Microsoft Exchange have sparked new interest among cybercriminals, who increased the volume of attacks focusing on this particular vector.
Michael Gillespie found a new STOP ransomware variant that appends the .ytbn extension to encrypted files.
Jakub Kroustek found new Dharma ransomware variants that append the .4o4 and .ctpl extensions to encrypted files.
Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom.
Also Read: What Does A Data Protection Officer Do? 5 Main Things
Cybersecurity firm Qualys said today that the attackers who breached its Accellion FTA server didn’t infiltrate the company’s production and corporate environments.
Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that can not afford to pay them. An example of this is a recently revealed ransomware attack on the Broward County Public Schools district where threat actors demanded a $40,000,000 payment.
In addition to Norsk Hydro, CyberScoop requested interviews with a dozen manufacturersin Europe and the U.S. that have reportedly had their production disrupted by ransomware incidents in the last two and half years. Nearly all either declined to comment, did not respond or said an executive was unavailable by press time.
dnwls0719 found a new Makop ransomware variant that appends the .dark extension and drops a ransom note named readme-warning.txt.
S!Ri has discovered a new ransomware called WhiteBlackGroup that appends the .encrpt3d extension to encrypted files.
A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin.
Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group.
Figures released to BBC Scotland under freedom of information laws show a total of £790,000 has been spent on Sepa’s response and recovery actions so far
Michael Gillespie found a new STOP ransomware variant that appends the .fdcz extension to encrypted files.
GrujaRS found a new Jigsaw ransomware variant that appends the .cat extension.
Canadian IoT solutions provider Sierra Wireless announced that it resumed production at its manufacturing sites halted after a ransomware attack that hit its internal network and corporate website on March 20.
Also Read: The DNC Registry Singapore: 5 Things You Must Know
Michael Gillespie found a new STOP ransomware variant that appends the .urnb extension to encrypted files.
dnwls0719 found the Jormungand ransomware that appends the .glock extension and drops a ransom note named READ-ME-NOW.txt.
A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago.
The National College of Ireland (NCI) and the Technological University of Dublin have announced that ransomware attacks hit their IT systems.
A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies’ networks.
A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords.
S!Ri has discovered a new ransomware called Wintenzz Security Tool that appends the .wintenzzextension to encrypted files and drops a ransom note named BUY_WINTENZZ.txt.
dnwls0719 found a new VHD ransomware variant that appends the .beaf extension and drops a ransom note named DecryptGuide.txt.
Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom, BleepingComputer learned today.
Michael Gillespie found a new STOP ransomware variant that appends the .lmas extension to encrypted files.
dnwls0719 found a new VHD ransomware variant that appends the .gehenna and drops a ransom note named GEHENNA-README-WARNING.html.
The group behind the Maze and Egregor ransomware operations are believed to have earned at least $75 million worth of Bitcoin from ransom payments following intrusions at companies all over the world.
GrujaRS found a new ransomware called RIP_lmao that appends the .crypted extension and drops a ransom note named ___RECOVER__FILES__.crypted.txt.