The Week In Ransomware – December 4th 2020 – Education Under Attack
It has been another rough week for the enterprise and education as ransomware continues to impact business operations and shut down schools.
Egregor was very active this week, with attacks on Kmart, Metro Vancouver’s transit system TransLink, and the Randstad staffing agency.
Education was also hit hard this week, with Baltimore County Public Schools (BCPS) still recovering from last week’s attack and Huntsville City Schools district in Alabama shutting down for a week due to an attack. In addition to public school systems, Ryuk attacked online education giant K12 Inc, who paid the ransom to prevent students’ data from being leaked.
Finally, the Clop ransomware gang showed that they don’t only breach networks to steal your files and encrypt your data. The threat actors also deploy other ransomware, such as POS malware, to steal credit cards.
Contributors and those who provided new ransomware information and stories this week include: @PolarToffee, @fwosar, @malwrhunterteam, @Seifreed, @FourOctets, @serghei, @DanielGallagher, @struppigel, @demonslay335, @BleepinComputer, @jorntvdw, @Ionut_Ilascu, @LawrenceAbrams, @malwareforme, @VK_Intel, @ffforward, @jarmstrongbc, @PogoWasRight, @3xp0rtblog, @JakubKroustek, @Kangxiaopao, @siri_urz, and @Emm_ADC_Soft.
November 29th 2020
Pennsylvania county pays 500K ransom to DoppelPaymer ransomware
Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend.
New Dharma Ransomware variants
Jakub Kroustek found new Dharma ransomware variants that append the .ZIN and .SUKA extension.
Also Read: How a Smart Contract Audit Works and Why it is Important
November 30th 2020
Gootkit malware returns to life alongside REvil ransomware
After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany.
Baltimore students told to ditch Windows PCs after ransomware attack
Baltimore County Public Schools (BCPS) urged students and staff to stop using their school-issued Windows computers and only use Chromebooks and Google accounts following a ransomware attack that hit the district’s network last Wednesday.
Vermont hospitals still recovering from October ransomware attack
The University of Vermont Health Network is still recovering from a Ryuk Ransomware attack in October 2020, with services slowly coming back online.
IoT chip maker Advantech confirms ransomware attack, data theft
Industrial automation and Industrial IoT (IIoT) chip maker Advantech confirmed a ransomware attack that hit its network and led to the theft of confidential, albeit low-value, company documents.
New STOP Ransomware variant
Michael Gillespie found a new STOP ransomware variant that appends the .weui extension to encrypted files.
Egregor press releases called paid ransoms a contract
MalwareHunterTeam noticed that Egregor added a press release that calls the relationship between paid victims as a “a contract.”
New Xorist variant
Michael Gillespie found a new Xorist ransomware variant that appends the ‘.hacker crypt http://2020.data’ extension.
December 1st 2020
Alabama school district shut down by ransomware attack
Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week.
December 2nd 2020
K12 online schooling giant pays Ryuk ransomware to stop data leak
Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November.
December 3rd 2020
Ransomware gang says they stole 2 million credit cards from E-Land
Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack.
Kmart nationwide retailer suffers a ransomware attack
US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned.
Georgia dental practice discovers it was attacked by ransomware when the attackers call them on the phone
Galstan & Ward Family and Cosmetic Dentistry (Galstan & Ward) is a dental practice in Georgia. On September 9, 2020, they learned that they had been a victim of a ransomware attack — or an attempted attack — when they got a phone call from a group claiming to have attacked them and demanding a ransom.
Also Read: Data Centre Regulations Singapore: Does It Help To Progress
December 4th 2020
Metro Vancouver’s transit system hit by Egregor ransomware
The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.
Largest global staffing agency Randstad hit by Egregor ransomware
Staffing agency Randstad NV announced today that their network was breached by the Egregor ransomware, who stole unencrypted files during the attack.
New CryptoJoker variants
xiaopao found new CryptoJoker ransomware variants that are appending the .partially.nocry, .devos, and .devoscpu extensions.
New Conti Ransomware variant
Siri found a new Conti ransomware variant that appends the .SYTCO extension.
New STOP Ransomware variant
Emmanuel_ADC-Soft fond a new STOP Ransomware variant that appends the .NOBU extension.
0 Comments