Even though the holidays are over in many countries, it has been a very quiet week for ransomware. Unfortunately, ransomware activity will likely pick up shortly.
This week’s biggest news was China APT hackers starting to use ransomware and Ryuk bitcoin wallets indicating they have earned $150 million in ransom payments.
We also had victims, such as Dassault Jet and TransLink, disclosing data breaches after ransomware attacks earlier this year. Other than that, it was your standard release of new variants of existing ransomware.
Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @demonslay335, @FourOctets, @Seifreed, @struppigel, @VK_Intel, @fwosar, @malwrhunterteam, @jorntvdw, @PolarToffee, @LawrenceAbrams, @BleepinComputer, @serghei, @malwareforme, @DanielGallagher, @siri_urz, @cPeterr, @PogoWasRight, @ValeryMarchive, @IntelAdvanced, @hyasinc, @CheckPointSW, @ProferoSec, @GelosSnake, @SecurityJoes, @vxunderground, @GrujaRS, @0x4143, and @Emm_ADC_Soft.
DataBreaches.net recently reported that Apex Laboratory Inc. had apparently been attacked by DoppelPaymer ransomware threat actors. Apex was added to their leak site on December 15.
Metro Vancouver’s transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees’ banking and social security information.
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.
Also Read: EU GDPR Articles: Key For Business Security And Success
Yeah, this is real. Keeps you, uh, locked up unless you pay a ransom.
GrujaRS found the new in-development Sharp ransomware that appends the .0x0M4R extension to encrypted files.
MalwareHunterTeam found the new Knot Ransomware that appends the .encrypted extension to encrypted files.
It’s a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks.
Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent.
S!ri found a new MBRLocker calling itself Covid21.
GrujaRS found a new HiddenTear variant that appends the .ZIEBF_4561drgf extension.
GrujaRS found a new Makop ransomware variant that appends the .moloch extension.
FOR YEARS, RADICAL transparency-focused activists like WikiLeaks have blurred the line between whistle-blowing and hacking. Often, they’ve published any data they consider to be of public interest, no matter how questionable the source. But now one leak-focused group is mining a controversial new vein of secrets: the massive caches of data stolen by ransomware crews and dumped online when victims refuse to pay.
Security researchers following the money circuit from Ryuk ransomware victims into the threat actor’s pockets estimate that the criminal organization made at least $150 million.
The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.
0x4143 found the new Solaso Ransomware that appends the .solaso extension and drops a ransom note named __READ_ME_TO_RECOVER_YOUR_FILES. It may be a variant of the ‘Encrp ransomware.’
Also Read: Data Protection Framework: Practical Guidance for Businesses
Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.
Emmanuel_ADC-Soft found the new Bonsoir Ransomware that appends the .bonsoir and drops a ransom note named HOW-RECOVER-MY-FILES.txt.
S!ri found the new Niros Ransomware.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
