While the beginning of this week was fairly quiet, it definitely ended with a bang as news came out of the largest ransom demand yet.
It was revealed at the end of the week that computer maker Acer suffered a REvil ransomware attack where the threat actors are demanding a massive $50,000,000 ransom.
REvil also made this news this week with the addition of a new -smode argument that causes Windows to reboot into Safe Mode with Networking to perform the encryption. REvil’s ‘Unknown’ also conducted an interview with TheRecord.
Finally, we saw an FBI warning about PYSA and new variants of ransomware families released.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @struppigel, @LawrenceAbrams, @Seifreed, @DanielGallagher, @VK_Intel, @fwosar, @malwrhunterteam, @FourOctets, @demonslay335, @BleepinComputer, @serghei, @jorntvdw, @Ionut_Ilascu, @PolarToffee, @Amigo_A_, @GrujaRS, @ddd1ms, @campuscodi, @ValeryMarchive, @3xp0rtblog, @Kangxiaopao, and @fbgwls245.
GrujaRSA found a new variant of the RunExeMemory that appends the .z8sj2c extension and drops a ransom note named Read me, if you want to recover your files.txt.
The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.
Unknown talked to Recorded Future expert threat intelligence analyst Dmitry Smilyanets recently about using ransomware as a weapon, staying out of politics, experimenting with new tactics, and much more. The interview was conducted in Russian and translated to English with the help of a professional translator, and has been edited for clarity.
Jakub Kroustek found a new Dharma Ransomware variant that appends the .liz extension.
Also Read: 10 Practical Benefits of Managed IT Services
dnwls0719 found a new Rapid ransomware variant that appends the .lock extension.
xiaopao found a new variant of the SFile ransomware that appends the .sandboxtest extension.
A member of the cybercriminal community has discovered and disclosed a bug in the LockBit ransomware that could have been used for free decryptions.
xiaopao found a new variant of the SFile ransomware that appends the .PROM extension.
xiaopao found a new variant of the SFile ransomware that appends the .zuadr extension and drops a ransom note named RESTORE_FILES_INFO.hta and RESTORE_FILES_INFO.txt.
Amigo-A found a new PewPew Ransomware variant that calls itself ‘Artemis’ and appends the .optimus extension to encrypted files.
dnwls0719 found a new STOP Djvu ransomware variant that appends the .enfp and drops a ransom note named _readme.txt.
The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files.
Electronics giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000.
Les opérateurs du rançongiciel Revil, aussi connu sous le nom Sodinokibi, ont ajouté le constructeur à la liste de victimes. Ils laissent encore près de 9 jours à Acer pour négocier, faute de quoi ils doubleront leurs exigences.
2020, the year of the pandemic, was another lucrative year for ransomware. As nations around the world scrambled to slow the spread of the virus, cybercriminals attempted to capitalize on the chaos.
Also Read: What Legislation Exists in Singapore Regarding Data Protection and Security?
xiaopao found a new variant of the SFile ransomware that appends the .Technomous-zbtrqyd extension.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
