Ransomware took the media spotlight this week after a ransomware gang known as DarkSide targeted critical infrastructure in the USA.
The DarkSide gang dominated the ransomware news cycle after they attacked Colonial Pipeline, the largest US fuel pipeline. Due to this attack, the pipeline was shut down, and President Biden issued a state of emergency.
Colonial restored the operation of the pipeline on Thursday after news broke that Colonial paid a $5 million ransom. This was a profitable week for DarkSide as chemical distributor Brenntag also paid a $4.4 million ransom.
After DarkSide’s public-facing servers and cryptocurrency wallets were reportedly seized by law enforcement, the ransomware gang announced that they were closing their operation “due to the pressure from the US.”
Other news this week includes one of the most popular Russian-speaking hacking forums banning topics promoting ransomware and details about a new ransomware operation known as Lorenz.
Finally, the Conti ransomware hit Ireland’s Health Service Executive (HSE), which has disrupted the Ireland health care system.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @Seifreed, @VK_Intel, @BleepinComputer, @DanielGallagher, @fwosar, @FourOctets, @struppigel, @demonslay335, @malwrhunterteam, @jorntvdw, @PolarToffee, @LawrenceAbrams, @malwareforme, @Ionut_Ilascu, @darktracer_int, @Amigo_A_, @ValeryMarchive, @fbgwls245, @y_advintel, @ddd1ms, @campuscodi, @chum1ng0, @PogoWasRight, @MikaelThalen, and @FireEye.
Since 2019, ransomware gangs have leaked the stolen data for 2,103 companies on dark web data leaks sites.
Colonial Pipeline, the largest fuel pipeline in the United States, has shut down operations after suffering what is reported to be a ransomware attack.
Also Read: PDPA Compliance Singapore: 10 Areas To Work On
Amigo-A found a new STOP ransomware variant that appends the .pcqq extension.
dnwls0719 found a new version of LegionLocker 3.0 that appends the .LGNLCKD extension and drops a ransom note named LegionReadMe.txt.
After a ransomware attack on Colonial Pipeline forced the company to shut down 5,500 miles of fuel pipeline, the Federal Motor Carrier Safety Administration (FMCSA) issued a regional emergency declaration affecting 17 states and the District of Columbia.
The DarkSide ransomware gang posted a new “press release” today stating that they are apolitical and will vet all targets before they are attacked.
The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide.
The City of Tulsa, Oklahoma, has suffered a ransomware attack that forced the City to shut down its systems to prevent the further spread of the malware.
Babuk Locker ransomware operators have leaked personal files belonging to police officers from the Metropolitan Police Department (also known as MPD or DC Police) after negotiations went stale.
Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their affiliates have launched a global crime spree affecting organizations in more than 15 countries and multiple industry verticals. Like many of their peers, these actors conduct multifaceted extortion where data is both exfiltrated and encrypted in place, allowing them to demand payment for unlocking and the non-release of stolen data to exert more pressure on victims.
Darkside ransomware recently came into the spotlight with the attack on Colonial Pipeline , the operator of a critical oil pipeline across the Atlantic. But he actually started his career sometime last summer, rather quietly. According to our observations, its operators devote a new page to each victim, specifying the date when the encryption load was triggered. The web pages are numbered, which gives an idea of the acceleration in the pace of attacks conducted with Darkside in recent months.
President Biden signed an executive order Wednesday to modernize the country’s defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations.
Colonial Pipeline has recovered quickly from the ransomware attack suffered less than a week ago and expects all its infrastructure to be fully operational today.
A new ransomware operation known as Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars in ransoms.
Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that disrupted its online services and business operations during late March.
Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data.
One of the most popular Russian-speaking hacker forums, XSS, has banned all topics promoting ransomware to prevent unwanted attention.
Ireland’s Health Service Executive (HSE), the country’s publicly funded healthcare system, has shut down all IT systems after its network was breached in a ransomware attack.
The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet.
In a message to affiliate, the DarkSide gang announced they were shutting down their RaaS, and would provide decryptors for unpaid victims to affiliates.
QNAP warns customers of an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage (NAS) devices.
Also Read: What Does A Data Protection Officer Do? 5 Main Things
That’s how they describes themselves. The threat actors known as REvil (Sodinokibi) describe them as targets who have so far refused to pay ransom demands.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
