This week has been busy with ransomware related news, including new charges against Russian state-sponsored hackers and numerous attacks against well-known organizations.
In 2017, there was an attack utilizing the NotPetya ransomware to destroy data on systems worldwide. This week, the US govt indicted six Russian intelligence operatives, known to be part of the notorious ‘Sandworm’ group, for hacking operations, including NotPetya.
We also learned of numerous attacks against large organizations, such as Barnes & Noble, the Monreal public transit system (STM), Sopra Steria, and Boyne Resorts.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @demonslay335, @VK_Intel, @BleepinComputer, @Seifreed, @PolarToffee, @serghei, @jorntvdw, @struppigel, @fwosar, @malwareforme, @Ionut_Ilascu, @LawrenceAbrams, @FourOctets, @malwrhunterteam, @ValeryMarchive, @Sophos, @BrettCallow, @thepacketrat, @Kangxiaopao, @siri_urz, @MarceloRivero, @JakubKroustek, @Glacius_, and @GrujaRS
Jakub Kroustek found new Dharma ransomware variants that append the .Crypt and .LCK extension to encrypted files.
@Glacius_ found a copy of BlackKingdom ransomware that was renamed to Pransomware.
Also Read: The Scope Of Singapore Privacy: How We Use It In A Right Way
Michael Gillespie found a new STOP ransomware variant that appends the .efji extension to encrypted files.
The U.S. Department of Justice has charged six Russian intelligence operatives for hacking operations related to the Pyeongchang Winter Olympics, the 2017 French elections, and the notorious NotPetya ransomware attack.
Marcelo Rivero found a new ransomware named Vaggen that appends the .VAGGEN extension and drops ransom notes named ABOUT_UR_FILES.txt and AboutYourFiles.txt.
The operators of Darkside ransomware have donated some of the money they made extorting victims to nonprofits Children International and The Water Project.
The Egregor ransomware gang is claiming responsibility for the cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th, 2020. The attackers state that they stole unencrypted files as part of the attack.
Jakub Kroustek found a new Dharma ransomware variant that appends the .259 extension to encrypted files.
Michael Gillespie found a new STOP ransomware variant that appends the .nypg extension to encrypted files.
Siri found a new Black Heart ransomware variant that appends the .Viper extension to encrypted files.
Also Read: How To Make A PDPC Complaint: With Its Importance And Impact
Siri found a new ransomware that appends the .32aa extension to encrypted files.
LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network.
Montreal’s Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems.
Marcelo Rivero found a new Dharma ransomware variant that appends the .bH4T extension.
French IT services giant Sopra Steria suffered a cyberattack on October 20th, 2020, that reportedly encrypted portions of their network with the Ryuk ransomware.
Karsten Hahn discovere that Venom RAT has added a ransomware module that appends the .Venom extension.
US-based ski and golf resort operator Boyne Resorts has suffered a cyberattack by the WastedLocker operation that has impacted company-wide reservation systems.
The new ‘Abaddon’ remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware.
Siri found a new HiddenTear ransomware variant that pretends to be a GTA V instaler, but encrypts your files with the .AnoymouS extension.
xiaopao found a new Dharma ransomware variant that appends the .Acuf2 extension.
xiaopao found the new Clay Ransomware.ransomware called Clay.
GrujaRS found a new Yatron Decrypt0r variant that appends the .Down_With_Usa extension to encrypted files.
GrujaRS found a new Syzmekk ransomware variant that appends the .Szymekk extension.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
