The Week in Ransomware – September 18th 2020 – Schools Under Attack
With schools worldwide back in session, ransomware operations are barraging them with cyberattacks that disrupt the start of the school year.
Over the past few weeks, we have seen a steady barrage of attacks against K-12 schools, colleges, and universities where ransomware operators target exposed remote desktop servers and network devices’ vulnerabilities.
To warn education institutions of these attacks, the U.K. National Cyber Security Centre (NCSC) has offered guidance on the steps organizations should perform to harden their defenses.
There have also been disastrous consequences to the attackers on universities, as one attacks thought they encrypted a university, but instead hit an affiliated hospital.
This mistake led to a disruption of emergency care services, which may have caused a patient’s death who had a life-threatening condition.
Thx to this week’s contributors: @LawrenceAbrams, @VK_Intel, @FourOctets, @malwrhunterteam, @jorntvdw, @struppigel, @DanielGallagher, @PolarToffee, @serghei, @fwosar, @malwareforme, @demonslay335, @Seifreed, @Ionut_Ilascu, @NCSC, @SophosLabs, @threatresearch, @AltShiftPrtScn, @Ax_Sharma, @TU_CARE, @Kangxiaopao, @emsisoft, @MarceloRivero, @JakubKroustek, @JAMESWT_MHT, @fbgwls245, and @GrujaRS.
Also Read: Do Not Call Registry Penalty: Important Tips to Consider
September 12th 2020
Fairfax County schools hit by Maze ransomware, student data leaked
Fairfax County Public Schools (FCPS), the 10th largest school division in the US, was recently hit by ransomware according to an official statement published on Friday evening.
September 14th 2020
New Xorist variant
Xiaopao found new Xorist Ransomware variant that append the .BD extension.
New Chuk Dharma variant
Xiaopao found new Dharma Ransomware variant that append the .chuk extension.
Emsisoft releases a Crypt32 decryptor
Emsisoft has released a decryptor for the Crypt32 ransomware.
New AHP Dharma ransomware variant
Marcelo Rivero found a new Dharma Ransomware variant that appends the .AHP extension to encrypted files.
Emsisoft releases a Cyborg ransomware decryptor
Emsisoft has released a decryptor for the Cyborg ransomware that supports the .petra, .EncryptedFilePayToGetBack, .Cyborg1, and .LockIt extensions.
New Nefilim ransomware variant
Michael Gillespie found a new Nefilim variant that appends the .MEFILIN extension and drops a ransom note named MEFILIN-README.txt.
New STOP ransomware variant
Michael Gillespie found a new STOP variant that appends the .npph extension to encrypted files.
Also Read: 5 Brief Concepts Between Data Protection Directive vs GDPR
September 15th 2020
New Zeoticus 2.0 ransomware
Michael Gillespie found a new ransomware called Zeoticus 2.0 that appends the extension “[email protected]” and drops a ransom note named README.html.
New Demonware ransomware
JAMESWT found the new Demonware python ransomware.
New PewPew ransomware destroys files
GrujaRS found a new PewPew Ransomware that appends the .abkir extension and wipes files.
September 16th 2020
University Hospital New Jersey hit by SunCrypt ransomware, data leaked
University Hospital New Jersey (UHNJ) has suffered a massive 48,000 document data breach after a ransomware operation leaked their stolen data.
LockBit ransomware launches data leak site to double-extort victims
The LockBit ransomware gang has launched a new data leak site to be used as part of their double extortion strategy to scare victims into paying a ransom.
New TEREN Dharma variant
Jakub Kroustek found a new variant of the Dharma ransomware that appends the .TEREN extension.
New Xorist ransomware variant
Michael Gillespie found a new Xorist Ransomware variant that appends the .YOURPCISHACK16024752552658 extension to encrypted files.
New DogeCrypt DesuCrypt variant
dnwls0719 found a new DesuCrypt variant that calls itself DogeCrypt and appends the .DogeCrypt extension.
September 17th 2020
Maze ransomware now encrypts via virtual machines to evade detection
The Maze ransomware operators have adopted a tactic previously used by the Ragnar Locker gang; to encrypt a computer from within a virtual machine.
Ransomware attack at German hospital leads to death of patient
A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.
New Xorist variant
Xiaopao found new Xorist variant that append the .TAKAextension.
New BlackHeart ransomware found
Xiaopao found new BlackHeart variant that .Alix1011RVA extension and drops a ransom note named ReadME-Alix1011RVA.
New LINA Dharma variant
Xiaopao found a new Dharma ransomware variant that appends the .lina extension to encrypted files.
New ransomware targeting Vietnam
MalwareHunterTeam found a new ransomware that targets Vietnam.
September 18th 2020
U.K. warns of surge in ransomware threats against education sector
The U.K. National Cyber Security Centre (NCSC), has issued an alert about a surge in ransomware incidents targeting educational institutions, urging them to follow the recently updated recommendations for mitigating malware attacks.
Leading U.S. laser developer IPG Photonics hit with ransomware
IPG Photonics, a leading U.S. developer of fiber lasers for cutting, welding, medical use, and laser weaponry has suffered a ransomware attack that is disrupting their operations.
0 Comments