This week showed continued attacks against large organizations as new ransomware operations rush to join a modern-day ransomware gold rush.
Over the past week, ransomware attacks targeted two large organizations and disrupted operations.
The first is eyewear giant Luxottica, who got hit last Sunday, and government technology services provider Tyler Technologies who got hit by RansomExx later in the week.
News also broke this week about how an insurance company utilizes security scans to find exposed and vulnerable devices on clients’ networks. These proactive scans have reduced their ransomware claims by 65%!
Finally, we have a newcomer to the ransomware gold rush named Mount Locker, who has been operating since the end of July and demanding multi-million dollar ransoms.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @demonslay335, @PolarToffee, @jorntvdw, @struppigel, @LawrenceAbrams, @serghei, @BleepinComputer, @VK_Intel, @FourOctets, @malwrhunterteam, @Ionut_Ilascu, @fwosar, @DanielGallagher, @Seifreed, @thinkcz, @AvastThreatLabs, @campuscodi, @Tesorion_NL, @jeffstone500, @joakimkennedy, @Kangxiaopao, @JAMESWT_MHT, @siri_urz, @GrujaRS, and @3xp0rtblog.
Also Read: 7 Key Principles of Privacy by Design that Business Should Adopt
Michael Gillespie and PolarToffee found a new ransomware called Egregor that appears to be a Sekhmet spinoff. It uses a random extension and drops a ransom note named RECOVER-FILES.txt.
Michael Gillespie found a new variant of the LeakThemAll ransomware that appends .montana and drops a ransom note of !HELP!.txt.
GrujaRS found a new ransomware that appends the .zhen extension to encrypted files.
Michael Gillespie found a new variant of the STOP ransomware that appends the .kolz extension to encrypted files.
In this blog post we describe our findings on the new ransomware family ThunderX that was recently discovered. We also announce a free decryptor that we are making available to help victims at no charge.
Years after he threatened to publicly release information from hacking victims unless they agreed to his digital extortion demands, Nathan Wyatt is headed to a U.S. prison.
Michael Gillespie found a new ransomware that appends the .encrypted extension and drops a ransom note named SOLVE ENCRYPTED FILES.txt.
Michael Gillespie found a new variant of the Matrix Ransomware that appends the .JB88 extension and drops a ransom note JB88_README.rtf.
Xiaopao found new Nefilim variant that appends the .TRAPGET extension and drops a ransom note named TRAPGET-INSTRUCTION.txt.
Also Read: Free 8 Steps Checklist for Companies to Prevent Data Breach
Italy-based eyewear and eyecare giant Luxottica has reportedly suffered a cyberattack that has led to the shutdown of operations in Italy and China.
A cyber insurer’s security scans during the underwriting phase and post-issuance have led to a 65% reduction in ransomware claims.
Michael Gillespie found a new Matrix variant that appends the .FG69 extension and drops a ransom note named FG69_README.rtf.
Xiaopao found new Matrix ransomware variant that appends the .AW46extension and drops a ransom note named !AW46_INFO!.rtf.
GrujaRS found a new ransomware that appends the .CRPTD extension to encrypted files.
3xp0rt found a ransomware actor selling a complete ransomware kit for $2,000.
Leading government technology services provider Tyler Technologies has suffered a ransomware attack that has disrupted its operations.
QNAP NAS devices are being targeted in attacks by the AgeLocker ransomware, which encrypts the device’s data, and in some cases, steal files from the victim.
A new ransomware group has been targeting large corporate networks using self-made backdoors and file-encrypting malware for the initial and final stages of the attack.
METHUEN — An attempt over the summer by Eastern European hackers to gain entry into the city’s computer system — with its information about taxpayers, employees and much more — was nearly successful, according to city officials, but quick action helped keep the information secure.
Joakim Kennedy found a new ransomware written in Golang that is pretending to be REvil. Strange one, as there would be no way for a victim to recover a files as there is no contact info that would work for them. May be a wiper?
A new ransomware operation named Mount Locker is underway stealing victims’ files before encrypting and then demanding multi-million dollar ransoms.
Polish authorities have shut down today a hacker super-group that has had its fingers in a multitude of cybercrime operations, such as ransomware attacks, malware distribution, SIM swapping, banking fraud, running fake online stores, and even making bomb threats at the behest of paying customers.
S!ri found the new Dusk v1.0 Ransomware that drops a ransom note named !#!READ-ME!#!.txt ransom note.
JAMESWT found a sample of the new Exorcist 2.0 ransomware.
We turned a coffee maker into a dangerous machine asking for ransom by modifying the maker’s firmware. While we could, could someone else do it too? As you might expect, the answer is: Yes. Follow us on a journey where we show you that firmware is the new software.
Michael Gillespie found a new Stop variant that appends the .copa extension to encrypted files.
Michael Gillespie found a new Matrix variant that appends the .DEUS extension and drops a ransom note named DEUS_INFO.rtf.