This week, international law enforcement operations went on the offensive, making arrests in numerous countries for ransomware-related activities.
Today, Europol announced that twelve individuals were arrested today for their links to over 1,800 ransomware attacks in 71 countries.
Also Read: What You Need to Know About Singapore’s Data Sharing Arrangements
The arrested hackers include affiliates and penetration testers for the LockerGoga, MegaCortex, and Dharma operations, including those suspected to be behind the 2019 attack against Norsk Hydro.
German law enforcement is also believed to have identified a core member of the REvil ransomware gang.
The other big news this week is the revealment of a BlackMatter decryptor created by Emsisoft that has been secretly used to help victims recover their files without paying a ransom.
Avast also released two decryptors this week – one for Babuk Ransomware and another that decrypts files encrypted by Atom Silo and LockFile files.
Finally, the NRA suffered a ransomware attack by the Grief ransomware operation, which is linked to the US sanctioned Evil Corp hacking group.
Today, the Grief gang removed their NRA from their data leak site, indicating that the NRA may have paid the ransom demand.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @fwosar, @malwareforme, @malwrhunterteam, @DanielGallagher, @Ionut_Ilascu, @LawrenceAbrams, @jorntvdw, @Seifreed, @struppigel, @BleepinComputer, @FourOctets, @billtoulas, @demonslay335, @VK_Intel,@PolarToffee, @BrettCallow, @menlosecurity, @hatr, @maxzierer, @emsisoft, @HuntressLabs, @calebjstewart, @_JohnHammond, @pancak3lullz, @GelosSnake, @AltShiftPrtScn, @Sophos, @R44MB00, @sonatype, @Avast, @ddd1ms, @fbgwls245, @Amigo_A_, @ESETresearch, and @pcrisk.
Also Read: PDPA Compliance for HR Managers in Singapore: A Must
dnwls0719 found a new BigBossHorse ransomware variant called ‘WhiteHorse’ that appends the .WhiteHorse extension.
Cybersecurity firm Emsisoft has been secretly decrypting BlackMatter ransomware victims since this summer, saving victims millions of dollars.
An unknown ransomware group is exploiting a critical SQL injection bug found in the BillQuick Web Suite time and billing solution to deploy ransomware on their targets’ networks in ongoing attacks.
PCrisk found a new Dharma Ransomware variant that appends the .lsas extension.
The FBI said on Monday that Ranzy Locker ransomware operators had compromised at least 30 US companies this year from various industry sectors.
Even though the LockBit ransomware group has been operating since September 2019, up until June this year, they have been a marginal player on the ransomware landscape.
PCrisk found a new STOP Ransomware variant that appends the .rugj extension.
Malicious NPM packages pretending to be Roblox libraries are delivering ransomware and password-stealing trojans on unsuspecting users.
Czech cybersecurity software firm Avast has created and released a decryption tool to help Babuk ransomware victims recover their files for free.
Avast has just released a decryption tool that will help AtomSilo and LockFile ransomware victims recover some of their files for free without having to pay a ransom.
The Grief ransomware gang claims to have attacked the National Rifle Association (NRA) and released stolen data as proof of the attack.
Researchers have spotted two campaigns linked to either the REvil ransomware gang or the SolarMarker backdoor that use SEO poisoning to serve payloads to targets.
German investigators have reportedly identified a Russian man whom they believe to be one of REvil ransomware gang’s core members, one of the most notorious and successful ransomware groups in recent years.
Ransomware operators don’t just target systems and data, they target people in their ever-increasing efforts to get the victim to pay
PCrisk found a new STOP Ransomware variant that appends the .rivd extension.
Amigo-A found the new Owl Ransomware that appends the .(OwL) extension and drops ransom notes named !README!.txt and !README!.hta.
Amigo-A found the new Owl Ransomware that appends the .54bb47h extension to encrypted files.
Europol has announced the arrest of 12 individuals believed to be linked to ransomware attacks against 1,800 victims in 71 countries.
The Hive ransomware gang now also encrypts Linux and FreeBSD using new malware variants specifically developed to target these platforms.
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
