11.1 C
New York
Tuesday, November 26, 2024

The Week in Ransomware – September eighth 2023


Conti

It began as a gradual ransomware information week however slowly picked up tempo with the Division of Justice saying indictments on TrickBot and Conti operations members.

On Thursday, the US introduced sanctions and three indictments towards 9 Russian nationals who’re alleged members of the TrickBot and Conti ransomware operations for assaults on greater than 900 victims worldwide.

“The defendants charged in these three indictments throughout three completely different jurisdictions allegedly used their cyber data and capabilities to victimize individuals and companies all over the world with out regard for the injury they precipitated,” mentioned Performing Assistant Legal professional Basic Nicole M. Argentieri of the Justice Division’s Prison Division

The people have been allegedly concerned in all kinds of roles within the Conti ransomware operation, together with general managing of the cybercrime operation, crypting malware so it was undetectable, managing infrastructure, and creating malware, together with the TrickBot botnet.

In different information, Cisco confirmed that ransomware gangs are exploiting a zero-day in Cisco VPN home equipment after BleepingComputer’s, SentinelOnes, and Rapid7’s reporting on its abuse by the Akira ransomware operation.

Lastly, Ragnar Locker claimed an August assault on Israel’s Mayanei Hayeshua hospital, claiming to have stolen 1 TB of information.

Contributors and people who offered new ransomware info and tales this week embody: @BleepinComputer, @VK_Intel, @jorntvdw, @LawrenceAbrams, @PolarToffee, @FourOctets, @struppigel, @DanielGallagher, @malwareforme, @Ionut_Ilascu, @demonslay335, @billtoulas, @serghei, @fwosar, @malwrhunterteam, @Seifreed, @cloudsek, @SecurityAura, @SentinelOne, and @pcrisk.

September 4th 2023

New STOP ransomware variants

PCrisk discovered new STOP ransomware variants that append the .rzkd and .rzml extensions.

New Chaos ransomware variant

PCrisk discovered a brand new Chaos ransomware variant that appends the .sub_to_crypto_nwo extension and drops a ransom be aware named Home windows!System32.txt.

New Rival ransomware

PCrisk discovered a brand new ransomware named Rival that appends the .rival and drops a ransom be aware named FILES ENCRYPTED.txt.

September sixth 2023

New STOP ransomware variant

PCrisk discovered a brand new STOP ransomware variant that appends the .rzew extension.

New Phobos ransomware variant

PCrisk discovered a brand new Phobos ransomware variant that appends the .sb4 extension.

September seventh 2023

US and UK sanction 11 TrickBot and Conti cybercrime gang members

The USA and the UK have sanctioned eleven Russian nationals related to the TrickBot and Conti ransomware cybercrime operations.

A number of Overseas Nationals Charged in Reference to Trickbot Malware and Conti Ransomware Conspiracies

Three indictments in three completely different federal jurisdictions have been unsealed charging a number of Russian cybercrime actors concerned within the Trickbot malware and Conti ransomware schemes.

September eighth 2023

Cisco warns of VPN zero-day exploited by ransomware gangs

Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Safety Equipment (ASA) and Cisco Firepower Menace Protection (FTD) that’s actively exploited by ransomware operations to realize preliminary entry to company networks.

Ragnar Locker claims assault on Israel’s Mayanei Hayeshua hospital

The Ragnar Locker ransomware gang has claimed accountability for an assault on Israel’s Mayanei Hayeshua hospital, threatening to leak 1 TB of information allegedly stolen throughout the cyberattack.

Understanding Knight Ransomware: Advisory, Evaluation

Cyclops, now renamed as Knight also called Cyclops 2.0, debuted in Could 2023. The Cyclops group has efficiently developed ransomware that may infect all three main platforms: Home windows, Linux, macOS, ESXi and Android.

New STOP ransomware variants

PCrisk discovered new STOP ransomware variants that append the .hgml and .hgkd extensions.

That is it for this week! Hope everybody has a pleasant weekend!



Related Articles

Latest Articles