This week’s huge information is the extortion assaults on the Caesars and MGM Las Vegas on line casino chains, with one having already paid the ransom and the opposite nonetheless dealing with operational disruptions.
Caesers was first quietly breached earlier this month, with the attackers stealing its loyalty program database. This database accommodates driver’s license numbers and social safety for patrons, and to stop the leak of the info, Caesers paid a ransom demand.
In response to a report by the Wall Road Journal, the menace actors demanded $30 million to not leak the info, however the On line casino negotiated it all the way down to a $15 million cost.
“We’ve taken steps to make sure that the stolen information is deleted by the unauthorized actor, though we can not assure this consequence,” Caesars stated in an SEC 8-Okay submitting printed after information of the assault leaked.
This week, MGM Resorts suffered a ransomware assault, inflicting large disruptions in its casinos, equivalent to ATMs and bank card machines not working, visitors locked our of lodge rooms, and slot machines not working.
It was later confirmed that this assault was carried out by an affiliate for the BlackCat/ALPHV ransomware operation often called Scattered Spider.
In a prolonged assertion on the ransomware gang’s information leak web site, the menace actors declare to have gained full entry to the corporate’s community and in the end encrypted 100 VMware ESXi servers.
We additionally discovered about ransomware assaults on the UK’s Better Manchester Police (GMP), the Auckland transport authority, and IT options supplier ORBCOMM.
Lastly, some attention-grabbing analysis was launched this week:
Contributors and people who supplied new ransomware data and tales this week embody: @Seifreed, @malwareforme, @serghei, @malwrhunterteam, @BleepinComputer, @demonslay335, @Ionut_Ilascu, @LawrenceAbrams, @billtoulas, @vxunderground, @BroadcomSW, @MsftSecIntel, @AlvieriD, @WilliamTurton, @GeeksCyber, @pcrisk, and @Mandiant.
September eleventh 2023
MGM Resorts shuts down IT programs after cyberattack
MGM Resorts Worldwide disclosed as we speak that it’s coping with a cybersecurity situation that impacted a few of its programs, together with its principal web site, on-line reservations, and in-casino companies, like ATMs, slot machines, and bank card machines.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .hgfu and .hgew extensions.
September twelfth 2023
Ransomware entry dealer steals accounts through Microsoft Groups phishing
Microsoft says an preliminary entry dealer recognized for working with ransomware teams has not too long ago switched to Microsoft Groups phishing assaults to breach company networks.
New AnonTsugumi ransomware
PCrisk discovered a ransomware referred to as AnonTsugumi that appends the .anontsugumi extension and drops a ransom notice named README.txt.
September thirteenth 2023
Hackers use new 3AM ransomware to save lots of failed LockBit assault
A brand new ransomware pressure referred to as 3AM has been uncovered after a menace actor used it in an assault that didn’t deploy LockBit ransomware on a goal community.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .ooza and .oopl extensions.
September 14th 2023
Manchester Cops’ information uncovered in ransomware assault
United Kingdom’s Better Manchester Police (GMP) stated earlier as we speak that a few of its workers’ private data was impacted by a ransomware assault that hit a third-party provider.
Caesars Leisure confirms ransom cost, buyer information theft
Caesars Leisure, self-described as the biggest U.S. on line casino chain with probably the most in depth loyalty program within the trade, says it paid a ransom to keep away from the net leak of buyer information stolen in a current cyberattack.
Auckland transport authority hit by suspected ransomware assault
The Auckland Transport (AT) transportation authority in New Zealand is coping with a widespread outage brought on by a cyber incident, impacting a variety of buyer companies.
MGM on line casino’s ESXi servers allegedly encrypted in ransomware assault
An affiliate of the BlackCat ransomware group, often known as APLHV, is behind the assault that disrupted MGM Resorts’ operations, forcing the corporate to close down IT programs.
Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety
UNC3944 is a financially motivated menace cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) to acquire credentials to achieve and escalate entry to sufferer organizations. At the very least some UNC3944 menace actors seem to function in underground communities, equivalent to Telegram and underground boards, which they could leverage to amass instruments, companies, and/or different assist to enhance their operations.
September fifteenth 2023
ORBCOMM ransomware assault causes trucking fleet administration outage
Trucking and fleet administration options supplier ORBCOMM has confirmed {that a} ransomware assault is behind current service outages stopping trucking corporations from managing their fleets.
An in depth evaluation of the Cash Message Ransomware
The menace actor group, Cash Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which accommodates the companies and processes to cease a ransomware assault, may be discovered on the finish of the executable. The ransomware creates a mutex and deletes the Quantity Shadow Copies utilizing vssadmin.exe.
New Elibe ransomware
PCrisk discovered a ransomware variant that appends the .elibe extension and drops a ranom notice named FILES ENCRYPTED.txt.
New STOP ransomware variant
PCrisk discovered a STOP ransomware variant that appends the .oohu extension.
That is it for this week! Hope everybody has a pleasant weekend!