The Week in Ransomware – August twelfth 2022


It was a really busy week for ransomware information and assaults, particularly with the disclosure that Cisco was breached by a menace actor affiliated with the Yanluowang ransomware gang.

On Wednesday, the Yanluowang ransomware gang claimed to have breached Cisco’s community and stolen 2.8 GB of information from the corporate, later telling BleepingComputer {that a} whole of 55GB was stolen.

Whereas the precise quantity of information couldn’t be verified, Cisco confirmed that they suffered a community breach that allowed the menace actor to steal knowledge from a Field account and achieve admin entry to their area.

Different assaults we discovered extra about this week had been on 7-Eleven Denmark, ista Worldwide, and Superior MSP, inflicting an outage for the UK’s NHS.

Researchers had been additionally busy this week, with studies launched on how ransomware gangs are transferring to callback social engineering assaults, that Cuba ransomware is utilizing a brand new RAT malware, a report on BlueSky, and that Zeppelin has been seen encrypting gadgets a number of occasions in a single assault.

Lastly, the US authorities revealed an image of a Conti ransomware member for the primary, asking individuals to offer information on members named ‘Goal,’ ‘Tramp,’ ‘Dandis,’ ‘Professor,’ and ‘Reshaev.’ The State Division is providing a reward of as much as $10 million for data resulting in their location, journey plans, and identification.

Contributors and those that supplied new ransomware data and tales this week embody: @demonslay335, @Ionut_Ilascu, @PolarToffee, @malwareforme, @LawrenceAbrams, @DanielGallagher, @VK_Intel, @fwosar, @struppigel, @Seifreed, @BleepinComputer, @billtoulas, @serghei, @malwrhunterteam, @FourOctets, @jorntvdw, @fiskerlarsen, @Sophos, @y_advintel, @AdvIntel, @Cyberknow20, @kaspersky, @PaloAltoNtwks, @AhnLab_SecuInfo, @ReversingLabs, @pcrisk, @Amigo_A_, @jamiemaccol, @Jarnecki, and @PogoWasRight.

August sixth 2022

New GwisinLocker ransomware encrypts Home windows and Linux ESXi servers

A brand new ransomware household known as ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical firms with Home windows and Linux encryptors, together with help for encrypting VMware ESXi servers and digital machines.

August eighth 2022

7-Eleven shops in Denmark closed as a result of a cyberattack

7-Eleven shops in Denmark shut down as we speak after a cyberattack disrupted shops’ fee and checkout methods all through the nation.

New Phobos ransomware variant

PCrisk discovered a brand new Phobos variants that append the .FLSCRYPT and .BITCOINPAYMENT extensions to encrypted information.

New World2022 ransomware

PCrisk discovered a brand new ransomware known as World2022 that appends .world2022decoding and drops a ransom observe named WE CAN RECOVER YOUR DATA.MHT.

August ninth 2022

Maui ransomware operation linked to North Korean ‘Andariel’ hackers

The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group ‘Andariel,’ identified for utilizing malicious cyber actions to generate income and inflicting discord in South Korea.

New VoidCrypt variants

PCrisk discovered new VoidCrypt variants that append the .Daz and .Oiltraffic extensions.

New MedusaLocker variant

PCrisk discovered a brand new MedusaLocker ransomware variant that appends the .readlockfiles and drops a ransom observe named HOW_TO_RECOVER_DATA.html.

August tenth 2022

Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen

Cisco confirmed as we speak that the Yanluowang ransomware group breached its company community in late Could and that the actor tried to extort them underneath the specter of leaking stolen information on-line.

7-Eleven Denmark confirms ransomware assault behind retailer closures

7-Eleven Denmark has confirmed {that a} ransomware assault was behind the closure of 175 shops within the nation on Monday.

Ransomware gangs transfer to ‘callback’ social engineering assaults

A minimum of three teams break up from the Conti ransomware operation have adopted BazarCall phishing techniques as the first methodology to realize preliminary entry to a sufferer’s community.

Automotive provider breached by 3 ransomware gangs in 2 weeks

An automotive provider had its methods breached and information encrypted by three completely different ransomware gangs over two weeks in Could, two of the assaults taking place inside simply two hours.

Hacker makes use of new RAT malware in Cuba Ransomware assaults

A member of the Cuba ransomware operation is using beforehand unseen techniques, strategies, and procedures (TTPs), together with a novel RAT (distant entry trojan) and a brand new native privilege escalation software.

BlueSky Ransomware: Quick Encryption by way of Multithreading

BlueSky ransomware is an rising household that has adopted trendy strategies to evade safety defenses.

ista Worldwide takes methods offline in wake of ransomware assault

Daixin Group claims hundreds of servers encrypted

New FileRec ransomware

Amigo-A discovered a brand new FileRec ransomware that appends the .filerec extension and drops a ransom observe named filerec.txt.

August eleventh 2022

UK NHS service restoration might take a month after MSP ransomware assault

Managed service supplier (MSP) Superior confirmed {that a} ransomware assault on its methods disrupted emergency companies (111) from the UK’s Nationwide Well being Service (NHS).

FBI: Zeppelin ransomware might encrypt gadgets a number of occasions in assaults

The Cybersecurity and Infrastructure Safety Company (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations as we speak that attackers deploying Zeppelin ransomware would possibly encrypt their information a number of occasions.

US govt can pay you $10 million for information on Conti ransomware members

The U.S. State Division introduced a $10 million reward as we speak for data on 5 high-ranking Conti ransomware members, together with displaying the face of one of many members for the primary time.

August twelfth 2022

Ransomware Now Threatens the World South

Traditionally, ransomware has focused plenty of high-value sectors – finance, skilled companies, the general public sector – in rich international locations, concentrating on the US and different G7 members. Current assaults on international locations comparable to Costa Rica, South Africa, Malaysia, Peru, Brazil and India illustrate the elevated menace to governments, important nationwide infrastructure suppliers and companies in middle-income and growing international locations. Ransomware presents a danger to those international locations’ improvement, financial development and political stability by disrupting commerce and the supply of important companies.

That is it for this week! Hope everybody has a pleasant weekend!


Please enter your comment!
Please enter your name here