07-24-2022 , 03:00 AM
https://www.bleepingcomputer.com/news/se...ks-abound/ The Week in Ransomware - July 22nd 2022 - Attacks abound
By Lawrence Abrams
July 22, 2022 11:52 PM The Week in Ransomware - July 22nd 2022 - Attacks abound
By Lawrence Abrams
July 22, 2022 11:52 PM 0
Ransomware
New ransomware operations continue to be launched this week, with the new Luna ransomware found to be targeting both Windows and VMware ESXi servers.
We also learned how the Conti ransomware gang breached the Costa Rican government's systems and that the FBI recovered $500,000 in ransoms paid by health care to the Maui ransomware operation.
The big attack that went public this week was against digital security firm Entrust, which disclosed they suffered a security incident on June 18th that led to data being stolen.
Other attacks we learned about his week include building materials giant Knauf, an attack on the town of St. Marys, and an attack on the town of Frederick, Colorado.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @VK_Intel, @jorntvdw, @DanielGallagher, @struppigel, @PolarToffee, @FourOctets, @Seifreed, @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @demonslay335, @billtoulas, @BleepinComputer, @fwosar, @malwareforme, @AdvIntel, @AuCyble, @kaspersky, @pcrisk, @corintxt, @Amigo_A_, and @jgreigj.
July 17th 2022
New STOP247 ransomware
Amigo-A found the new STOP247 ransomware that appends the .stop and drops a ransom note named RECOVERY_INFORMATION.TXT.
July 18th 2022
Colorado police investigating ransomware attack on small town
The police department of Frederick, Colorado said it is investigating claims that the town government was hit with a ransomware attack.
New Dharma Ransomware variant
PCrisk found a new Dharma ransomware variant that appends the .xrom extension and drops a ransom note named FILES ENCRYPTED.txt.
New STOP ransomware variants
PCrisk found new STOP ransomware variants that append the .ggyu, .ggeo, .ggew, and .ggwq extension.
New CHAOS based BlueKey ransomware
PCrisk found a new CHAOS ransomware variant that appends the .blueKey extension and drops a ransom note named DECRYPTION_INSTRUCTIONS.txt.
July 19th 2022
Building materials giant Knauf hit by Black Basta ransomware gang
The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.
New Dharma ransomware variant
PCrisk found a new Dharma variant that appends the .NMO extension.
New Matrix ransomware variant
PCrisk found a new Matrix ransomware variant that appends the .KOK08 extension and drops a ransom note named !README_KOK08!.rtf.
July 20th 2022
New Luna ransomware encrypts Windows, Linux, and ESXi systems
A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.
FBI recovers $500,000 healthcare orgs paid to Maui ransomware
The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain.
July 21st 2022
New Redeemer ransomware version promoted on hacker forums
A threat actor is promoting a new version of their free-to-use 'Redeemer' ransomware builder on hacker forums, offering unskilled threat actors an easy entry to the world of encryption-backed extortion attacks.
How Conti ransomware hacked and encrypted the Costa Rican government
Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack's precision and the speed of moving from initial access to the final stage of encrypting devices.
New STOP ransomware variants
PCrisk found STOP ransomware variants that append the .ooxa and .oori extensions.
July 22nd 2022
Digital security giant Entrust breached by ransomware gang
Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.
A small Canadian town is being extorted by a global ransomware gang
The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.
New Kriptor ransomware
PCrisk found the new Kriptor ransomware that appends the .Kriptor and drops a ransom note named read_it.txt.
That's it for this week! Hope everyone has a nice weekend!
By Lawrence Abrams
July 22, 2022 11:52 PM The Week in Ransomware - July 22nd 2022 - Attacks abound
By Lawrence Abrams
July 22, 2022 11:52 PM 0
Ransomware
New ransomware operations continue to be launched this week, with the new Luna ransomware found to be targeting both Windows and VMware ESXi servers.
We also learned how the Conti ransomware gang breached the Costa Rican government's systems and that the FBI recovered $500,000 in ransoms paid by health care to the Maui ransomware operation.
The big attack that went public this week was against digital security firm Entrust, which disclosed they suffered a security incident on June 18th that led to data being stolen.
Other attacks we learned about his week include building materials giant Knauf, an attack on the town of St. Marys, and an attack on the town of Frederick, Colorado.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @VK_Intel, @jorntvdw, @DanielGallagher, @struppigel, @PolarToffee, @FourOctets, @Seifreed, @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @demonslay335, @billtoulas, @BleepinComputer, @fwosar, @malwareforme, @AdvIntel, @AuCyble, @kaspersky, @pcrisk, @corintxt, @Amigo_A_, and @jgreigj.
July 17th 2022
New STOP247 ransomware
Amigo-A found the new STOP247 ransomware that appends the .stop and drops a ransom note named RECOVERY_INFORMATION.TXT.
July 18th 2022
Colorado police investigating ransomware attack on small town
The police department of Frederick, Colorado said it is investigating claims that the town government was hit with a ransomware attack.
New Dharma Ransomware variant
PCrisk found a new Dharma ransomware variant that appends the .xrom extension and drops a ransom note named FILES ENCRYPTED.txt.
New STOP ransomware variants
PCrisk found new STOP ransomware variants that append the .ggyu, .ggeo, .ggew, and .ggwq extension.
New CHAOS based BlueKey ransomware
PCrisk found a new CHAOS ransomware variant that appends the .blueKey extension and drops a ransom note named DECRYPTION_INSTRUCTIONS.txt.
July 19th 2022
Building materials giant Knauf hit by Black Basta ransomware gang
The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.
New Dharma ransomware variant
PCrisk found a new Dharma variant that appends the .NMO extension.
New Matrix ransomware variant
PCrisk found a new Matrix ransomware variant that appends the .KOK08 extension and drops a ransom note named !README_KOK08!.rtf.
July 20th 2022
New Luna ransomware encrypts Windows, Linux, and ESXi systems
A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.
FBI recovers $500,000 healthcare orgs paid to Maui ransomware
The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain.
July 21st 2022
New Redeemer ransomware version promoted on hacker forums
A threat actor is promoting a new version of their free-to-use 'Redeemer' ransomware builder on hacker forums, offering unskilled threat actors an easy entry to the world of encryption-backed extortion attacks.
How Conti ransomware hacked and encrypted the Costa Rican government
Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack's precision and the speed of moving from initial access to the final stage of encrypting devices.
New STOP ransomware variants
PCrisk found STOP ransomware variants that append the .ooxa and .oori extensions.
July 22nd 2022
Digital security giant Entrust breached by ransomware gang
Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.
A small Canadian town is being extorted by a global ransomware gang
The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.
New Kriptor ransomware
PCrisk found the new Kriptor ransomware that appends the .Kriptor and drops a ransom note named read_it.txt.
That's it for this week! Hope everyone has a nice weekend!