The Week in Ransomware - July 1st 2022 - Bug Bounties

Source: https://www.bleepingcomputer.com/

June 25th 2022

Automotive fabric supplier TB Kawashima announces cyberattack

TB Kawashima, part of the Japanese automotive component manufacturer Toyota Boshoku of the Toyota Group of companies, announced that one of its subsidiaries has been hit by a cyberattack.

June 26th 2022

Fake copyright infringement emails install LockBit ransomware

LockBit ransomware affiliates are using an interesting trick to get people into infecting their devices by disguising their malware as copyright claims.

New Damacrypt ransomware

Amigo-A found a new ransomware that appends the .damacrypt extension.

June 27th 2022

LockBit 3.0 introduces the first ransomware bug bounty program

The LockBit ransomware operation has released 'LockBit 3.0,' introducing the first ransomware bug bounty program and leaking new extortion tactics and Zcash cryptocurrency payment options.

Vice Society claims ransomware attack on Med. University of Innsbruck

The Vice Society ransomware gang has claimed responsibility for last week's cyberattack against the Medical University of Innsbruck, which caused severe IT service disruption and the alleged theft of data.

MO: Fitzgibbon Hospital hit by ransomware, sensitive data leaked

On Saturday, DataBreaches received information pointing to an attack on Fitzgibbon Hospital in Missouri. The group claiming responsibility call themselves “Daixin Team.” It is not a name known to DataBreaches previously. Their onion site contained files allegedly from Fitzgibbon that they uploaded for the public to grab.

New BlueSky ransomware

xiaopao found the BlueSky ransomware that appends the .bluesky extension and drops the DECRYPT FILES BLUESKY #.html and # DECRYPT FILES BLUESKY #.txt ransom notes.

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .llee, .lltt, and .lloo extensions.

New Dharma ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .edw extension.

New Loki Locker ransomware variant

PCrisk found a new Loki Locker ransomware variant that appends the .PayForKey extension.

New Warlocks Ransomware

PCrisk found a new Chaos-based Warlocks Ransomware that appends the .warlocks extension and drops a ransom note named read_it.txt.

June 28th 2022

AMD investigates RansomHouse hack claims, theft of 450GB data

Semiconductor giant AMD says they are investigating a cyberattack after the RansomHouse gang claimed to have stolen 450 GB of data from the company last year.

Hive Ransomware Decryptor released (Version 1~Version 4)

The Korea Internet & Security Agency (KISA) is distributing the Hive ransomware integrated recovery tool that can decrypt files encrypted with versions 1 through 4.

Netwalker affiliate pleads guilty

Canadian Netwalker ransomware affiliate Sebastien Vachon-Desjardins pleaded guilty to hacking charges brought by the US DOJ.

New RedTeam ransomware

Amigo-A found the new Babuk-based RedTeam ransomware that appends .REDTM and drops a ransom note named HowToDecryptYourFiles.txt.

June 29th 2022

Walmart denies being hit by Yanluowang ransomware attack

American retailer Walmart has denied being hit with a ransomware attack by the Yanluowang gang after the hackers claimed to encrypt thousands of computers.

New Baal Ransomware

PCrisk found a new Chaos-based Warlocks Ransomware that appends the .baal extension and drops a ransom note named readme-warning.txt.

June 30th 2022

AstraLocker 2.0 infects users directly from Word attachments

A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments.

Macmillan shuts down systems after likely ransomware attack

Publishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident that appears to be a ransomware attack.

Ransomware LockBit: a hundred victims per month in the first half

More than 420 victims were claimed on the LockBit 2.0 showcase in the first half. The true total could be significantly higher. And the success rate – with ransom payment, therefore – could be record high.

Black Basta Ransomware Operators Expand Their Attack Arsenal With QakBot Trojan and PrintNightmare Exploit

We look into a recent attack orchestrated by the Black Basta ransomware group that used the banking trojan QakBot as a means of entry and movement and took advantage of the PrintNightmare vulnerability to perform privileged file operations.