Source: https://www.bleepingcomputer.com/
Automotive parts manufacturer DENSO has confirmed that it suffered a cyberattack on March 10th after a new Pandora ransomware operation began leaking data allegedly stolen during the attack.
Newly discovered data-destroying malware was observed earlier today in attacks targeting Ukrainian organizations and deleting data across systems on compromised networks.
MalwareHunterTeam found a new ransomware named IceFire that appends the .iFire extension and drops a ransom note named iFire-readme.txt.
PCrisk found new STOP ransomware variants that append the .kqgs, .uigd, .xcbg, or .bpqd extensions.
Petrovic found the new Acepy ransomware that appends the .acepy extension to encrypted files.
The ransomware space was very active in the last quarter of 2021, with threat analysts observing 722 distinct attacks deploying 34 different variants.
PCRisk found a new Babuk ransomware variant that appends the .chernobyl extension.
PCrisk found a new STOP ransomware variant that appends the .vlff extension.
The BlackCat ransomware gang (aka ALPHV) has updated their ransomware executable to require the passcode used during encrypted to extract its config.
Some lowlife conducted a cyberattack on a children's hospital. While it has not been confirmed if this is a ransomware attack, it would not be surprising if it was.
There is a new BlackCat ransomware sample out and it the config is now protected using a command line supplied ACCCESS_TOKEN. The token is used to generate an AES key which is then used to decrypt the encrypted config.
Today we are going to be looking at “Pandora Ransomware”, a novel Ransomware strain that has been monitored for a couple of days, e.g. by MalwareHunterTeam, but at first no sample was available.
Google's Threat Analysis Group has exposed the operations of a threat actor group dubbed "EXOTIC LILY," an initial access broker linked to the Conti and Diavol ransomware operations.
As discovered by 3xp0rt, someone leaked more information about the Conti ransomware gang on the XSS forum. This leak contained URLs to the ransomware gang's rocket chat servers and information about members.
PCrisk found a new STOP ransomware variant that appends the .eyrv extension.
Cybersecurity firm Emsisoft has released a free decryption tool to help Diavol ransomware victims recover their files without paying a ransom.
In February 2022, Arete investigated a Surtr ransomware incident where the ransomware author(s) paid tribute to the now defunct REvil (aka Sodinokibi) group by making a registry key change to the infected host.
The Snap-on company suffered a Conti ransomware attack that caused business disruption, including an over 4-day outage for the Mitchell1 automotive repair software, which is commonly used in repair shops.