The Week in Ransomware - May 13th 2022 - A National Emergency
Source: https://www.bleepingcomputer.com/
The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang.
Petrovic found a new ransomware that appends the .kekpop extension and drops a ransom note named ReadMe.html.
The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies.
Secureworks® Counter Threat Unit™ (CTU) researchers analyzed REvil ransomware samples that were uploaded to the VirusTotal analysis service after the GOLD SOUTHFIELD threat group's infrastructure resumed activity in April 2022. The infrastructure had been shuttered since October 2021. Analysis of these samples indicates that the developer has access to REvil's source code, reinforcing the likelihood that the threat group has reemerged. The identification of multiple samples containing different modifications and the lack of an official new version indicate that REvil is under active development.
Black Basta, a new ransomware gang, has swiftly risen to prominence in recent weeks after it caused massive breaches to organizations in a short span of time.
Lincoln College, a liberal-arts school from rural Illinois, says it will close its doors later this month, 157 years since its founding and following a brutal hit on its finances from the COVID-19 pandemic and a recent ransomware attack.
PCrisk found a new variant of Jcrypt called TitanCrypt that appends the .titancrypt and drops a ransom note named ___RECOVER__FILES__.titancrypt.txt.
PCrisk found a ransomware that is appending the .japan extension to encrypted files and drops a ransom note named how to decrypt.txt.
PCrisk found a new Xoris variant appending the .WanaCray2023+ and dropping a ransom note named HOW TO DECRYPT FILES.txt.
A week before Oregon’s primary election, the secretary of state’s office is moving to protect the integrity of its online system where campaign finance records are published after a web hosting provider was hit by a ransomware attack.
Ahead of the Anti-Ransomware Day, we summarized the tendencies that characterize ransomware landscape in 2022. This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises, old variants of malware return while the new ones develop. Watching and assessing these tendencies not only provides us with threat intelligence to fight cybercrime today, but also helps us deduce what trends may see in the months to come and prepare for them better.
Conti continues to threaten the government of Peru and also states that they are not associated with the new Black Basta operation.
Dreamer discovered a new ransomware operation named BlueSky.
Links between Conti and the FSB have come to light. The cybercriminal SME has been very aggressive against Costa Rica and Peru, while Latin America appears to be particularly affected. Fifteen countries in the region have spoken out against the invasion of Ukraine.
PCrisk found new STOP ransomware variants that append the .kruu, .ifla, and .byya extensions.
PCrisk found a new STOP ransomware variant that appends the .errz extension.
Amigo-A found a new TxLocker ransomware that appends the .txlck extension and drops a ransom note named f1x_instructions.txt.