Another DarkSide update. Added automatic test decrypting, all processes now are automated. Available DDoS (L3, L7), is performing before the target enters online. Also, the DarkSide team expand specialties like network supplies, pentesting.
Ransomware News 2021 April - Úvod 2020 2019 2018 0 1 2 3
2021 - January February March April May June July August September October November December 2021 - January February March April May June July August September October November December
| 4.2021 | Babuk quits ransomware encryption, focuses on data-theft extortion | | A new message today from the operators of Babuk ransomware clarifies that the gang has decided to close the affiliate program and move to an extortion model that does not rely on encrypting victim computers. |
| 4.2021 | New CryBaby ransomware | | MalwareHunterTeam found a new 'CryBaby' ransomware. |
| 4.2021 | Babuk ransomware readies 'shut down' post, plans to open source malware | | After just a few months of activity, the operators of Babuk ransomware briefly posted a short message about their intention to quit the extortion business after having achieved their goal. |
| 4.2021 | QNAP warns of AgeLocker ransomware attacks on NAS devices | | QNAP customers are once again urged to secure their Network Attached Storage (NAS) devices to defend against Agelocker ransomware attacks targeting their data. |
| 4.2021 | New ransomware group uses SonicWall zero-day to breach networks | | A financially motivated threat actor exploited a zero-day bug in Sonicwall SMA 100 Series VPN appliances to deploy new ransomware known as FiveHands on the networks of North American and European targets. |
| 4.2021 | Brazil's Rio Grande do Sul court system hit by REvil ransomware | | Brazil's Tribunal de Justiça do Estado do Rio Grande do Sul was hit with an REvil ransomware attack yesterday that encrypted employee's files and forced the courts to shut down their network. |
| 4.2021 | Whistler resort municipality hit by new ransomware operation | | The Whistler municipality in British Columbia, Canada, has suffered a cyberattack at the hands of a new ransomware operation. |
| 4.2021 | Security expert coalition shares actions to disrupt ransomware | | The Ransomware Task Force, a public-party coalition of more than 50 experts, has shared a framework of actions to disrupt the ransomware business model. |
| 4.2021 | New Dharma ransomware variant | | dnwls0719 found a new Dharma ransomware variant that appends the .cum extension to encrypted files. |
| 4.2021 | UK rail network Merseyrail likely hit by Lockbit ransomware | | UK rail network Merseyrail has confirmed a cyberattack after a ransomware gang used their email system to email employees and journalists about the attack. |
| 4.2021 | Ransomware gang targets Microsoft SharePoint servers for the first time | | Microsoft SharePoint servers have now joined the list of network devices being abused as an entry vector into corporate networks by ransomware gangs. |
| 4.2021 | The cost of ransomware in 2021: A country-by-country analysis | | The statistics below show the devastating economic toll ransomware has taken in a number of key markets. The data includes ransom demands, the cost of downtime, and the overall global cost of ransomware, as well as separate statistics focused on the public and private sectors. |
| 4.2021 | Ransomware : Revil enchaîne les victimes… qui ne paient pas | | Oui, le groupe Revil, qui pilote le rançongiciel Sodinokibi, est très actif ces temps-ci. Et il semble décidé à enchaîner les coups d’éclat. Mais ses activités semblent de moins en moins couronnées de succès. Et de plus en plus, ce qu’il exhibe comme un tableau de chasse prend des airs de triste galerie de ses échecs. |
| 4.2021 | New Phobos Ransomware variant | | PCrisk found a new Phobos ransomware variant that appends the .lookfornewitguy extension. |
| 4.2021 | Ransomware Attack Vectors Shift as New Software Vulnerability Exploits Aboun | | The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q1 of 2021. Data exfiltration extortion continues to be prevalent and we have reached an inflection point where the vast majority of ransomware attacks now include the theft of corporate data. Q1 saw a reversal of average and median ransom amounts. The averages in Q1 were pulled up by a raft of data exfiltration attacks by one specific threat actor group that opportunistically leveraged a unique vulnerability (more on this below). |
| 4.2021 | New Conti ransomware variant | | dnwls0719 found a new Dharma ransomware variant that appends the .ALNBR extension to encrypted files. |
| 4.2021 | Accellion data breaches drive up average ransom price | | The data breaches caused by the Clop ransomware gang exploiting a zero-day vulnerability have led to a sharp increase in the average ransom payment calculated for the first three months of the year. |
| 4.2021 | Ransomware gang now warns they will leak new Apple logos, iPad plans | | The REvil ransomware gang has mysteriously removed Apple's schematics from their data leak site after privately warning Quanta that they would leak drawings for the new iPad and new Apple logos. |
| 4.2021 | DC Police confirms cyberattack after ransomware gang leaks data | | The Metropolitan Police Department has confirmed that they suffered a cyberattack after the Babuk ransomware gang leaked screenshots of stolen data. |
| 4.2021 | New Conti ransomware variant | | GrujaRS found a new variant of the Conti Ransomware that appends the .GFYPK extension. |
| 4.2021 | New NoCry ransomware | | GrujaRS found a variant of the Stupid Ransomware calling itself NoCry that appends the .Cry extension. |
| 4.2021 | New Dharma ransomware variant | | Jakub Kroustek found a new Dharma ransomware variant that appends the .bdev extension to encrypted files. |
| 4.2021 | A ransomware gang made $260,000 in 5 days using the 7zip utility | | A ransomware gang has made $260,000 in just five days simply by remotely encrypting files on QNAP devices using the 7zip archive program. |
| 4.2021 | Stanford student finds glitch in ransomware payment system to save victims $27,000 | | The hackers behind a nascent strain of ransomware hit a snag this week when a security researcher found a flaw in the payment system and, he says, helped victims save $27,000 in potential losses. |
| 4.2021 | Ransomware gang wants to short the stock price of their victims | | The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock markets. |
| 4.2021 | New Bentley Nefilim variant | | dnwls0719 found a new Nefilim Ransomware variant that appends the .BENTLEY extension and drops a ransom note named BENTLEY-HELP.txt. |
| 4.2021 | New Dharma ransomware variants discovered | | Jakub Kroustek found two new Dharma Ransomware variants that append the .2122 and .HPJ extensions. |
| 4.2021 | Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices | | A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives. |
| 4.2021 | REvil gang tries to extort Apple, threatens to sell stolen blueprints | | The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event where the new iMac was introduced. |
| 4.2021 | New Xorist Ransomware variant | | dnwls0719 found a new Xorist ransomware variant that appends .btCry_zip and drops a ransom note HOW TO DECRYPT FILES.txt. |
| 4.2021 | Discord Nitro gift codes now demanded as ransomware payments | | In a novel approach to ransom demands, a new ransomware calling itself 'NitroRansomware' encrypts victim's files and then demands a Discord Nitro gift code to decrypt files. |
| 4.2021 | Babuk Locker claims to have fixed bugs | | 3xp0rt found a post by Babuk Locker where they state they fixed bugs found in their ransomware. |
| 4.2021 | New Zeoticus ransomware variant | | GrujaRS found a new Zeoticus 2.0 ransomware variant that appends the .pandora extension and drops a ransom note named .pandoraREADME.html. |
| 4.2021 | Ryuk ransomware operation updates hacking techniques | | Recent attacks from Ryuk ransomware operators show that the actors have a new preference when it comes to gaining initial access to the victim network. |
| 4.2021 | New wiper destroys your files | | Michael Gillespie found a wiper that appends the .combo13 extension TO destroyed files and drops a ransom note named FILES ENCRYPTED.TXT. |
| 4.2021 | DarkSide adding more features | | 3xp0rt spotted DarkSide promoting some of their new features: Another DarkSide update. Added automatic test decrypting, all processes now are automated. Available DDoS (L3, L7), is performing before the target enters online. Also, the DarkSide team expand specialties like network supplies, pentesting. |
| 4.2021 | Cyberattaque : le groupe La Martinière rejoint la trop longue liste de victimes | | Le téléphone sonne. Le standard peut prendre les appels. Mais les mises en relations directes avec les interlocuteurs sont impossibles. « Pas de mail, pas de réseau, pas d’Internet… c’est compliqué », peut-on s’entendre expliquer. Et c’est ainsi depuis le mardi 13 avril. Les collaborateurs de l’entreprise semblent avoir été informés qu’une cyberattaque est survenue. Nous avons tenté de joindre la direction de la communication, sans succès à ce stade |
| 4.2021 | New STOP Ransomware variant | | Michael Gillespie found a new STOP ransomware variant that appends the .wrui extension. |
| 4.2021 | New VoidCrypt Ransomware ransomware variant | | dnwls0719 found a new VoidCrypt Ransomware variant that appends the .hydra and drops a ransom note named Decrypt-me.txt. |
| 4.2021 | NBA’s Houston Rockets Face Cyber-Attack by Ransomware Group | | The Houston Rockets of the National Basketball Association are investigating a cyber-attack against their networks from a relatively new ransomware group that claims to have stolen internal business data. |
| 4.2021 | PSA: Severe bug in Babuk ransomware decryptor leads to data loss | | In this particular case, we found a severe issue within the Babuk ransomware strain that targets Linux and more specifically ESXi servers. ESXi is a popular virtualization platform offered by VMware. Virtualization platforms like ESXi have become a very lucrative target for many ransomware groups, like Defray/RansomExx, Darkside, and since recently also Babuk. |
| 4.2021 | New Hakbit ransomware variant | | dnwls0719 found a new Hakbit ransomware variant that appends .CRYSTAL extension. |
| 4.2021 | New Runsomware variants | | xiaopao found new Dharma ransomware variant that append the .graysuit and .swagkarna extensions. |
| 4.2021 | Capcom: Ransomware gang used old VPN device to breach the network | | Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals. |
| 4.2021 | New Dharma ransomware variants | | xiaopao found new Dharma ransomware variant that append the .error, .gold, .zphs, and .back extensions to encrypted files. |
| 4.2021 | Dutch supermarkets run out of cheese after ransomware attack | | A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets. |
| 4.2021 | New Maoloa Ransomware ransomware variant | | dnwls0719 found a Maoloa Ransomware variant that appends the .charlie.j0hnson extension. |
| 4.2021 | New RIP_lmao Ransomware | | GrujaRS found a new ransomware called RIP_lmao that appends the .crypted extension and drops a ransom note named ___RECOVER__FILES__.crypted.txt. |
| 4.2021 | Maze/Egregor ransomware cartel estimated to have made $75 million | | The group behind the Maze and Egregor ransomware operations are believed to have earned at least $75 million worth of Bitcoin from ransom payments following intrusions at companies all over the world. |
| 4.2021 | New GEHENNA Locker ransomware | | dnwls0719 found a new VHD ransomware variant that appends the .gehenna and drops a ransom note named GEHENNA-README-WARNING.html. |
| 4.2021 | New STOP Djvu Ransomware variant | | Michael Gillespie found a new STOP ransomware variant that appends the .lmas extension to encrypted files. |
| 4.2021 | Leading cosmetics group Pierre Fabre hit with $25 million ransomware attack | | Leading French pharmaceutical group Pierre Fabre suffered a REvil ransomware attack where the threat actors initially demanded a $25 million ransom, BleepingComputer learned today. |
| 4.2021 | New VHD ransomware variant | | dnwls0719 found a new VHD ransomware variant that appends the .beaf extension and drops a ransom note named DecryptGuide.txt. |
| 4.2021 | New Wintenzz Security Tool ransomware | | S!Ri has discovered a new ransomware called Wintenzz Security Tool that appends the .wintenzz extension to encrypted files and drops a ransom note named BUY_WINTENZZ.txt. |
| 4.2021 | REvil ransomware now changes password to auto-login in Safe Mode | | A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords. |
| 4.2021 | New Cring ransomware hits unpatched Fortinet VPN devices | | A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. |
| 4.2021 | Ransomware hits TU Dublin and National College of Ireland | | The National College of Ireland (NCI) and the Technological University of Dublin have announced that ransomware attacks hit their IT systems. |
| 4.2021 | Windows XP makes ransomware gangs work harder for their money | | A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago. |
| 4.2021 | New Jormungand Ransomware variant | | dnwls0719 found the Jormungand ransomware that appends the .glock extension and drops a ransom note named READ-ME-NOW.txt. |
| 4.2021 | New STOP Djvu Ransomware variant | | Michael Gillespie found a new STOP ransomware variant that appends the .urnb extension to encrypted files. |
| 4.2021 | Sierra Wireless resumes production after ransomware attack | | Canadian IoT solutions provider Sierra Wireless announced that it resumed production at its manufacturing sites halted after a ransomware attack that hit its internal network and corporate website on March 20. |
| 4.2021 | New Jigsaw Ransomware variant | | GrujaRS found a new Jigsaw ransomware variant that appends the .cat extension. |
| 4.2021 | New STOP Djvu Ransomware variant | | Michael Gillespie found a new STOP ransomware variant that appends the .fdcz extension to encrypted files. |
| 4.2021 | Sepa spends nearly £800,000 on cyber attack response | | Figures released to BBC Scotland under freedom of information laws show a total of £790,000 has been spent on Sepa's response and recovery actions so far |
| 4.2021 | Ransomware gang leaks data from Stanford, Maryland universities | | Personal and financial information stolen from Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group. |
| 4.2021 | Malware attack is preventing car inspections in eight US states | | A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. |
| 4.2021 | New WhiteBlackGroup ransomware | | S!Ri has discovered a new ransomware called WhiteBlackGroup that appends the .encrpt3d extension to encrypted files. |
| 4.2021 | New Makop Ransomware variant | | dnwls0719 found a new Makop ransomware variant that appends the .dark extension and drops a ransom note named readme-warning.txt. |
| 4.2021 | As ransomware stalks the manufacturing sector, victims are still keeping quiet | | In addition to Norsk Hydro, CyberScoop requested interviews with a dozen manufacturers in Europe and the U.S. that have reportedly had their production disrupted by ransomware incidents in the last two and half years. Nearly all either declined to comment, did not respond or said an executive was unavailable by press time. |
| 4.2021 | Ransomware gang wanted $40 million in Florida schools cyberattack | | Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that can not afford to pay them. An example of this is a recently revealed ransomware attack on the Broward County Public Schools district where threat actors demanded a $40,000,000 payment. |
| 4.2021 | Qualys says Accellion hackers did not breach production systems | | Cybersecurity firm Qualys said today that the attackers who breached its Accellion FTA server didn't infiltrate the company's production and corporate environments. |
| 4.2021 | Asteelflash electronics maker hit by REvil ransomware attack | | Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. |
| 4.2021 | New Dharma ransomware variants | | Jakub Kroustek found new Dharma ransomware variants that append the .4o4 and .ctpl extensions to encrypted files. |
| 4.2021 | New STOP Djvu Ransomware variant | | Michael Gillespie found a new STOP ransomware variant that appends the .ytbn extension to encrypted files. |
| 4.2021 | Microsoft Exchange attacks increase while WannaCry gets a restart | | The recently patched vulnerabilities in Microsoft Exchange have sparked new interest among cybercriminals, who increased the volume of attacks focusing on this particular vector. |
| 4.2021 | Harris Federation hit by ransomware attack affecting 50 schools | | The IT systems and email servers of London-based nonprofit multi-academy trust Harris Federation were taken down by a ransomware attack on Saturday. |
| 4.2021 | CompuCom MSP expects over $20M in losses after ransomware attack | | American managed service provider CompuCom is expecting losses of over $20 million following this month's DarkSide ransomware attack that took down most of its systems. |
| 4.2021 | Ransomware admin is refunding victims their ransom payments | | After recently announcing the end of the operation, the administrator of Ziggy ransomware is now stating that they will also give the money back. |
| 4.2021 | FatFace sends controversial data breach email after ransomware attack | | British clothing brand FatFace has sent a controversial 'confidential' data breach notification to customers after suffering a ransomware attack earlier this year. |