Ransomware News 2021 August - Úvod 2020 2019 2018 0 1 2 3
2021 - January February March April May June July August September October November December 2021 - January February March April May June July August September October November December
H Ransomware Jak útočí Klany Techniky Obrana Popisky Anti-Ramson Tool Rescue plan Anti-ransomware vaccine RansomFree Prevence Video Vývoj
| 8.2021 | LockFile ransomware uses PetitPotam attack to hijack Windows domains | | At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. |
| 8.2021 | SynAck ransomware decryptor lets victims recover files for free | | Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. |
| 8.2021 | New Malki Ransomware | | dnwls0719 found a new ransomware that appends the .MALKI extension. |
| 8.2021 | CISA shares guidance on how to prevent ransomware data breaches | | The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. |
| 8.2021 | Japanese insurer Tokio Marine discloses ransomware attack | | Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. |
| 8.2021 | Diavol ransomware sample shows stronger connection to TrickBot gang | | A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware. |
| 8.2021 | New Dharma ransomware variant | | Jakub Kroustek found a new Dharma variant that appends the .c0v extension. |
| 8.2021 | Brazilian government discloses National Treasury ransomware attack | | The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of National Treasury's computing systems on Friday night, right before the start of the weekend. |
| 8.2021 | Conti ransomware prioritizes revenue and cyberinsurance data theft | | Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software and seek out cyber insurance policies. |
| 8.2021 | Colonial Pipeline reports data breach after May ransomware attack | | Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. |
| 8.2021 | Hive ransomware attacks Memorial Health System, steals patient data | | In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. |
| 8.2021 | New Karma ransomware | | dnwls0719 found a a new Karma ransomware that appends the .KARMA extension and has a dedicated leak site. |
| 8.2021 | SynAck ransomware releases decryption keys after El_Cometa rebrand | | The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group. |
| 8.2021 | Vice Society ransomware joins ongoing PrintNightmare attacks | | The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks. |
| 8.2021 | Ransomware gang uses PrintNightmare to breach Windows servers | | Ransomware operators have added PrintNightmare exploits to their arsenal and are targeting Windows servers to deploy Magniber ransomware payloads. |
| 8.2021 | New Phobos ransomware variant | | dnwls0719 found a new Phobos Ransomware variant that appends the .HORSEMONEY extension. |
| 8.2021 | BlackMatter Ransomware Attack Impacting Multiple Financial Institutions | | In the course of our routine threat hunting exercise, the Cyble Research Lab discovered that Pine Labs, an Indian merchant platform company that provides financing and last-mile retail transaction technology, was impacted by a ransomware attack. Our investigation showcased that the BlackMatter ransomware group is behind the attack on Pine Labs. The group has been garnering considerable media attention because of this attack. |
| 8.2021 | Accenture confirms hack after LockBit ransomware data leak threats | | Accenture, a global IT consultancy giant has allegedly been hit by a ransomware cyberattack from the LockBit ransomware gang. |
| 8.2021 | Kaseya's universal REvil decryption key leaked on a hacking foru | | The universal decryption key for REvil's attack on Kaseya's customers has been leaked on hacking forums allowing researchers their first glimpse of the mysterious key. |
| 8.2021 | k-12 school districts fall prey to Pysa ransomware | | As a preface, we note that Pysa are not the only ransomware threat actors attacking the k-12 sector, which has a reputation of being “low-hanging fruit” for hacks. We have also seen many other groups attacking k-12 districts. A partial listing of ransomware attacks on k-12 is embedded below this discussion of Pysa victims. |
| 8.2021 | Crytek confirms Egregor ransomware attack, customer data theft | | Game developer and publisher Crytek has confirmed that the Egregor ransomware gang breached its network in October 2020, encrypting systems and stealing files containing customers' personal info later leaked on the gang's dark web leak site. |
| 8.2021 | eCh0raix ransomware now targets both QNAP and Synology NAS devices | | A newly discovered eCh0raix ransomware variant has added support for encrypting both QNAP and Synology Network-Attached Storage (NAS) devices. |
| 8.2021 | New Dharma ransomware variant | | PCrisk found a new Dharma Ransomware variant that appends the .JRB extension. |
| 8.2021 | New STOP ransomware variant | | PCrisk found a new STOP Ransomware variant that appends the .repg extension. |
| 8.2021 | BlackMatter ransomware emerges from the shadow of DarkSide | | In late July, a new RaaS appeared on the scene. Calling itself BlackMatter, the ransomware claims to fill the void left by DarkSide and REvil – adopting the best tools and techniques from each of them, as well as from the still-active LockBit 2.0. |
| 8.2021 | Microsoft adds Fusion ransomware attack detection to Azure Sentinel | | Microsoft says that the Azure Sentinel cloud-native SIEM (Security Information and Event Management) platform is now able to detect potential ransomware activity using the Fusion machine learning model. |
| 8.2021 | Synology warns of malware infecting NAS devices with ransomware | | Taiwan-based NAS maker Synology has warned customers that the StealthWorker botnet is targeting their network-attached storage devices in ongoing brute-force attacks that lead to ransomware infections. |
| 8.2021 | Australian govt warns of escalating LockBit ransomware attacks | | The Australian Cyber Security Centre (ACSC) warns of an increase of LockBit 2.0 ransomware attacks against Australian organizations starting July 2021. |
| 8.2021 | New Zeppelin ransomware variant | | dnwls0719 found a new Zeppelin Ransomware variant that appends the .payfast500 extension. |
| 8.2021 | New Xorist ransomware variant | | PCrisk found a new Xorist ransomware variant that appends the .divinity extension and drops a ransom note named HOW TO DECRYPT FILES.txt. |
| 8.2021 | It's alive! The story behind the BlackMatter ransomware strain | | Summer 2021 brought hot weather, but also hot news from the world of ransomware. In late May, DoppelPaymer used a marketing trick and renamed its new ransomware Grief (Pay OR Grief). Moreover, in June-July the hacker groups DarkSide and REvil disappeared from the radars after the notorious attacks against Colonial Pipeline and Kaseya, respectively. By the end of July, a new player called BlackMatter had entered the ransomware market. Is BlackMatter really new on the scene, however? |
| 8.2021 | Computer hardware giant GIGABYTE hit by RansomEXX ransomware | | Taiwanese motherboard maker has been hit by the RansomEXX ransomware gang, who threaten to publish 112GB of stolen data unless a ransom is paid |
| 8.2021 | New SALMA ransomware | | Amigo-A found a new ransomware that appends the .salma extension and drops a ransom note named read_me.txt. |
| 8.2021 | New Dharma ransomware variant | | Jakub Kroustek found a new Dharma ransomware variant that appends the .CLEAN extension. |
| 8.2021 | Angry Conti ransomware affiliate leaks gang's attack playbook | | A disgruntled Conti affiliate has leaked the gang's training material when conducting attacks, including information about one of the ransomware's operators. |
| 8.2021 | CISA teams up with Microsoft, Google, Amazon to fight ransomware | | CISA has announced the launch of Joint Cyber Defense Collaborative (JCDC), a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats. |
| 8.2021 | Linux version of BlackMatter ransomware targets VMware ESXi servers | | ?The BlackMatter gang has joined the ranks of ransomware operations to develop a Linux encryptor that targets VMware's ESXi virtual machine platform. |
| 8.2021 | New Phobos ransomware variant | | PCrisk discovered a new Phobos ransomware variant that appends the .Win extension. |
| 8.2021 | LockBit ransomware recruiting insiders to breach corporate networks | | The LockBit 2.0 ransomware gang is actively recruiting corporate insiders to help them breach and encrypt networks. In return, the insider is promised million-dollar payouts. |
| 8.2021 | Energy group ERG reports minor disruptions after ransomware attack | | Italian energy company ERG reports "only a few minor disruptions" affecting its information and communications technology (ICT) infrastructure following a ransomware attack on its systems. |
| 8.2021 | Protect Against BlackMatter Ransomware Before It’s Offered | | Insikt Group analyzed Windows and Linux variants of BlackMatter ransomware, a new ransomware-as-a-service (RaaS) affiliate program founded in July 2021. During our technical analysis, we found that both variants accomplish similar goals of encrypting a victim’s files and appear to have been developed by a relatively sophisticated group |
| 8.2021 | New Dharma ransomware variant | | PCrisk discovered a new Dharma ransomware variant that appends the .GanP extension. |
| 8.2021 | U.S. medical entities fall prey to Pysa threat actors, but many haven’t disclosed it – at least, not yet. | | Since 2018, threat actors known as “Pysa” (for “Protect Your System Amigo”) have used mespinoza ransomware to lock up victims’ files after exfiltrating a copy of them. In early 2020, alerts about these “big-game hunters” were published by both the FBI and CNIL . Since then, Pysa has continued to pose a threat to the medical and education sectors. Like a number of other ransomware-as-a-service (RaaS) groups, Pysa maintains a dedicated leak site on the dark web where they list victims who do not pay their ransom demands and then dump their data. They call them “partners.” |
| 8.2021 | Ransomware attack hits Italy's Lazio region, affects COVID-19 site | | The Lazio region in Italy has suffered a reported ransomware attack that has disabled the region's IT systems, including the COVID-19 vaccination registration portal. |
| 8.2021 | New STOP ransomware variants | | PCrisk iscovered new STOP ransomware variants that append the .nooa and .muuq extension. |
| 8.2021 | DarkSide ransomware gang returns as new BlackMatter operation | | Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities. |
| 8.2021 | BlackMatter ransomware gang rises from the ashes of DarkSide, REvil | | ?A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations. |