Ransomware News 2021 February - Úvod 2020 2019 2018 0 1 2 3
2021 - January February March April May June July August September October November December 2021 - January February March April May June July August September October November December
| 28.2.2021 | Ransomware gang hacks Ecuador's largest private bank, Ministry of Finance | | A hacking group called 'Hotarus Corp' has hacked Ecuador's Ministry of Finance and the country's largest bank, Banco Pichincha, where they claim to have stolen internal data. |
| 28.2.2021 | Ryuk ransomware now self-spreads to other Windows LAN devices | | A new Ryuk ransomware variant with worm-like capabilities that allow it to spread to other devices on victims' local networks has been discovered by the French national cyber-security agency while investigating an attack in early 2021. |
| 28.2.2021 | New Team Assist ransomware | | S!ri found a new ransomware that appends the .assist extension. |
| 28.2.2021 | Looking for the Snoopdoog ransomware | | Michael Gillespie found a new ransomware that appends the .Snoopdoog and drops a ransom note named Decrypt-me.txt. |
| 28.2.2021 | Dutch Research Council (NWO) confirms ransomware attack, data leak | | The recent cyberattack that forced the Dutch Research Council (NWO) to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang. |
| 28.2.2021 | New 'Clman' Dharma ransomware variant | | Jakub Kroustek found a new Dharma ransomware variant that appends the .clman extension to encrypted files. |
| 28.2.2021 | Ransomware gang extorts jet maker Bombardier after Accellion breach | | Business jet maker Bombardier is the latest company to suffer a data breach by the Clop ransomware gang after attackers exploited a zero-day vulnerability to steal company data. |
| 28.2.2021 | Cyberpunk 2077 patch 1.2 delayed by CD Projekt ransomware attack | | CD Projekt Red announced today that they are delaying the anticipated Cyberpunk 2077 Patch 1.2 to the second half of March 2021 due to their recent cyberattack. |
| 28.2.2021 | New ThunderX/Ranzy variant | | dnwls0719 found a new ThunderX/Ranzy ransomware variant that appends the .RANZYLOCKED extension to encrypted files. |
| 28.2.2021 | Q4 2020 Doxxing Victim Trends: Industrial Sector Emerges as Primary Ransom “Non-Payor” | | The analysis that follows is based on an examination of ransomware doxxing victims whose identities were published between September and December of 2020. The data for this blog post was collected from 100% public sources. Unlike the majority of research on cyber extortion trends, which is based on information collected from self-identified victims of ransomware, these data points are collected from the threat actor’s own public ledgers of victims and are not subject to the same limitations of self-reporting. At this time one year ago, only two or three ransomware gangs had developed the practice of naming-and-shaming victims who failed to pay the ransom. |
| 28.2.2021 | New 'Urs' Dharma ransomware variant | | Emmanuel_ADC-Soft found a new Dharma ransomware variant that appends the .urs extension to encrypted files. |
| 28.2.2021 | Finnish IT services giant TietoEVRY discloses ransomware attack | | Finnish IT services giant TietoEVRY has suffered a ransomware attack that forced them to disconnect clients' services. |
| 28.2.2021 | New 'Four' Dharma ransomware variant | | Jakub Kroustek found a new Dharma ransomware variant that appends the .four extension to encrypted files. |
| 28.2.2021 | Global Accellion data breaches linked to Clop ransomware gang | | Threat actors associated with financially-motivated hacker groups combined multiple zero-day vulnerabilities and a new web shell to breach up to 100 companies using Accellion's legacy File Transfer Appliance and steal sensitive files. |
| 28.2.2021 | New Dharma ransomware variant | | Jakub Kroustek found a new Dharma ransomware variant that appends the .pauq extension to encrypted files. |
| 28.2.2021 | Lakehead University shuts down campus network after cyberattack | | Canadian undergraduate research university Lakehead has been dealing with a cyberattack that forced the institution earlier this week to cut off access to its servers. |
| 28.2.2021 | Underwriters Laboratories (UL) certification giant hit by ransomware | | UL LLC, better known as Underwriters Laboratories, has suffered a ransomware attack that encrypted its servers and caused them to shut down systems while they recover. |
| 28.2.2021 | CIS now offers free ransomware protection to all US hospitals | | The Center for Internet Security (CIS), a non-profit dedicated to securing IT systems and data, has announced the launch of free ransomware protection for US private hospitals through the Malicious Domain Blocking and Reporting (MDBR) service. |
| 28.2.2021 | US cities disclose data breaches after vendor's ransomware attack | | A ransomware attack against the widely used payment processor ATFS has sparked data breach notifications from numerous cities and agencies within California and Washington. |
| 28.2.2021 | New Stop ransomware variant | | Michael Gillespie found a new ransomware that appends the .cadq extension to encrypted files. |
| 28.2.2021 | New Makop variant | | Petrovic found a new variant of the Makop ransomware that appends the .vassago extension. |
| 28.2.2021 | Kia Motors America suffers ransomware attack, $20 million ransom | | Kia Motors America has suffered a ransomware attack by the DoppelPaymer gang, demanding $20 million for a decryptor and not to leak stolen data. |
| 28.2.2021 | Egregor ransomware affiliates arrested by Ukrainian, French police | | A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests of several members of the Egregor ransomware operation in Ukraine. |
| 28.2.2021 | Tortoise ransomware decryptor released | | Cerberus released a decryptor for the Tortoise Ransomware. |
| 28.2.2021 | Leading Canadian rental car company hit by DarkSide ransomware | | Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data. |
| 28.2.2021 | CD Projekt's stolen source code allegedly sold by ransomware gang | | A ransomware gang who says they stole unencrypted source code for the company's most popular games and then encrypted CD Projekt's servers claims to have sold the data. |
| 14.2.21 | The Trigano company victim of a cyberattack, the Tournon-sur-Rhône plant shut down | | The manufacturer of caravans, motorhomes, camping furniture and mobile homes was the victim of a cyberattack on Tuesday February 9. It prevents access to computers. The factory based in Tournon-sur-Rhône (Ardèche) is therefore at a standstill this Friday, February 12. |
| 14.2.21 | Seraing: the City hit by a cyber attack! | | Last weekend, the city of Seraing reported that its services were temporarily inaccessible to the public and for a reason beyond its control. Indeed, since the computer network of the city of Seraing was the victim of a malicious attack! A complaint has been filed. |
| 14.2.21 | Avaddon ransomware fixes flaw allowing free decryption | | The Avaddon ransomware gang has fixed a bug that let victims recover their files without paying the ransom. The flaw came to light after a security researcher exploited it to create a decryptor. |
| 14.2.21 | New Android ransomware | | MalwareHunterTeam found a new Android ransomware targeting users from Kazakhstan. |
| 14.2.21 | New STOP Djvu variant | | Michael Gillespie found a new STOP DJvu ransomware variant that appends the .ygkz extension to encrypted files. |
| 14.2.21 | New Dharma ransomware variants | | Jakub Kroustek found new Dharma ransomware variants that append the .word, and .LOTUS extensions to encrypted files. |
| 14.2.21 | Hackers auction alleged stolen Cyberpunk 2077, Witcher source code | | Threat actors are auctioning the alleged source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077, that they state were stolen in a ransomware attack. |
| 14.2.21 | French MNH health insurance company hit by RansomExx ransomware | | French health insurance company Mutuelle Nationale des Hospitaliers (MNH) has suffered a ransomware attack that has severely disrupted the company's operations. BleepingComputer has learned. |
| 14.2.21 | New Matrix ransomware variant | | xiaopao found a new Matrix ransomware variant that appends the .TRU8 extension. |
| 14.2.21 | HelloKitty ransomware behind CD Projekt Red cyberattack, data theft | | The ransomware attack against CD Projekt Red was conducted by a ransomware group that goes by the name 'HelloKitty,' and yes, that's the name the threat actors utilize. |
| 14.2.21 | CD PROJEKT RED gaming studio hit by ransomware attack | | CD PROJEKT RED, the video game development studio behind Cyberpunk 2077 and The Witcher trilogy, has disclosed a ransomware attack that impacted its network. |
| 14.2.21 | New Dharma ransomware variants | | Jakub Kroustek found new Dharma ransomware variants that append the .wcg, .con30, and .text extensions to encrypted files. |
| 14.2.21 | New Tortoise ransomware | | Danus found the new Tortoise Ransomware that appends the .tortoise extension but does not appear to actually encrypt anything. |
| 14.2.21 | New DarkWorld ransomware | | xiaopao found a new ransomware called DarkWorld that appends the .dark extension and drops a ransom note named important.txt. |
| 14.2.21 | Albany ransomware attack threatens criminal cases | | The 2019 ransomware attack on the city’s servers is now potentially affecting criminal cases after it was revealed that the city police department lost all digital copies of its 2018 internal affairs files. |
| 14.2.21 | Ziggy ransomware shuts down and releases victims' decryption keys | | The Ziggy ransomware operation has shut down and released the victims' decryption keys after concerns about recent law enforcement activity and guilt for encrypting victims. |
| 6.2.21 | Eletrobras, Copel energy companies hit by ransomware attacks | | Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utilities companies in Brazil have announced that they suffered ransomware attacks over the past week. |
| 6.2.21 | New Xorist ransomware variant | | xiaopao found a Xorist ransomware variant that appends the .omfl extension to encrypted file's names. |
| 6.2.21 | New HDLocker | | xiaopao found a HDLocker ransomware that appends the _HD string to encrypted file's names. |
| 6.2.21 | Blockchain Analysis Shows Connections Between Four of 2020’s Biggest Ransomware Strains | | As we’ve covered on our blog, there may be fewer cybercriminals responsible for ransomware attacks than one would initially think given the number of individual attacks, distinct strains, and amount stolen from victims. Cybersecurity researchers point out that many RaaS affiliates carrying out attacks switch between different strains, and many believe that seemingly distinct strains are actually controlled by the same people. Using blockchain analysis, we’ll investigate potential connections between four of 2020’s most prominent ransomware strains: Maze, Egregor, SunCrypt, and Doppelpaymer. |
| 6.2.21 | Ransomware attacks increasingly destroy victims’ data by mistake | | More and more ransomware victims are resisting the extortionists and refuse to pay when they can recover from backups, despite hackers' threats to leak the data stolen before encryption. |
| 6.2.21 | Trucking company Forward Air said its ransomware incident cost it $7.5 million | | Trucking and freight transportation logistics company Forward Air said a recent ransomware attack left a dent of $7.5 million in its Q4 financial results. |
| 6.2.21 | THE STATE OF RANSOMWARE | | Ransomware continues the trend of targeted attacks but with the added challenge of double extortion. Organizations need to be one step ahead of such coercive tactics to avoid potential disruptions, financial losses, and reputational damage. |
| 6.2.21 | New Fonix ransomware decryptor can recover victim's files for free | | Kaspersky has released a decryptor for the Fonix Ransomware (XONIF) that allows victims to recover their encrypted files for free. |
| 6.2.21 | Another new Nefilim variant | | MalwareHunterTeam found another Nefilim ransomware variant that appends the .MILIHPEN and drops a ransom note named MILIHPEN-INSTRUCT.txt. |
| 6.2.21 | New Nefilim varian | | MalwareHunterTeam found a new Nefilim ransomware variant that appends the .DERZKO and drops a ransom note named DERZKO-HELP.txt. |
| 6.2.21 | New VashSorena variant | | MalwareHunterTeam found a new VashSorena variant that appends the .lucifer extension and drops ransom notes named HELP_DECRYPT_YOUR_FILES.txt and HELP_DECRYPT_YOUR_FILES.html. |
| 6.2.21 | New STOP Ransomware variants | | Michael Gillespie found new STOP Djvu ransomware variants that append the .plam and .cosd extensions to encrypted files. |
| 6.2.21 | Interview with a LockBit ransomware operator | | In September 2020, Cisco Talos established contact with a self-described LockBit operator and experienced threat actor. Over the course of several weeks, we conducted multiple interviews that gave us a rare, first-hand account of a ransomware operator’s cybercriminal activities. Through these exchanges, we gleaned several valuable takeaways for executives and the broader cybersecurity community. |
| 6.2.21 | Netgain ransomware incident impacts local governments | | The ransomware incident that Netgain, a provider of managed IT services, had late last year rippled onto its customers. Now, Ramsey County, Minnesota, is informing clients of the Family Health Division program that the hackers may have accessed personal data. |
| 6.2.21 | Babyk Ransomware won't hit charities, unless they support LGBT, BLM | | The Babyk ransomware operation has launched a new data leak site used to publish victim's stolen data as part of a double extortion strategy. Included is a list of targets they wont attack with some exclusions that definitely stand out. |
| 6.2.21 | Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands | | The Coveware Quarterly Ransomware Report describes ransomware incident response trends during Q4 of 2020. Ransomware groups continue to leverage data exfiltration as a tactic. However, the trust that stolen data will be deleted is eroding; defaults are becoming more frequent when exfiltrated data is made public despite the victim paying. As a result, fewer companies are giving in to cyber extortion when they are able to recover from back ups. This inflection led to a large decline in average ransom amounts paid. Stemming the tide of cyber extortion will only happen if the industry is starved of its profitability. This trend was a distinct positive during Q4. |
| 6.2.21 | UK Research and Innovation (UKRI) suffers ransomware attack | | The UK Research and Innovation (UKRI) is dealing with a ransomware incident that encrypted data and impacted two of its services, one offering information to subscribers and the platform for peer review of various parts of the agency. |