28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
28.3.21
Ransomware News 2021 March- Úvod 2020 2019 2018 0 1 2 3
2021 - January February March April May June July August September October November December 2021 - January February March April May June July August September October November December
28.3.21 | New HiddenTear variant | | dnwls0719 found a new HiddenTear variant that appends the .HANTA extension and drops a ransom note named how_to_recover.txt. |
28.3.21 | Retailer FatFace pays $2m ransom to Conti cyber criminals | | Fashion retailer FatFace has paid a $2m ransom to the Conti ransomware gang following a successful cyber attack on its systems that took place in January 2021, Computer Weekly has learned. |
28.3.21 | Microsoft: Black Kingdom ransomware hacked 1.5K Exchange servers | | Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. |
28.3.21 | Ransomware gang urges victims’ customers to fight for their privacy | | A ransomware operation known as 'Clop' is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy. |
28.3.21 | FBI exposes weakness in Mamba ransomware, DiskCryptor | | An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom. |
28.3.21 | This company was hit by ransomware. Here's what they did next, and why they didn't pay up | | It started out as a normal Thursday for Tony Mendoza, senior IT director at Spectra Logic, a data storage company based in Boulder, Colorado. And then the ransomware attack began. |
28.3.21 | New Stop Ransomware variant | | Amigo-A found a new STOP ransomware variant that appends the .ekvf extension. |
28.3.21 | Ransomware gang leaks data from US military contractor the PDI Group | | A major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a ransomware attack. |
28.3.21 | Evil Corp switches to Hades ransomware to evade sanctions | | Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions imposed by the Treasury Department's Office of Foreign Assets Control (OFAC). |
28.3.21 | Insurance giant CNA hit by new Phoenix CryptoLocker ransomware | | Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group. |
28.3.21 | New Makop variant | | dnwls0719 found a new Makop ransomware variant that appends the .pecunia extension and drops a ransom note named readme-warning.txt. |
28.3.21 | CNA insurance firm hit by a cyberattack, operations impacted | | CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website. |
28.3.21 | Ransomware gang leaks data stolen from Colorado, Miami universities | | Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group. |
28.3.21 | High-availability server maker Stratus hit by ransomware | | Stratus Technologies has suffered a ransomware attack that required systems to be taken offline to prevent the attack's spread. |
28.3.21 | Ransomware attack shuts down Sierra Wireless IoT maker | | Sierra Wireless, a world-leading IoT (Internet of Things) solutions provider, today disclosed a ransomware attack that forced it to halt production at all manufacturing sites. |
28.3.21 | New Dharma ransomware variant | | Jakub Kroustek found a new Dharma ransomware variant that appends the .bqd2 extension. |
28.3.21 | Energy giant Shell discloses data breach after Accellion hack | | Energy giant Shell has disclosed a data breach after attackers compromised the company's secure file-sharing system powered by Accellion's File Transfer Appliance (FTA). |
28.3.21 | Microsoft Exchange servers now targeted by Black Kingdom ransomware | | Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. |
| 28.3.21 | New Pay2Decrypt variant | | S!Ri found a new Pay2Decrypt variant that appends the .aes extension. |
| 21.3.21 | Ransomware statistics for 2020: Year in summary | | 2020, the year of the pandemic, was another lucrative year for ransomware. As nations around the world scrambled to slow the spread of the virus, cybercriminals attempted to capitalize on the chaos. |
| 21.3.21 | Cyberattaque : une rançon de 50 millions de dollars demandée à Acer | | Les opérateurs du rançongiciel Revil, aussi connu sous le nom Sodinokibi, ont ajouté le constructeur à la liste de victimes. Ils laissent encore près de 9 jours à Acer pour négocier, faute de quoi ils doubleront leurs exigences. |
| 21.3.21 | Computer giant Acer hit by $50 million ransomware attack | | Electronics giant Acer has been hit by a REvil ransomware attack where the threat actors are demanding the largest known ransom to date, $50,000,000. |
| 21.3.21 | REvil ransomware has a new ‘Windows Safe Mode’ encryption mode | | The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files. |
| 21.3.21 | New Stop ransomware variant | | dnwls0719 found a new STOP Djvu ransomware variant that appends the .enfp and drops a ransom note named _readme.txt. |
| 21.3.21 | New PewPew Ransomware variant | | Amigo-A found a new PewPew Ransomware variant that calls itself 'Artemis' and appends the .optimus extension to encrypted files. |
| 21.3.21 | New SFile ransomware variant | | xiaopao found a new variant of the SFile ransomware that appends the .zuadr extension and drops a ransom note named RESTORE_FILES_INFO.hta and RESTORE_FILES_INFO.txt. |
| 21.3.21 | New Hakbit ransomware variant | | xiaopao found a new variant of the SFile ransomware that appends the .PROM extension. |
| 21.3.21 | Missed opportunity: Bug in LockBit ransomware allowed free decryptions | | A member of the cybercriminal community has discovered and disclosed a bug in the LockBit ransomware that could have been used for free decryptions. |
| 21.3.21 | New Xorist ransomware variant | | xiaopao found a new variant of the SFile ransomware that appends the .sandboxtest extension. |
| 21.3.21 | New Rapid ransomware variant | | dnwls0719 found a new Rapid ransomware variant that appends the .lock extension. |
| 21.3.21 | New Liz Dharma ransomware variant | | Jakub Kroustek found a new Dharma Ransomware variant that appends the .liz extension. |
| 21.3.21 | An interview with REvil’s Unknown | | Unknown talked to Recorded Future expert threat intelligence analyst Dmitry Smilyanets recently about using ransomware as a weapon, staying out of politics, experimenting with new tactics, and much more. The interview was conducted in Russian and translated to English with the help of a professional translator, and has been edited for clarity. |
| 21.3.21 | FBI warns of escalating Pysa ransomware attacks on education orgs | | The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions. |
| 21.3.21 | New RunExeMemory ransomware variant | | GrujaRSA found a new variant of the RunExeMemory that appends the .z8sj2c extension and drops a ransom note named Read me, if you want to recover your files.txt. |
| 13.3.21 | 6,970 publicly exposed web shells on Exchange servers | | Kryptos Logic reported that there 6,970 publicly exposed web shells on Exchange servers that were being targeted by threat actors. |
| 13.3.21 | New Dharma ransomware variants | | Jakub Kroustek found new Dharma Ransomware variants that append the .LAO and .pirat extensions. |
| 13.3.21 | New Dharma ransomware variants | | Jakub Kroustek found new Dharma Ransomware variants that append the .biden, .eofyd, and .duk extensions. |
| 13.3.21 | DearCry found to be targeting Exchange | | Michael Gillespie was the first to disclose that a new DearCry ransomware was targeting exchange servers. |
| 13.3.21 | Ransomware now attacks Microsoft Exchange servers with ProxyLogon exploits | | Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities. |
| 13.3.21 | Molson Coors brewing operations disrupted by cyberattack | | The Molson Coors Beverage Company has suffered a cyberattack that is causing significant disruption to business operations. |
| 13.3.21 | DarkSide Ransomware 2.0 released | | 3xp0rt found a post on a Russian-speaking hacker forum where threat actors announced the new DarkSide 2.0 ransomware. This version allegedly includes faster encryption and features. |
| 13.3.21 | New STOP ransomware variants | | Michael Gillespie found new STOP Djvu ransomware variants that append the .reig and .tirp extensions to encrypted files. |
| 13.3.21 | Ryuk ransomware hits 700 Spanish government labor agency offices | | The systems of SEPE, the Spanish government agency for labor, were taken down following a ransomware attack that hit more than 700 agency offices across Spain. |
| 13.3.21 | New Bad Gopher ransomware | | S!Ri found a new ransomware that appends the .gopher extension. |
| 13.3.21 | GandCrab ransomware affiliate arrested for phishing attacks | | A suspected GandCrab Ransomware member was arrested in South Korea for using phishing emails to infect victims. |
| 13.3.21 | Healthcare Providers Were Warned of a Ransomware Surge Last Fall. Some Still Aren’t Sure How Serious the Threat Was | | Late last October, when the U.S. government warned of an imminent ransomware threat to the country’s hospitals and healthcare providers, many in the industry had a similar reaction: they paused, took a deep breath, and braced for impact. |
| 13.3.21 | New Matrix ransomware variant | | dnwls0719 found a new Matrix ransomware variant that appends the .JDPR extension and drops a ransom note named JDPR_README.rtf. |
| 13.3.21 | Flagstar Bank hit by data breach exposing customer, employee data | | US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. |
| 13.3.21 | New Sarbloh ransomware supports Indian farmers' protest | | A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers. |
| 13.3.21 | New ROG Dharma ransomware variant | | Jakub Kroustek found a new Dharma Ransomware variant that appends the .ROG extension. |
| 13.3.21 | New Jessy Dharma ransomware variant | | Jakub Kroustek found a new Dharma Ransomware variant that appends the .Jessy extension. |
| 13.3.21 | Ransomware gang plans to call victim's business partners about attacks | | The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. |
| 7.3.21 | New ransomware only decrypts victims who join their Discord server | | A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server. |
| 7.3.21 | New JesusCrypt Ransomware | | MalwareHunterTeam found a new in-development ransomware called JesusCrypt. |
| 7.3.21 | Ransomware is a multi-billion industry and it keeps growing | | An analysis from global cybersecurity company Group-IB reveals that ransomware attacks more than doubled last year and increased in both scale and sophistication. |
| 7.3.21 | CompuCom MSP hit by DarkSide ransomware cyberattack | | US managed service provider CompuCom has suffered a DarkSide ransomware attack leading to service outages and customers disconnecting from the MSP's network to prevent the spread of malware. |
| 7.3.21 | Emsisoft Aurora decryptor updated | | Emsisoft has updated their Aurora decryptor to support the .systems32x extension. |
| 7.3.21 | New Help You Ransomware | | xiaopao found a new ransomware that appends the .IQ_IQ and drops a ransom note named HOW_TO_RECOVERY_FILES.txt. |
| 7.3.21 | Beware the Fancy Bear ransomware | | S!ri found a new ransomware that we will let the screenshot speak for itself. |
| 7.3.21 | RansomTrojanLock discovered | | S!ri found a new ransomware that appends the .RansomTrojanLock extension to encrypted files. |
| 7.3.21 | When Viruses Mutate: Did SunCrypt Ransomware Evolve from QNAPCrypt? | | This report uses both dark web research and malware analysis to investigate the connection between the affiliate ransomware service known as SunCrypt and the QNAPCrypt ransomware, the latter of which was used against QNAP and Synology devices back in 2019. While the two ransomware are operated by distinct different threat actors on the dark web, there are strong technical connections in code reuse and techniques, linking the two ransomware to the same author. Just because a malware is a derivative of another malware does not mean it will be deployed in exactly the same way. A new operator may use different targets, tactics, techniques and procedures (TTPs), which can include new evasion techniques. Defenders must remain vigilant. |
| 7.3.21 | New Makop ransomware variant | | Petrovic found a new Makop ransomware variant that appends the .vassago extension to encrypted files. |
| 7.3.21 | New 'Corona Locker' Aurora ransomware variant | | xiaopao found a new variant of the Aurora ransomware that calls itself 'Corona Locker' and appends the .systems32x extension. |
| 7.3.21 | Payroll giant PrismHR outage likely caused by ransomware attack | | Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. |
| 7.3.21 | New STOP Djvu ransomware variant | | Michael Gillespie found a new STOP ransomware variant that appends the .ribd extension to encrypted files. |
| 7.3.21 | New Dharma ransomware variants | | Jakub Kroustek found new Dharma ransomware variants that appends the .oral and .urs extension to encrypted files. |
| 7.3.21 | NSW Transport agency extorted by ransomware gang after Accellion attack | | The transport system for the Australian state of New South Wales has suffered a data breach after the Clop ransomware exploited a vulnerability to steal files. |
| 7.3.21 | Universal Health Services lost $67 million due to Ryuk ransomware attack | | Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million. |
| 7.3.21 | Hackers use black hat SEO to push ransomware, trojans via Google | | The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. |