In a message to affiliate, the DarkSide gang announced they were shutting down their RaaS, and would provide decryptors for unpaid victims to affiliates.
Ransomware News 2021 May - Úvod 2020 2019 2018 0 1 2 3
2021 - January February March April May June July August September October November December 2021 - January February March April May June July August September October November December
H Ransomware Jak útočí Klany Techniky Obrana Popisky Anti-Ramson Tool Rescue plan Anti-ransomware vaccine RansomFree Prevence Video Vývoj
| 5.2021 | US charges Latvian for helping develop the Trickbot malwar | | The US Department of Justice (DOJ) announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization. |
| 5.2021 | New Dharma Ransomware variants | | Jakub Kroustek found two new Dharma ransomware variants that append the .cnc and the .PARTY extensions. |
| 5.2021 | Hackers Breached Colonial Pipeline Using Compromised Password | | The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack. |
| 5.2021 | Phishing uses Colonial Pipeline ransomware lures to infect victims | | The recent ransomware attack on Colonial Pipeline inspired a threat actor to create a new phishing lure to trick victims into downloading malicious files. |
| 5.2021 | Fujifilm confirms ransomware attack disrupted business operations | | Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations. |
| 5.2021 | Meat giant JBS now fully operational after ransomware attack | | JBS, the world's largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend. |
| 5.2021 | Exclusive: U.S. to give ransomware hacks similar priority as terrorism | | The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters. |
| 5.2021 | Live streams go down across Cox radio & TV stations in apparent ransomware attack | | Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, have gone down earlier today in what multiple sources have described as a ransomware attack. |
| 5.2021 | UF Health Florida hospitals back to pen and paper after cyberattack | | UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network. |
| 5.2021 | Scripps Health notifies patients of data breach after ransomware attack | | Nonprofit healthcare provider, Scripps Health in San Diego, has disclosed a data breach exposing patient information after suffering a ransomware attack last month. |
| 5.2021 | White House urges businesses to "take ransomware crime seriously" | | The White House has urged business leaders and corporate executives to take ransomware attacks seriously in a letter issued by Anne Neuberger, the National Security Council's chief cybersecurity adviser. |
| 5.2021 | Massachusetts' largest ferry service hit by ransomware attack | | The Steamship Authority, Massachusetts' largest ferry service, was hit by a ransomware attack on Wednesday which led to ticketing and reservation disruptions. |
| 5.2021 | FBI: REvil cybergang behind the JBS ransomware attack | | The Federal Bureau of Investigations has officially stated that the REvil operation, aka Sodinokibi, is behind the ransomware attack targeting JBS, the world's largest meat producer. |
| 5.2021 | FUJIFILM shuts down network after suspected ransomware attack | | FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread. |
| 5.2021 | US: Russian threat actors likely behind JBS ransomware attack | | The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia. |
| 5.2021 | Food giant JBS Foods shuts down production after cyberattac | | JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack. |
| 5.2021 | New STOP ransomware varian | | dnwls0719 found a new STOP ransomware variant that appends the .paas extension and drops a ransom note named _readme.txt. |
| 5.2021 | New Matrix Ransomware variant | | dnwls0719 found a new Matrix Ransomware variant that appends the .MMTA extension and drops a ransom note named #MMTA_README#.rtf. |
| 5.2021 | New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers | | A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network. |
| 5.2021 | Ransomware gangs' slow decryptors prompt victims to seek help | | Recently, two highly publicized ransomware victims received a decryptor that was too slow to make it effective in quickly restoring the victim's network. |
| 5.2021 | US announces new security directive after critical pipeline hack | | The US Department of Homeland Security (DHS) has announced new pipeline cybersecurity requirements after the largest fuel pipeline in the United States was forced to shut down operations in early May following a ransomware attack. |
| 5.2021 | New Motocos Ransomware | | dnwls0719 found the Motocos Ransomware that appends the .mo2 extension and drops a ransom note named Readme.txt, Motocos_Readme.txt, and Ransomware_Readme.txt. |
| 5.2021 | Avaddon: Loot of at least a million dollars since early May | | This ransomware has been increasingly popular with cybercriminals since March. The number of victims not paying is increasing. But the traces of payments suggest a worrying situation. |
| 5.2021 | Canada Post hit by data breach after supplier ransomware attack | | Canada Post has informed 44 of its large commercial customers that a ransomware attack on a third-party service provider exposed shipping information for their customers. |
| 5.2021 | A Note from the Bitdefender Labs Team on Ransomware and Decryptors | | The news this week about our release of a decryptor for Darkside in January 2021 has sparked a conversation about whether researchers (including those who work for cybersecurity companies) should communicate the release of ransomware decryptors to the public. In the security industry, debate helps us all improve our defense, and we encourage and welcome this dialog. |
| 5.2021 | Iranian hacking group targets Israel with wiper disguised as ransomware | | An Iranian hacking group has been observed camouflaging destructive attacks against Israeli targets as ransomware attacks while maintaining access to victims' networks for months in what looks like an extensive espionage campaign. |
| 5.2021 | The Colonial pipeline ransomware hackers had a secret weapon: self-promoting cybersecurity firms | | On January 11, antivirus company Bitdefender said it was “happy to announce” a startling breakthrough. It had found a flaw in the ransomware that a gang known as DarkSide was using to freeze computer networks of dozens of businesses in the US and Europe. Companies facing demands from DarkSide could download a free tool from Bitdefender and avoid paying millions of dollars in ransom to the hackers. |
| 5.2021 | Zeppelin ransomware comes back to life with updated versions | | The developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and started to advertise new versions of the malware. |
| 5.2021 | Audio maker Bose discloses data breach after ransomware attac | | Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company's systems in early March. |
| 5.2021 | New Dharma Ransomware variant | | Jakub Kroustek found a new Dharma Ransomware variant that appends the .rdp extension. |
| 5.2021 | Toyota rear-ended by twin cyber attacks that left ransomware-shaped dents | | The first hit the European operations of its subsidiary Daihatsu Diesel Company, a Toyota-owned company entity that designs engines. In a statement [PDF] dated May 16th, Daihatsu said it “experienced a problem in accessing its file server in the internal system on 14 May 2021.” |
| 5.2021 | QNAP confirms Qlocker ransomware used HBS backdoor accoun | | QNAP is advising customers to update the HBS 3 disaster recovery app to block Qlocker ransomware attacks targeting their Internet-exposed Network Attached Storage (NAS) devices. |
| 5.2021 | FBI: Conti ransomware attacked 16 US healthcare, first responder orgs | | The Federal Bureau of Investigation (FBI) says the Conti ransomware gang has attempted to breach the networks of over a dozen U.S. healthcare and first responder organizations. |
| 5.2021 | DarkSide affiliates claim gang's bitcoin deposit on hacker forum | | Since the DarkSide ransomware operation shut down a week ago, multiple affiliates have complained about not getting paid for past services and issued a claim for bitcoins in escrow at a hacker forum. |
| 5.2021 | New STOP ransomware variant | | dnwls0719 found a new STOP ransomware variant that appends the .nusm extension. |
| 5.2021 | CNA Financial Paid $40 Million in Ransom After March Cyberattack | | CNA Financial Corp., among the largest insurance companies in the U.S., paid $40 million in late March to regain control of its network after a ransomware attack, according to people with knowledge of the attack. |
| 5.2021 | Irish High Court issues injunction to prevent HSE data leak | | The High Court of Ireland has issued an injunction against the Conti Ransomware gang, demanding that stolen HSE data be returned and not sold or published. |
| 5.2021 | Microsoft: Massive malware campaign delivers fake ransomware | | A massive malware campaign pushed the Java-based STRRAT remote access trojan (RAT), known for its data theft capabilities and the ability to fake ransomware attacks. |
| 5.2021 | Conti ransomware gives HSE Ireland free decryptor, still selling data | | The Conti ransomware gang has released a free decryptor for Ireland’s health service, the HSE, but warns that they will still sell or release the stolen data. |
| 5.2021 | New Dharma Ransomware variant | | Jakub Kroustek found a new Dharma Ransomware variant that appends the .root extension to encrypted files. |
| 5.2021 | Qlocker ransomware shuts down after extorting hundreds of QNAP users | | The Qlocker ransomware gang has shut down their operation after earning $350,000 in a month by exploiting vulnerabilities in QNAP NAS devices. |
| 5.2021 | MountLocker ransomware uses Windows API to worm through networks | | The MountLocker ransomware operation now uses enterprise Windows Active Directory APIs to worm through networks. |
| 5.2021 | DarkSide ransomware made $90 million in just nine months | | The DarkSide ransomware gang has collected at least $90 million in ransoms paid by its victims over the past nine months to multiple Bitcoin wallets. |
| 5.2021 | New Ducky Virus ransomware | | dnwls0719 found a new ransomware called Ducky Virus that appends the .ducky extension and drops ransom notes named RECOVER YOUR FILES.hta and RECOVER YOUR FILES.txt. |
| 5.2021 | Conti ransomware also targeted Ireland's Department of Health | | The Conti ransomware gang failed to encrypt the systems of Ireland's Department of Health (DoH) despite breaching its network and dropping Cobalt Strike beacons to deploy their malware across the network. |
| 5.2021 | Ransomware victim shows why transparency in attacks matter | | As devastating ransomware attacks continue to have far-reaching consequences, companies still try to hide the attacks rather than be transparent. Below we highlight a company's response to an attack that should be used as a model for all future disclosures. |
| 5.2021 | Insurer AXA hit by ransomware after dropping support for ransom payments | | Branches of insurance giant AXA based in Thailand, Malaysia, Hong Kong, and the Philippines have been struck by a ransomware cyber attack. |
| 5.2021 | New Stop Ransomware variant | | LittleRedBean found a new STOP ransomware variant that appends the .igvm extension. |
| 5.2021 | New Dharma Ransomware variant | | Jakub Kroustek found a new Dharma Ransomware variant that appends the .eye extension to encrypted files. |
| 5.2021 | Ireland's Health Services hit with $20 million ransomware demand | | Ireland’s health service, the HSE, says they are refusing to pay a $20 million ransom demand to the Conti ransomware gang after the hackers encrypted computers and disrupted health care in the country. |
| 5.2021 | Apex America hit by Sodinokibi ransomware | | That’s how they describes themselves. The threat actors known as REvil (Sodinokibi) describe them as targets who have so far refused to pay ransom demands. |
| 5.2021 | QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day | | QNAP warns customers of an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage (NAS) devices. |
| 5.2021 | DarkSide ransomware servers reportedly seized, operation shuts down | | The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In a message to affiliate, the DarkSide gang announced they were shutting down their RaaS, and would provide decryptors for unpaid victims to affiliates. |
| 5.2021 | Irish healthcare shuts down IT systems after Conti ransomware attack | | Ireland's Health Service Executive (HSE), the country's publicly funded healthcare system, has shut down all IT systems after its network was breached in a ransomware attack. |
| 5.2021 | Popular Russian hacking forum XSS bans all ransomware topics | | One of the most popular Russian-speaking hacker forums, XSS, has banned all topics promoting ransomware to prevent unwanted attention. |
| 5.2021 | Chemical distributor pays $4.4 million to DarkSide ransomware | | Chemical distribution company Brenntag paid a $4.4 million ransom in Bitcoin to the DarkSide ransomware gang to receive a decryptor for encrypted files and prevent the threat actors from publicly leaking stolen data. |
| 5.2021 | Insurance giant CNA fully restores systems after ransomware attack | | Leading US-based insurance company CNA Financial has fully restored systems following a Phoenix CryptoLocker ransomware attack that disrupted its online services and business operations during late March. |
| 5.2021 | Meet Lorenz — A new ransomware gang targeting the enterprise | | A new ransomware operation known as Lorenz targets organizations worldwide with customized attacks demanding hundreds of thousands of dollars in ransoms. |
| 5.2021 | Colonial Pipeline restores operations, $5 million ransom demanded | | Colonial Pipeline has recovered quickly from the ransomware attack suffered less than a week ago and expects all its infrastructure to be fully operational today. |
| 5.2021 | Biden issues executive order to increase U.S. cybersecurity defenses | | President Biden signed an executive order Wednesday to modernize the country's defenses against cyberattacks and give more timely access to information necessary for law enforcement to conduct investigations. |
| 5.2021 | Darkside: an increasingly used ransomware ... with a high success rate | | Darkside ransomware recently came into the spotlight with the attack on Colonial Pipeline , the operator of a critical oil pipeline across the Atlantic. But he actually started his career sometime last summer, rather quietly. According to our observations, its operators devote a new page to each victim, specifying the date when the encryption load was triggered. The web pages are numbered, which gives an idea of the acceleration in the pace of attacks conducted with Darkside in recent months. |
| 5.2021 | Shining a Light on DARKSIDE Ransomware Operations | | Since initially surfacing in August 2020, the creators of DARKSIDE ransomware and their affiliates have launched a global crime spree affecting organizations in more than 15 countries and multiple industry verticals. Like many of their peers, these actors conduct multifaceted extortion where data is both exfiltrated and encrypted in place, allowing them to demand payment for unlocking and the non-release of stolen data to exert more pressure on victims. |
| 5.2021 | Ransomware gang leaks data from Metropolitan Police Department | | Babuk Locker ransomware operators have leaked personal files belonging to police officers from the Metropolitan Police Department (also known as MPD or DC Police) after negotiations went stale. |
| 5.2021 | City of Tulsa's online services disrupted in ransomware incident | | The City of Tulsa, Oklahoma, has suffered a ransomware attack that forced the City to shut down its systems to prevent the further spread of the malware. |
| 5.2021 | US and Australia warn of escalating Avaddon ransomware attacks | | The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) are warning of an ongoing Avaddon ransomware campaign targeting organizations from an extensive array of sectors in the US and worldwide. |
| 5.2021 | DarkSide ransomware will now vet targets after pipeline cyberattack | | The DarkSide ransomware gang posted a new "press release" today stating that they are apolitical and will vet all targets before they are attacked. |
| 5.2021 | US declares state of emergency after ransomware hits largest pipeline | | After a ransomware attack on Colonial Pipeline forced the company to shut down 5,500 miles of fuel pipeline, the Federal Motor Carrier Safety Administration (FMCSA) issued a regional emergency declaration affecting 17 states and the District of Columbia. |
| 5.2021 | New LegionLocker version | | dnwls0719 found a new version of LegionLocker 3.0 that appends the .LGNLCKD extension and drops a ransom note named LegionReadMe.txt. |
| 5.2021 | New STOP ransomware variant | | Amigo-A found a new STOP ransomware variant that appends the .pcqq extension. |
| 5.2021 | Largest U.S. pipeline shuts down operations after ransomware attack | | Colonial Pipeline, the largest fuel pipeline in the United States, has shut down operations after suffering what is reported to be a ransomware attack. |
| 5.2021 | Ransomware gangs have leaked the stolen data of 2,100 companies so far | | Since 2019, ransomware gangs have leaked the stolen data for 2,103 companies on dark web data leaks sites. |
| 5.2021 | Insurer AXA halts ransomware crime reimbursement in France | | In an apparent industry first, the global insurance company AXA said Thursday it will stop writing cyber-insurance policies in France that reimburse customers for extortion payments made to ransomware criminals. |
| 5.2021 | New GoNNaCry ransomware | | dnwls0719 found a ransomware that appends the .GoNNaCry extension. |
| 5.2021 | Cuba Ransomware partners with Hancitor for spam-fueled attacks | | The Cuba Ransomware gang has teamed up with the spam operators of the Hancitor malware to gain easier access to compromised corporate networks. |
| 5.2021 | Data leak marketplaces aim to take over the extortion economy | | Cybercriminals are embracing data-theft extortion by creating dark web marketplaces that exist solely to sell stolen data. |
| 5.2021 | Darkside Ransomware Overview | | This is my report for one of the latest Windows samples of Darkside Ransomware v1.8.6.2! |
| 5.2021 | A student pirating software led to a full-blown Ryuk ransomware attack | | A student's attempt to pirate an expensive data visualization software led to a full-blown Ryuk ransomware attack at a European biomolecular research institute. |
| 5.2021 | They Told Their Therapists Everything. Hackers Leaked It All | | “If we receive €200 worth of Bitcoin within 24 hours, your information will be permanently deleted from our servers,” the email said in Finnish. If Jere missed the first deadline, he’d have another 48 hours to fork over €500, or about $600. After that, “your information will be published for all to see.” |
| 5.2021 | Cuba Ransomware Group on a Roll | | At the end of 2020, our team, made up of SecurityJoes and Profero incident responders, led an investigation into a complex attack in which hundreds of machines were encrypted, knocking the victim company offline completely. The threat actors behind the attack deployed the Cuba ransomware across the corporate network, using a mixture of PowerShell scripts, SystemBC, and Cobalt Strike to propagate it. Cuba Ransomware utilizes the symmetric ChaCha20 algorithm for encrypting files, and the asymmetric RSA algorithm for encrypting key information |
| 5.2021 | New STOP Ransomware variant | | Michael Gillespie has found a new STOP Ransomware variant that appends the .rejg extension. |
| 5.2021 | New Toxin Ransomware sold on hacker forums | | 3xp0rt noticed that a new Toxin Ransomware was being promoted on hacking forums.May 5th 2021 |
| 5.2021 | New WastedLocker variant | | dnwls0719 found a WastedLocker variant that appends the .saverswasted extension. |
| 5.2021 | New Henry Ransomware | | dnwls0719 found the new Henry Ransomware that appends the .henry217 extension. |
| 5.2021 | New Galaxy Ransomware | | Yelisey Boguslavskiy discovered that a new Galaxy Ransomware operation was getting ready to launch and would be stealing data from victims. |
| 5.2021 | New Nitro Ransomware variant | | MalwareHunterTeam found a new Nitro Ransomware variant calling itself 'ArchAngel Ransomware.' |
| 5.2021 | N3TW0RM ransomware emerges in wave of cyberattacks in Israel | | A new ransomware gang known as 'N3TW0RM' is targeting Israeli companies in a wave of cyberattacks starting last week. |
| 5.2021 | Health care giant Scripps Health hit by ransomware attack | | Nonprofit health care provider Scripps Health in San Diego is currently dealing with a ransomware attack that forced the organization to suspend user access to its online portal and switch to alternative methods for patient care operations. |