The Week in Ransomware – June sixteenth 2023

Person being extorted

The MOVEit Switch extortion assaults proceed to dominate the information cycle, with the Clop ransomware operation now extorting organizations breached within the assaults.

On Wednesday, the Clop gang started listing the names of breached organizations, warning that information could be leaked in seven days if a ransom was not negotiated.

Many organizations have determined to reveal the breaches quite than negotiating, warning impacted those who their information was uncovered.

Identified impacted organizations embrace US federal agencies, the Louisiana and Oregon DMVs, Zellis (BBC, Boots, and Aer Lingus, Ireland’s HSE by way of Zellis), the College of Rochester, the government of Nova Scotia, the US state of Missouri, the US state of Illinois, BORN Ontario, Ofcam, Extreme Networks, and the American Board of Internal Medicine.

As for Clop, they’ve now listed thirty-seven organizations impacted by the MOVEit breaches on their web site, hoping it is going to stress them to barter.

This week’s different massive information is the FBI arresting a LockBit affiliate in Arizona simply as CISA warned that the ransomware operation extorted over $90 million in 1,700 assaults on US organizations.

We additionally discovered extra about ransomware assaults this week, with the Medusa operation extorting Argentina’s National Securities Commission (CNV) and Rhysida ransomware leaking data stolen from the Chilean Army.

Contributors and those that offered new ransomware data and tales this week embrace: @billtoulas, @DanielGallagher, @malwrhunterteam, @BleepinComputer, @VK_Intel, @LawrenceAbrams, @PolarToffee, @struppigel, @jorntvdw, @Ionut_Ilascu, @FourOctets, @serghei, @fwosar, @Seifreed, @malwareforme, @demonslay335, @AuCyble, @pcrisk, @FortiGuardLabs, @1ZRR4H, @SentinelOne, @SttyK, @juanbrodersen, @AShukuhi@BrettCallow, @Jon__DiMaggio, and @snlyngaas.

June eleventh 2023

Hackers add the National Securities Commission to their list of victims: they say they have sensitive data

A bunch of cybercriminals claims to have 1.5 TB (1,500 gigabytes) of knowledge from the Nationwide Securities Fee (CNV) , the official physique that oversees markets all through the nation. Medusa, the identical ransomware cartel that encrypted Garbarino’s information in March of this 12 months, is asking for $500,000 and giving a interval of 1 week to publish the information.

June twelfth 2023

New STOP ransomware variants

PCrisk discovered new STOP ransomware variants that append the .ahui, .ahgr, and .ahtw extensions.

New Chaos ransomware variant

PCrisk discovered a brand new Chaos ransomware variant that appends the .minime extension.

June thirteenth 2023

New Chaos ransomware variant

PCrisk discovered a brand new Chaos ransomware variant that appends the .LMAO extension and drops a ransom be aware named read_it.txt.

June 14th 2023

CISA: LockBit ransomware extorted $91 million in 1,700 U.S. attacks

U.S. and worldwide cybersecurity authorities stated in a joint LockBit ransomware advisory that the gang efficiently extorted roughly $91 million following roughly 1,700 assaults in opposition to U.S. organizations since 2020.

WannaCry ransomware impersonator targets Russian “Enlisted” FPS players

A ransomware operation targets Russian gamers of the Enlisted multiplayer first-person shooter, utilizing a pretend web site to unfold trojanized variations of the sport.

New Techniques: Uncovering Tor Hidden Service with Etag

Report on discovering the general public IP tackle for a RagnarLocker Tor website.

This investigation was performed primarily by way of publicly obtainable Open supply intelligence providers resembling Shodan, in addition to by way of underground group sources. The associated server has already been shut down, and the particular person believed to be the suspect has been indicted, which prompted the discharge of the report. The de-anonymization methodology utilizing Etag is nearly unknown to the general public, and I imagine that it’s a precious contribution to the group.

June fifteenth 2023

Clop ransomware gang starts extorting MOVEit data-theft victims

The Clop ransomware gang has began extorting corporations impacted by the MOVEit information theft assaults, first itemizing the corporate’s names on a knowledge leak website—an often-employed tactic earlier than public disclosure of stolen data

Suspected LockBit ransomware affiliate arrested, charged in US

Russian nationwide Ruslan Magomedovich Astamirov was arrested in Arizona and charged by the U.S. Justice Division for allegedly deploying LockBit ransomware on the networks of victims in the USA and overseas.

Rhysida ransomware leaks documents stolen from Chilean Army

Risk actors behind a lately surfaced ransomware operation referred to as Rhysida have leaked on-line what they declare to be paperwork stolen from the community of the Chilean Military (Ejército de Chile).

US government agencies hit in global cyberattack

Editor’s be aware: Extra MOVEit Assaults.

A number of US federal authorities companies have been hit in a global cyberattack by Russian cybercriminals that exploits a vulnerability in broadly used software program, in response to a prime US cybersecurity company.

June sixteenth 2023

Millions of Oregon, Louisiana state IDs stolen in MOVEit breach

Louisiana and Oregon warn that thousands and thousands of driver’s licenses had been uncovered in a knowledge breach after a ransomware gang hacked their MOVEit Switch safety file switch programs to steal saved information.

Ransomware Roundup — Big Head

FortiGuard Labs got here throughout two new ransomware variants, “Huge Head” and one other doubtless utilized by the identical attacker, concentrating on shoppers to extort cash.

That is it for this week! Hope everybody has a pleasant weekend!

Leave a Reply

Your email address will not be published. Required fields are marked *