It was a really busy week for ransomware information and assaults, particularly with the disclosure that Cisco was breached by a menace actor affiliated with the Yanluowang ransomware gang.
On Wednesday, the Yanluowang ransomware gang claimed to have breached Cisco’s community and stolen 2.8 GB of information from the corporate, later telling BleepingComputer {that a} complete of 55GB was stolen.
Whereas the precise quantity of information couldn’t be verified, Cisco confirmed that they suffered a community breach that allowed the menace actor to steal knowledge from a Field account and acquire admin entry to their area.
Different assaults we discovered extra about this week had been on 7-Eleven Denmark, ista Worldwide, and Superior MSP, inflicting an outage for the UK’s NHS.
Researchers had been additionally busy this week, with studies launched on how ransomware gangs are transferring to callback social engineering assaults, that Cuba ransomware is utilizing a brand new RAT malware, a report on BlueSky, and that Zeppelin has been seen encrypting gadgets a number of occasions in a single assault.
Lastly, the US authorities printed an image of a Conti ransomware member for the primary, asking individuals to supply information on members named ‘Goal,’ ‘Tramp,’ ‘Dandis,’ ‘Professor,’ and ‘Reshaev.’ The State Division is providing a reward of as much as $10 million for data resulting in their location, journey plans, and id.
Contributors and those that supplied new ransomware data and tales this week embrace: @demonslay335, @Ionut_Ilascu, @PolarToffee, @malwareforme, @LawrenceAbrams, @DanielGallagher, @VK_Intel, @fwosar, @struppigel, @Seifreed, @BleepinComputer, @billtoulas, @serghei, @malwrhunterteam, @FourOctets, @jorntvdw, @fiskerlarsen, @Sophos, @y_advintel, @AdvIntel, @Cyberknow20, @kaspersky, @PaloAltoNtwks, @AhnLab_SecuInfo, @ReversingLabs, @pcrisk, @Amigo_A_, @jamiemaccol, @Jarnecki, and @PogoWasRight.
August sixth 2022
New GwisinLocker ransomware encrypts Home windows and Linux ESXi servers
A brand new ransomware household known as ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical firms with Home windows and Linux encryptors, together with assist for encrypting VMware ESXi servers and digital machines.
August eighth 2022
7-Eleven shops in Denmark closed resulting from a cyberattack
7-Eleven shops in Denmark shut down at the moment after a cyberattack disrupted shops’ fee and checkout techniques all through the nation.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos variants that append the .FLSCRYPT and .BITCOINPAYMENT extensions to encrypted information.
New World2022 ransomware
PCrisk discovered a brand new ransomware known as World2022 that appends .world2022decoding and drops a ransom notice named WE CAN RECOVER YOUR DATA.MHT.
August ninth 2022
Maui ransomware operation linked to North Korean ‘Andariel’ hackers
The Maui ransomware operation has been linked to the North Korean state-sponsored hacking group ‘Andariel,’ recognized for utilizing malicious cyber actions to generate income and inflicting discord in South Korea.
New VoidCrypt variants
PCrisk discovered new VoidCrypt variants that append the .Daz and .Oiltraffic extensions.
New MedusaLocker variant
PCrisk discovered a brand new MedusaLocker ransomware variant that appends the .readlockfiles and drops a ransom notice named HOW_TO_RECOVER_DATA.html.
August tenth 2022
Cisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen
Cisco confirmed at the moment that the Yanluowang ransomware group breached its company community in late Could and that the actor tried to extort them underneath the specter of leaking stolen information on-line.
7-Eleven Denmark confirms ransomware assault behind retailer closures
7-Eleven Denmark has confirmed {that a} ransomware assault was behind the closure of 175 shops within the nation on Monday.
Ransomware gangs transfer to ‘callback’ social engineering assaults
No less than three teams break up from the Conti ransomware operation have adopted BazarCall phishing techniques as the first technique to realize preliminary entry to a sufferer’s community.
Automotive provider breached by 3 ransomware gangs in 2 weeks
An automotive provider had its techniques breached and information encrypted by three completely different ransomware gangs over two weeks in Could, two of the assaults taking place inside simply two hours.
Hacker makes use of new RAT malware in Cuba Ransomware assaults
A member of the Cuba ransomware operation is using beforehand unseen techniques, methods, and procedures (TTPs), together with a novel RAT (distant entry trojan) and a brand new native privilege escalation instrument.
BlueSky Ransomware: Quick Encryption through Multithreading
BlueSky ransomware is an rising household that has adopted fashionable methods to evade safety defenses.
ista Worldwide takes techniques offline in wake of ransomware assault
Daixin Workforce claims hundreds of servers encrypted
New FileRec ransomware
Amigo-A discovered a brand new FileRec ransomware that appends the .filerec extension and drops a ransom notice named filerec.txt.
August eleventh 2022
UK NHS service restoration might take a month after MSP ransomware assault
Managed service supplier (MSP) Superior confirmed {that a} ransomware assault on its techniques disrupted emergency providers (111) from the UK’s Nationwide Well being Service (NHS).
FBI: Zeppelin ransomware might encrypt gadgets a number of occasions in assaults
The Cybersecurity and Infrastructure Safety Company (CISA) and the Federal Bureau of Investigation (FBI) warned US organizations at the moment that attackers deploying Zeppelin ransomware may encrypt their information a number of occasions.
US govt pays you $10 million for information on Conti ransomware members
The U.S. State Division introduced a $10 million reward at the moment for data on 5 high-ranking Conti ransomware members, together with exhibiting the face of one of many members for the primary time.
August twelfth 2022
Ransomware Now Threatens the World South
Traditionally, ransomware has focused various high-value sectors – finance, skilled providers, the general public sector – in rich nations, concentrating on the US and different G7 members. Current assaults on nations reminiscent of Costa Rica, South Africa, Malaysia, Peru, Brazil and India illustrate the elevated menace to governments, crucial nationwide infrastructure suppliers and companies in middle-income and growing nations. Ransomware presents a threat to those nations’ growth, financial progress and political stability by disrupting commerce and the supply of important providers.
That is it for this week! Hope everybody has a pleasant weekend!