July 23, 2024


Forever Driven Computer

The Week in Ransomware – November 18th 2022

The Week in Ransomware – November 18th 2022

Lock with chains

There have been some intriguing developments in ransomware this week, with the arrest of a cybercrime ring leader and studies shedding light-weight on two new, but up-and-coming,  ransomware functions.

One of the largest stories this week is the arrest of Ukrainian Vyacheslav Igorevich Penchukov, aka ‘Tank,’ for his alleged function as a chief in the JabberZeus cybercrime gang that operated the Zeus malware botnet.

Penchukov is also thought to be 1 of the managers of the infamous Maze ransomware procedure, which popularized double-extortion attacks.

Other news this 7 days are new studies on mounting ransomware functions:

Ultimately, Ukraine says that a new Somnia ransomware is getting used in assaults, CISA/FBI warned Iranian hackers breached a federal company, and the FBI warned that Hive ransomware experienced manufactured about $100 million in ransom payments.

Contributors and people who supplied new ransomware information and stories this 7 days involve: @struppigel, @Ionut_Ilascu, @malwareforme, @malwrhunterteam, @DanielGallagher, @serghei, @jorntvdw, @fwosar, @LawrenceAbrams, @PolarToffee, @demonslay335, @FourOctets, @billtoulas, @VK_Intel, @BleepinComputer, @pcrisk, @Seifreed, @GeeksCyber, @BlackBerry, @ahnlab, and @MsftSecIntel.

November 13th 2022

Ukraine claims Russian hacktivists use new Somnia ransomware

Russian hacktivists have contaminated various businesses in Ukraine with a new ransomware strain known as ‘Somnia,’ encrypting their units and triggering operational problems.

November 14th 2022

A Complex Examination of Royal Ransomware

Royal ransomware is a recent danger that appeared in 2022 and was specifically active all through the latest months. The ransomware deletes all Quantity Shadow Copies and avoids unique file extensions and folders. It encrypts the community shares found in the neighborhood network as well as the regional drives. A parameter termed “-id” that identifies the target and is also written in the ransom be aware must be specified in the command line.

Australia to contemplate banning paying of ransoms to cyber criminals

Australia’s House Affairs Minister Clare O’Neil on Sunday stated the government would take into consideration building illegal the paying of ransoms to cyber hackers, pursuing recent cyber attacks impacting tens of millions of Australians.

New Phobos ransomware variant

PCrisk located a new Phobos variant that appends the .faust extension to encrypted files and drops ransom notes named facts.txt and details.hta.

New End ransomware variants

PCrisk observed new Cease ransomware variants that append the .fatp and .fate extensions to encrypted information.

New Xorist ransomware variant

PCrisk identified a new Xorist variant that appends the .ZeRy extension and drops a ransom take note title HOW TO DECRYPT Information.txt.

November 16th 2022

Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police

Vyacheslav Igorevich Penchukov, also identified as Tank and a person of the leaders of the infamous JabberZeus cybercrime gang, was arrested in Geneva final month.

US govt: Iranian hackers breached federal company using Log4Shell exploit

The FBI and CISA disclosed in a joint advisory printed now that an unnamed Iranian-backed risk team hacked a Federal Civilian Executive Branch (FCEB) group to deploy XMRig cryptomining malware.

DAGON LOCKER Ransomware Getting Distributed

It was found out that the DAGON LOCKER ransomware (hereinafter referred to as “DAGON”) is getting dispersed in Korea. It was initially found via AhnLab ASD infrastructure’s suspicious ransomware habits block heritage. In Oct, it was also reported to AhnLab as a suspicious file by a Korean firm. DAGON is frequently dispersed as a result of phishing mails or as an attachment to e-mails, but because it is a ransomware-as-a-service, the distribution route and focus on can range according to the threat actor.

New VoidCrypt variant

PCrisk found a new VoidCrypt variant that appends the .DRCRM extension and drops a ransom note named Read.txt.

New Anthraxbulletproof variant

PCrisk uncovered a new ‘Anthraxbulletproof ‘ ransomware primarily based on Chaos that appends the .Anthraxbulletproof extension and drops a ransom notice named examine_it.txt.

November 17th 2022

Formerly unknown ARCrypter ransomware expands all over the world

A previously unknown ‘ARCrypter’ ransomware that compromised critical corporations in Latin The usa is now increasing its assaults around the globe.

FBI: Hive ransomware extorted $100M from more than 1,300 victims

The Federal Bureau of Investigation (FBI) reported nowadays that the infamous Hive ransomware gang has efficiently extorted around $100 million from above a thousand firms since June 2021.

DEV-0569 finds new means to deliver Royal ransomware, a variety of payloads

Recent activity from the menace actor that Microsoft tracks as DEV-0569, acknowledged to distribute a variety of payloads, has led to the deployment of the Royal ransomware, which initially emerged in September 2022 and is being dispersed by multiple danger actors. Observed DEV-0569 attacks demonstrate a sample of steady innovation, with typical incorporation of new discovery approaches, defense evasion, and numerous put up-compromise payloads, alongside rising ransomware facilitation.

November 18th 2022

New Satana ransomware variant

PCrisk discovered a new SATANA ransomware variant that appends the .Sex3 extension and drops a ransom notice named !satana!.txt.

That is it for this 7 days! Hope all people has a good weekend!