News

The Week in Ransomware – January 8th 2021 – $150 million

Ransomware

Even though the holidays are over in many countries, it has been a very quiet week for ransomware. Unfortunately, ransomware activity will likely pick up shortly.

This week’s biggest news was China APT hackers starting to use ransomware and Ryuk bitcoin wallets indicating they have earned $150 million in ransom payments.

We also had victims, such as Dassault Jet and TransLink, disclosing data breaches after ransomware attacks earlier this year. Other than that, it was your standard release of new variants of existing ransomware.

Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @demonslay335, @FourOctets, @Seifreed, @struppigel, @VK_Intel, @fwosar, @malwrhunterteam, @jorntvdw, @PolarToffee, @LawrenceAbrams, @BleepinComputer, @serghei, @malwareforme, @DanielGallagher, @siri_urz, @cPeterr, @PogoWasRight, @ValeryMarchive, @IntelAdvanced, @hyasinc, @CheckPointSW, @ProferoSec, @GelosSnake, @SecurityJoes, @vxunderground, @GrujaRS, @0x4143, and @Emm_ADC_Soft.

January 2nd 2021

Apex Laboratory confirms ransomware attack; only recently discovered data theft

DataBreaches.net recently reported that Apex Laboratory Inc. had apparently been attacked by DoppelPaymer ransomware threat actors. Apex was added to their  leak site on December 15.

January 4th 2021

TransLink confirms ransomware data theft, still restoring systems

Metro Vancouver’s transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees’ banking and social security information.

China’s APT hackers move to ransomware attacks

Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.

Male chastity belt ransomware discovered

Yeah, this is real. Keeps you, uh, locked up unless you pay a ransom.

New In-dev Sharp Ransomware

GrujaRS found the new in-development Sharp ransomware that appends the .0x0M4R extension to encrypted files.

New Knot Ransomware

MalwareHunterTeam found the new Knot Ransomware that appends the .encrypted extension to encrypted files.

January 5th 2021

Babuk Locker is the first new enterprise ransomware of 2021

It’s a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks.

Ryuk ransomware is the top threat for the healthcare sector

Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent.

New COVID21 MBRLocker

S!ri found a new MBRLocker calling itself Covid21.

Covid21

New HiddenTear ransomware variant

GrujaRS found a new HiddenTear variant that appends the .ZIEBF_4561drgf extension.

New Makop ransomware variant

GrujaRS found a new Makop ransomware variant that appends the .moloch extension.

January 6th 2021

Anti-Secrecy Activists Publish a Trove of Ransomware Victims’ Data

FOR YEARS, RADICAL transparency-focused activists like WikiLeaks have blurred the line between whistle-blowing and hacking. Often, they’ve published any data they consider to be of public interest, no matter how questionable the source. But now one leak-focused group is mining a controversial new vein of secrets: the massive caches of data stolen by ransomware crews and dumped online when victims refuse to pay.

January 7th 2021

Ryuk ransomware Bitcoin wallets point to $150 million operation

Security researchers following the money circuit from Ryuk ransomware victims into the threat actor’s pockets estimate that the criminal organization made at least $150 million.

FBI warns of Egregor ransomware extorting businesses worldwide

The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.

New Solaso Ransomware

0x4143 found the new Solaso Ransomware that appends the .solaso extension and drops a ransom note named __READ_ME_TO_RECOVER_YOUR_FILES. It may be a variant of the ‘Encrp ransomware.’

January 8th 2021

Dassault Falcon Jet reports data breach after ransomware attack

Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.

New Bonsoir ransomware

Emmanuel_ADC-Soft found the new Bonsoir Ransomware that appends the .bonsoir and drops a ransom note named HOW-RECOVER-MY-FILES.txt.

New Niros Ransomware

S!ri found the new Niros Ransomware.

Niros

That’s it for this week! Hope everyone has a nice weekend!

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload the CAPTCHA.