The Week in Ransomware - December 1st 2023 - Police hits affiliates

Trending 3 months ago

Police arresting a hacker

An all-embracing law administration operation claims to accept dismantled a ransomware accessory operation in Ukraine, which was amenable for attacks on organizations in 71 countries.

The blackmail actors are said to be affiliates of abundant ransomware operations, including LockerGoga, MegaCortex, HIVE, and Dharma. This cybercriminal operation is said to accept led to the accident of hundreds of millions of euros.

The law administration operation occurred on November 21st, with accommodating raids in 30 locations in Kyiv, Cherkasy, Rivne, and Vinnytsia. As a aftereffect of the operation, badge arrested the group's declared agitator and four of his accomplices.

Of accurate absorption is that Norway was complex in the operation, authoritative cybersecurity advisers accept that this accessory accumulation may accept been abaft the Norsk Hydro attack, which complex the LockerGoga ransomware.

However, a threat abecedarian acknowledged those rumors on the Russian-speaking XSS hacking forum, claiming that the accessory accumulation had annihilation to do with the attack. The blackmail abecedarian added claims to be the one who gave a badge bombinate the feel in the below video of the law administration operation.

In added news, ransomware attacks accept been surging, with added advice about attacks actuality appear this week.

This includes attacks on the Ethyrial: Echoes of Yore bold developer, Ardent Health Services, Slovenia's better ability provider HSE, and a re-encryption of healthcare behemothic Henry Schein as abuse for allegedly not advantageous the ransom.

We additionally abstruse that the attack on DP World did not absorb encryption. However, it could accept been a ransomware advance that was chock-full afore encryptors were deployed.

Finally, advisers appear some absorbing advice about ransomware, including Cactus ransomware exploiting Qlik Sense flaws to aperture networks, and Black Basta ransomware believed to accept made over $100 million.

Contributors and those who provided new ransomware advice and belief this anniversary include: @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @billtoulas, @serghei, @Seifreed, @BleepinComputer, @demonslay335, @fwosar, @pcrisk, @CorvusInsurance, @elliptic, @AWNetworks, @ShadowStackRE, @ddd1ms, @3xp0rtblog, @jgreigj, and @BrettCallow.

November 27th 2023

Healthcare behemothic Henry Schein hit alert by BlackCat ransomware

American healthcare aggregation Henry Schein has appear a additional cyberattack this ages by the BlackCat/ALPHV ransomware gang, who additionally breached their arrangement in October.

Ransomware advance on indie bold maker wiped all amateur accounts

A ransomware advance on the "Ethyrial: Echoes of Yore" MMORPG aftermost Friday destroyed 17,000 amateur accounts, deleting their in-game items and advance in the game.

Ardent hospital ERs disrupted in 6 states afterwards ransomware attack

Ardent Health Services, a healthcare provider operating 30 hospitals above six U.S. states, appear today that its systems were hit by a ransomware advance on Thursday.

Slovenia's better ability provider HSE hit by ransomware attack

Slovenian ability aggregation Holding Slovenske Elektrarne (HSE) has suffered a ransomware advance that compromised its systems and encrypted files, yet the aggregation says the adventure did not agitate electric ability production.

LostTrust Ransomware analysis

The LostTrust ransomware ancestors has a adequately baby victim basin and has compromised victims beforehand this year. The encryptor has agnate characteristcs to the MetaEncryptor ransomware ancestors including cipher breeze and strings which indicates that the encryptor is a alternative from the aboriginal MetaEncryptor source.

New "MuskOff" Chaos variant

PCrisk begin a new Chaos alternative that appends the .MuskOff addendum and drops a bribe agenda called read_it.txt.

November 28th 2023

Police annihilate ransomware accumulation abaft attacks in 71 countries

In cooperation with Europol and Eurojust, law administration agencies from seven nations accept arrested in Ukraine the amount associates of a ransomware accumulation affiliated to attacks adjoin organizations in 71 countries.

Qilin ransomware claims advance on automotive behemothic Yanfeng

The Qilin ransomware accumulation has claimed albatross for a cyber advance on Yanfeng Automotive Interiors (Yanfeng), one of the world's better automotive genitalia suppliers.

DP World confirms abstracts baseborn in cyberattack, no ransomware used

International acumen behemothic DP World has accepted that abstracts was baseborn during a cyber advance that disrupted its operations in Australia beforehand this month. However, the aggregation says no ransomware payloads or encryption was acclimated in the attack.

November 29th 2023

Black Basta ransomware fabricated over $100 actor from extortion

Russia-linked ransomware assemblage Black Basta has raked in at atomic $100 actor in bribe payments from added than 90 victims back it aboriginal alike in April 2022, according to collective analysis from Corvus Insurance and Elliptic.

New STOP ransomware variants

PCrisk begin new STOP ransomware variants that adjoin the .jawr and .jazi extensions.

New Phobos ransomware variant

PCrisk begin a new Phobos alternative that appends the .LEAKDB addendum and drops a bribe addendum called info.txt and info.hta.

November 30th 2023

Cactus ransomware base Qlik Sense flaws to aperture networks

Cactus ransomware has been base analytical vulnerabilities in the Qlik Sense abstracts analytics band-aid to get antecedent acceptance on accumulated networks.

December 1st 2023

60 acclaim unions adverse outages due to ransomware advance on accepted tech provider

About 60 acclaim unions are ambidextrous with outages due to a ransomware advance on a widely-used technology provider.

New "DoctorHelp" MedusaLocker variant

PCrisk begin a new MedusaLocker alternative that appends the .doctorhelp addendum and drops a bribe agenda called How_to_back_files.html.

New Dharma ransomware variant

PCrisk begin a new Darhma alternative that appends the .intel extension.

That's it for this week! Hope anybody has a nice weekend!