The Week in Ransomware – August 19th 2022 – Evolving Extortion Tactics
This week saw the return of the BlackByte ransomware operation, which launched a new data leak site using extortion tactics similar to LockBit 3.0.
Finally, researchers found a new variant of the SOVA Android malware that includes a ransomware feature to encrypt mobile devices.
While Entrust has not responded to our queries about the attack, sources have told us that LockBit conducted the attack.
Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @LawrenceAbrams, @PolarToffee, @BleepinComputer, @Seifreed, @jorntvdw, @fwosar, @serghei, @struppigel, @FourOctets, @demonslay335, @malwrhunterteam, @Ionut_Ilascu, @malwareforme, @VK_Intel, @DanielGallagher, @juanbrodersen, @AlvieriD, @Cyberknow20, @Intel_by_KELA, @MauroEldritch, @luisezegarra, @Cleafy, and @pcrisk.
Also Read: February 2022 PDPC Incidents and Undertaking
August 13th 2022
The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.
August 15th 2022
Argentina’s Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new ‘Play’ ransomware operation.
August 16th 2022
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6m consumers daily, has issued a statement confirming IT disruption from a cyberattack.
IceFire Ransomware launches data leak site
PCrisk found a bunch of new STOP ransomware variants that append the .qqlc, .qqlo, and .qqmt extensions.
PCRisk found new VoidCrypt variants that append the .dark and .Angry extensions and drops a ransom note named unlock-info.txt.
PCRisk found a new Chaos ransomware variant that appends the .sex extension and drops a ransom note named read_it.txt.
August 17th 2022
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit.
SANS has published the videos from their ransomware summit.
According to court documents, Dubnikov and his co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the United States and abroad. Specifically, Dubnikov and his accomplices laundered ransom payments extracted from victims of Ryuk ransomware attacks.
August 18th 2022
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.
August 19th 2022
The ransomware attack suffered by the Judiciary of Córdoba last Friday left the Justice of that province in limbo. Since then, the systems team has been working amid the chaos to recover the sequestered information: password changes, USB port blockages, suspension of Exchange email and interruption of communications between users to prevent the spread of the virus.
PCrisk found a new STOP ransomware variant that appends the .qqri extension.