The Week in Ransomware – December 10th 2021 – Project CODA
This week has quite a bit of ransomware news, including arrests, a new and sophisticated ransomware, and an attack bringing down 300 supermarkets in England.
This week’s biggest story is a law enforcement operation conducted by the FBI and Ontario Provincial Police (OPP) that arrested a Candian ransomware affiliate allegedly involved in hundreds of attacks.
We also learned about the new ALPHV (aka BlackCat) ransomware that appears to be one of the most sophisticated ransomware families we have seen this year.
Finally, this week’s largest known ransomware attack was on James Hall and Co, which affected point-of-sale systems and led to the temporary closing of over 300 Spar supermarkets in England. This week’s other known attack is on Nordic Choice Hotels by the Conti ransomware gang.
Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @FourOctets, @PolarToffee, @fwosar, @jorntvdw, @malwrhunterteam, @malwareforme, @LawrenceAbrams, @serghei, @Seifreed, @demonslay335, @billtoulas, @Ax_Sharma, @BleepinComputer, @VK_Intel, @DanielGallagher, @struppigel, @Boanbird, @GDATA, @pancak3lullz, @fbgwls245, @pcrisk, and @Amigo_A_, and @ValeryMarchive.
December 5th 2021
dnwls0719 found a new BigLock variant that appends the .t1000 xtension.
December 6th 2021
Approximately 330 SPAR shops in northern England face severe operational problems following a weekend cyberattack, forcing many stores to close or switch to cash-only payments.
PCrisk found two new Darhma variants that append the .Deeep and .DC extensions.
PCrisk found a new STOP ransomware variant that appends the .hgsh extension.
December 7th 2021
Nordic Choice Hotels has now confirmed a cyber attack on its systems from the Conti ransomware group.
Cerber ransomware is back, as a new ransomware family adopts the old name and targets Atlassian Confluence and GitLab servers using remote code execution vulnerabilities.
German security software company G DATA has released a vaccine that will block STOP Ransomware from encrypting victims’ files after infection.
A 31-year old Canadian national has been charged in connection to ransomware attacks against organizations in the United States and Canada, a federal indictment unsealed today shows.
December 8th 2021
dnwls0719 found a new VoidCrypt variant that appends the .wixawm extension.
December 9th 2021
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.
December 10th 2021
Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers.
Some backers of the LockBit 2.0 ransomware franchise claim victims they did not attack but to whom belong or are returning data stolen in another attack.
PCrisk found a new STOP ransomware variant that appends the .mljx extension.
PCrisk found a new STOP ransomware variant that appends the .pHv1 extension.
PCrisk found a new Dharma ransomware variant that appends the .Xqxqx extension.