It has been another rough week for the enterprise and education as ransomware continues to impact business operations and shut down schools.
Egregor was very active this week, with attacks on Kmart, Metro Vancouver’s transit system TransLink, and the Randstad staffing agency.
Education was also hit hard this week, with Baltimore County Public Schools (BCPS) still recovering from last week’s attack and Huntsville City Schools district in Alabama shutting down for a week due to an attack. In addition to public school systems, Ryuk attacked online education giant K12 Inc, who paid the ransom to prevent students’ data from being leaked.
Finally, the Clop ransomware gang showed that they don’t only breach networks to steal your files and encrypt your data. The threat actors also deploy other ransomware, such as POS malware, to steal credit cards.
Contributors and those who provided new ransomware information and stories this week include: @PolarToffee, @fwosar, @malwrhunterteam, @Seifreed, @FourOctets, @serghei, @DanielGallagher, @struppigel, @demonslay335, @BleepinComputer, @jorntvdw, @Ionut_Ilascu, @LawrenceAbrams, @malwareforme, @VK_Intel, @ffforward, @jarmstrongbc, @PogoWasRight, @3xp0rtblog, @JakubKroustek, @Kangxiaopao, @siri_urz, and @Emm_ADC_Soft.
Delaware County, Pennsylvania has paid a $500,000 ransom after their systems were hit by the DoppelPaymer ransomware last weekend.
Jakub Kroustek found new Dharma ransomware variants that append the .ZIN and .SUKA extension.
Also Read: How a Smart Contract Audit Works and Why it is Important
After a year-long vacation, the Gootkit information-stealing Trojan has returned to life alongside REvil Ransomware in a new campaign targeting Germany.
Baltimore County Public Schools (BCPS) urged students and staff to stop using their school-issued Windows computers and only use Chromebooks and Google accounts following a ransomware attack that hit the district’s network last Wednesday.
The University of Vermont Health Network is still recovering from a Ryuk Ransomware attack in October 2020, with services slowly coming back online.
Industrial automation and Industrial IoT (IIoT) chip maker Advantech confirmed a ransomware attack that hit its network and led to the theft of confidential, albeit low-value, company documents.
Michael Gillespie found a new STOP ransomware variant that appends the .weui extension to encrypted files.
MalwareHunterTeam noticed that Egregor added a press release that calls the relationship between paid victims as a “a contract.”
Michael Gillespie found a new Xorist ransomware variant that appends the ‘.hacker crypt http://2020.data’ extension.
Ransomware operators have attacked the Huntsville City Schools district in Alabama, forcing them to shut down schools for the rest of the week and possibly next week.
Online education giant K12 Inc. has paid a ransom after their systems were hit by Ryuk ransomware in the middle of November.
Clop ransomware is claiming to have stolen 2 million credit cards from E-Land Retail over a one-year period ending with last months ransomware attack.
US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned.
Galstan & Ward Family and Cosmetic Dentistry (Galstan & Ward) is a dental practice in Georgia. On September 9, 2020, they learned that they had been a victim of a ransomware attack — or an attempted attack — when they got a phone call from a group claiming to have attacked them and demanding a ransom.
Also Read: Data Centre Regulations Singapore: Does It Help To Progress
The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.
Staffing agency Randstad NV announced today that their network was breached by the Egregor ransomware, who stole unencrypted files during the attack.
xiaopao found new CryptoJoker ransomware variants that are appending the .partially.nocry, .devos, and .devoscpu extensions.
Siri found a new Conti ransomware variant that appends the .SYTCO extension.
Emmanuel_ADC-Soft fond a new STOP Ransomware variant that appends the .NOBU extension.