Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Week in Ransomware – February 18th 2022 – Mergers & Acquisitions

The Week in Ransomware – February 18th 2022 – Mergers & Acquisitions

The big news this week is that the Conti ransomware gang has recruited the core developers and managers of the TrickBot group, the developers of the notorious TrickBot malware.

This recruitment drive now allows the Conti ransomware gang to focus on developing further stealthy malware, such as BazarBackdoor, while letting the TrickBot malware slowly wane away due to its easy detection by antivirus software.

With this “merger,” Conti has evolved into an actual cybercrime syndicate with different groups focusing on developing malware for each leg of a ransomware attack, ranging from initial access to encrypting.

This week’s other news is the FBI disclosing that BlackByte breached US critical infrastructure, and a new report by Chainalysis gives us a better glimpse of the ransomware payment ecosystem.

Also Read: PDP Act (Personal Data Protection Act) Laws and Regulation

New ransomware attacks we learned about this week, including BlackByte’s attack on the San Francisco 49ersMizuno getting hit by ransomware, and BlackCat confirming they were behind the attack on Swissport.

Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer@fwosar@Ionut_Ilascu@DanielGallagher@PolarToffee@LawrenceAbrams@FourOctets@Seifreed@serghei@malwareforme@VK_Intel@jorntvdw@malwrhunterteam@demonslay335@struppigel@JakubKroustek@Ax_Sharma@S2W_Official@pcrisk@chainalysis@briankrebs, and @Amigo_A_.

February 13th 2022

NFL’s San Francisco 49ers hit by Blackbyte ransomware attack

The NFL’s San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the American football organization.

New STOP Ransomware variants

Jakub Kroustek found new STOP Ransomware variants that append the .qnty and .iips extensions.

New Dharma Ransomware variant

Jakub Kroustek found a new Dharma Ransomware variant that appends the .kl extension.

New Sojusz ransomware

Amigo-A found a a new ransomware named Sojusz that appends the .sojusz extension.

Also Read: What Does Resolution Of Data Really Means

February 14th 2022

Sports brand Mizuno hit with ransomware attack delaying orders

Sports equipment and sportswear brand Mizuno is affected by phone outages and order delays after being hit by ransomware, BleepingComputer has learned from sources familiar with the attack.

FBI: BlackByte ransomware breached US critical infrastructure

The US Federal Bureau of Investigation (FBI) revealed that the BlackByte ransomware group has breached the networks of at least three organizations from US critical infrastructure sectors in the last three months.

Russian Cybercriminals Drive Significant Ransomware and Cryptocurrency-based Money Laundering Activity

In this section, we’ll delve into two intertwined areas of Russia’s crypto crime ecosystem that, together, have serious implications for cybersecurity, compliance, and national security: ransomware and money laundering.

Wazawaka Goes Waka Waka

This post concerns itself with the other half of Wazawaka’s identities not mentioned in the first story, such as how Wazawaka also ran the Babuk ransomware affiliate program, and later became “Orange,” the founder of the ransomware-focused Dark Web forum known as “RAMP.”

New D3adCrypt ransomware

Amigo-A found a a new ransomware dubbed D3adCrypt that appends the .d3ad extension and drops ransom notes named d3ad_Help.txt and d3ad_Help.hta.

February 15th 2022

BlackCat (ALPHV) claims Swissport ransomware attack, leaks data

The BlackCat ransomware group, aka ALPHV, has claimed responsibility for the recent cyber attack on Swissport that caused flight delays and service disruptions.

New LockDown ransomware variant

Karsten Hahn spotted a new variant of the LockDown ransomware variant that appends the .cantopen extension.

February 16th 2022

The Chainalysis 2022 Crypto Crime Report

Sure enough, we updated our ransomware numbers a few times throughout 2021, reflecting new payments we hadn’t identified previously. As of January 2022, we’ve now identified just over $692 million in 2020 ransomware payments — nearly double the amount we initially identified at the time of writing last year’s report.

February 17th 2022

Tracking SugarLocker ransomware & operator

As a result of hunting for the SugarLocker ransomware, it is presumed that the operator has been producing SugarLocker ransomware since at least early 2021. It seems that ransomware has actually been distributed since the second half of last year, but no attack cases have been confirmed so far. They do not operate a data leak site, and it seems that the ransomware name has been changed recently, so it does not appear to be active yet.

New STOP Ransomware variants

PCrisk found new STOP Ransomware variants that append the .ckae and .eucy extensions.

A Method for Decrypting Data Infected with Hive Ransomware

Among the many types of malicious codes, ransomware poses a major threat. Ransomware encrypts data and demands a ransom in exchange for decryption. As data recovery is impossible if the encryption key is not obtained, some companies suffer from considerable damage, such as the payment of huge amounts of money or the loss of important data. In this paper, we analyzed Hive ransomware, which appeared in June 2021. Hive ransomware has caused immense harm, leading the FBI to issue an alert about it. To minimize the damage caused by Hive Ransomware and to help victims recover their files, we analyzed Hive Ransomware and studied recovery methods. By analyzing the encryption process of Hive ransomware, we confirmed that vulnerabilities exist by using their own encryption algorithm. We have recovered the master key for generating the file encryption key partially, to enable the decryption of data encrypted by Hive ransomware. We recovered 95% of the master key without the attacker’s RSA private key and decrypted the actual infected data. To the best of our knowledge, this is the first successful attempt at decrypting Hive ransomware. It is expected that our method can be used to reduce the damage caused by Hive ransomware.

While a very interesting read on decrypting ransomware, Michael Gillespie says that it may not be a practical method to decrypt files encrypted by Hive.

February 18th 2022

Conti ransomware gang takes over TrickBot malware operation

After four years of activity and numerous takedown attempts, the death knell of TrickBot has sounded as its top members move under new management, the Conti ransomware syndicate, who plan to replace it with the stealthier BazarBackdoor malware.

New MonaLisa ransomware

Amigo-A found a a new ransomware dubbed MonaLisa that appends the .barrel or .nekochan extensions and drops ransom notes named info.txt or info.hta.

That’s it for this week! Hope everyone has a nice weekend!



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us