Privacy Ninja

The Week In Ransomware – January 29th 2021 – Striking Back

The Week In Ransomware – January 29th 2021 – Striking Back

It has been a hectic week, with law enforcement conducting two successful law enforcement operations that will significantly impact ransomware.

This week’s biggest news is the law enforcement takedown of the Emotet botnet, followed by the seizing of Tor sites and the arrest of an affiliate for the very active Netwalker ransomware.

Emotet is a significant contributor to ransomware attacks as it installs malware that commonly leads to Ryuk, Conti, Egregor, and ProLock attacks.

This week’s other interesting news is the Avaddon ransomware gang beginning to use DDoS attacks to force victims to the negotiation table. IObit also continued to be harassed by the DeroHE ransomware developers who defaced their forums.

We also saw large enterprise attacks come back after the holidays with attacks on Palfinger and Dairy Farm.

Contributors and those who provided new ransomware information and stories this week include: @demonslay335@Seifreed@PolarToffee@BleepinComputer@serghei@FourOctets@Ionut_Ilascu@struppigel@malwareforme@jorntvdw@VK_Intel@LawrenceAbrams@DanielGallagher@malwrhunterteam@fwosar@BrettCallow@GrujaRS@Amigo-A_@petrovic082@chum1ng0@benkow_@csis_cyber@Kangxiaopao@raby_mr, and @RakeshKrish12.

Also Read: How a Smart Contract Audit Works and Why it is Important

January 24th 2021

Another ransomware now uses DDoS attacks to force victims to pay

Another ransomware gang is now using DDoS attacks to force a victim to contact them and negotiate a ransom.

New CobraLocker ransomware

GrujaRS found a new ransomware called CobraLocker that drops a ransom note named readme.txt.

January 25th 2021

Ransomware gang taunts IObit with repeated forum hacks

A ransomware gang continues to taunt Windows software developer IObit by hacking its forums to display a ransom demand.

Leading crane maker Palfinger hit in global cyberattack

Leading crane and lifting manufacturer Palfinger is targeted in an ongoing cyberattack that has disrupted IT systems and business operations.

The Nemty affiliate model

Almost a year after the end of the operations of the Nemty ransomware, we are presenting some internal details of their operations between 2019 and 2020 in order to document the business model and the actors that evolved around that group.

New JohnBorn Ransomware

Amigo-A found a new JohnBorn Ransomware that apppends the .johnborn@cock_li extension and drops a ransom note named RecoveryInstructions.txt.

New Xorist ransomware variants

xiaopao found new Xorist Ransomware variants that append the .@LyDarkr and .ZoToN extensions.

January 26th 2021

Pan-Asian retail giant Dairy Farm suffers REvil ransomware attack

Massive pan-Asian retail chain operator Dairy Farm Group was attacked this month by the REvil ransomware operation. The attackers claim to have demanded a $30 million ransom.

New Xorist ransomware variant

xiaopao found a new Xorist Ransomware variant that appends the .CryptPethya extension.

New Xorist ransomware variants

xiaopao found new Xoris ransomware variants that append the .zaplat.za klic 2021 and .EnCryp13d extensions.

January 27th 2021

Europol: Emotet malware will uninstall itself on April 25th

Law enforcement has started to distribute an Emotet module to infected devices that will uninstall the malware on April 25th, 2021.

Also Read: What Is A Governance Framework? The Importance And How It Works

Netwalker ransomware dark web sites seized by law enforcement

The dark web websites associated with the Netwalker ransomware operation have been seized by law enforcement from the USA and Bulgaria.

US charges NetWalker ransomware affiliate, seizes ransom payments

The U.S. Justice Department announced today the disruption of the Netwalker ransomware operation and the indictment of a Canadian national for alleged involvement in the file-encrypting extortion attacks.

New Namaste Ransomware

Petrovic found a new ransomware named Namaste that appends the ._enc extension to encrypted files.

New Egalyty RaaS

Rakesh Krishnan found a new Ransomware-as-a-Service Egalyty that is based after Ranion.

January 28th 2021

New POLA STOP ransomware variant

Amigo-A found a new variant of the STOP Ransomware that appends the .pola extension to encrypted files.

DarkSide updates list of orgs they wont attack

The DarkSide ransomware operation issued a new “press release” stating that they will no longer attack certain organizations.

January 29th 2021

Vovalex is likely the first ransomware written in D

A new ransomware called Vovalex is being distributed through fake pirated software that impersonates popular Windows utilities, such as CCleaner.

New Paradise ransomware variant

xiaopao found new Paradise ransomware variant that appends the .Cukiesi extension to encrypted files.

New WormLocker ransomware variant

xiaopao found the new WormLocker ransomware that does not append an extension to encrypted files.

New Dharma Ransomware variant

Ravi found a new Dharma ransomware variant that appends the .NOV extension to encrypted files.

That’s it for this week! Hope everyone has a nice weekend!

Privacy Ninja provides GUARANTEED quality and results for the following CORE SERVICES:

DPO-As-A-Service (Outsourced DPO Subscription)
Vulnerability Assessment & Penetration Testing (VAPT)
PDPA Obligations for Organizational Compliance (SkillsFuture Credit Eligible)

OTHER SERVICES:

PDPA Compliance Audit
Dig
ital Transformation Consultancy
Data Protection Trustmarks Certification Readiness Consultancy

PDPA Data Protection Software
Smart Contract Audit

LIKE & SUBSCRIBE:
Facebook
LinkedIn
Twitter
YouTube
Podcast

0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Powered by WhatsApp Chat

× How can we help you?