Privacy Ninja

The Week in Ransomware – July 22nd 2022 – Attacks Abound

The Week in Ransomware – July 22nd 2022 – Attacks Abound

New ransomware operations continue to be launched this week, with the new Luna ransomware found to be targeting both Windows and VMware ESXi servers.

We also learned how the Conti ransomware gang breached the Costa Rican government’s systems and that the FBI recovered $500,000 in ransoms paid by health care to the Maui ransomware operation.

The big attack that went public this week was against digital security firm Entrust, which disclosed they suffered a security incident on June 18th that led to data being stolen.

Other attacks we learned about his week include building materials giant Knauf, an attack on the town of St. Marys, and an attack on the town of Frederick, Colorado.

Also Read: The IMDA urges more businesses to sign up in its anti-SMS spoofing registry

Contributors and those who provided new ransomware information and stories this week include: @serghei@VK_Intel@jorntvdw@DanielGallagher@struppigel@PolarToffee@FourOctets@Seifreed@malwrhunterteam@Ionut_Ilascu@LawrenceAbrams@demonslay335@billtoulas@BleepinComputer@fwosar@malwareforme@AdvIntel@AuCyble@kaspersky@pcrisk@corintxt@Amigo_A_, and @jgreigj.

July 17th 2022

New STOP247 ransomware

Amigo-A found the new STOP247 ransomware that appends the .stop and drops a ransom note named RECOVERY_INFORMATION.TXT.

July 18th 2022

Colorado police investigating ransomware attack on small town

The police department of Frederick, Colorado said it is investigating claims that the town government was hit with a ransomware attack.

New Dharma Ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .xrom extension and drops a ransom note named FILES ENCRYPTED.txt.

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .ggyu.ggeo.ggew, and .ggwq extension.

New CHAOS based BlueKey ransomware

PCrisk found a new CHAOS ransomware variant that appends the .blueKey extension and drops a ransom note named DECRYPTION_INSTRUCTIONS.txt.

July 19th 2022

Building materials giant Knauf hit by Black Basta ransomware gang

The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.

Also Read: Cybersecurity Singapore: The nation’s approach to protecting its cybersecurity

New Dharma ransomware variant

PCrisk found a new Dharma variant that appends the .NMO extension.

New Matrix ransomware variant

PCrisk found a new Matrix ransomware variant that appends the .KOK08 extension and drops a ransom note named !README_KOK08!.rtf.

July 20th 2022

New Luna ransomware encrypts Windows, Linux, and ESXi systems

A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.

FBI recovers $500,000 healthcare orgs paid to Maui ransomware

The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain.

July 21st 2022

New Redeemer ransomware version promoted on hacker forums

A threat actor is promoting a new version of their free-to-use ‘Redeemer’ ransomware builder on hacker forums, offering unskilled threat actors an easy entry to the world of encryption-backed extortion attacks.

How Conti ransomware hacked and encrypted the Costa Rican government

Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack’s precision and the speed of moving from initial access to the final stage of encrypting devices.

New STOP ransomware variants

PCrisk found STOP ransomware variants that append the .ooxa and .oori extensions.

July 22nd 2022

Digital security giant Entrust breached by ransomware gang

Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.

A small Canadian town is being extorted by a global ransomware gang

The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.

New Kriptor ransomware

PCrisk found the new Kriptor ransomware that appends the .Kriptor and drops a ransom note named read_it.txt.

That’s it for this week! Hope everyone has a nice weekend!



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us