The Week in Ransomware – July 22nd 2022 – Attacks Abound
New ransomware operations continue to be launched this week, with the new Luna ransomware found to be targeting both Windows and VMware ESXi servers.
The big attack that went public this week was against digital security firm Entrust, which disclosed they suffered a security incident on June 18th that led to data being stolen.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @VK_Intel, @jorntvdw, @DanielGallagher, @struppigel, @PolarToffee, @FourOctets, @Seifreed, @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @demonslay335, @billtoulas, @BleepinComputer, @fwosar, @malwareforme, @AdvIntel, @AuCyble, @kaspersky, @pcrisk, @corintxt, @Amigo_A_, and @jgreigj.
July 17th 2022
Amigo-A found the new STOP247 ransomware that appends the .stop and drops a ransom note named RECOVERY_INFORMATION.TXT.
July 18th 2022
The police department of Frederick, Colorado said it is investigating claims that the town government was hit with a ransomware attack.
PCrisk found a new Dharma ransomware variant that appends the .xrom extension and drops a ransom note named FILES ENCRYPTED.txt.
PCrisk found new STOP ransomware variants that append the .ggyu, .ggeo, .ggew, and .ggwq extension.
PCrisk found a new CHAOS ransomware variant that appends the .blueKey extension and drops a ransom note named DECRYPTION_INSTRUCTIONS.txt.
July 19th 2022
The Knauf Group has announced it has been the target of a cyberattack that has disrupted its business operations, forcing its global IT team to shut down all IT systems to isolate the incident.
PCrisk found a new Dharma variant that appends the .NMO extension.
PCrisk found a new Matrix ransomware variant that appends the .KOK08 extension and drops a ransom note named !README_KOK08!.rtf.
July 20th 2022
A new ransomware family dubbed Luna can be used to encrypt devices running several operating systems, including Windows, Linux, and ESXi systems.
The U.S. Department of Justice has announced the seizure of approximately $500,000 in Bitcoin, paid by American health care providers to the operators of the Maui ransomware strain.
July 21st 2022
A threat actor is promoting a new version of their free-to-use ‘Redeemer’ ransomware builder on hacker forums, offering unskilled threat actors an easy entry to the world of encryption-backed extortion attacks.
Details have emerged on how the Conti ransomware gang breached the Costa Rican government, showing the attack’s precision and the speed of moving from initial access to the final stage of encrypting devices.
PCrisk found STOP ransomware variants that append the .ooxa and .oori extensions.
July 22nd 2022
Digital security giant Entrust has confirmed that it suffered a cyberattack where threat actors breached their network and stole data from internal systems.
The Canadian town of St. Marys, Ontario, has been hit by a ransomware attack that has locked staff out of internal systems and encrypted data.
PCrisk found the new Kriptor ransomware that appends the .Kriptor and drops a ransom note named read_it.txt.