Privacy Ninja

The Week in Ransomware – June 10th 2022 – Targeting Linux

The Week in Ransomware – June 10th 2022 – Targeting Linux

It has been relatively quiet this week with many companies and researchers at the RSA conference. However, we still had some interesting ransomware reports released this week.

Advanced Intel released a deep dive on BlackCat/AlphV, revealing some of the technical details of the ransomware operation.

We learned that Black Basta is using QBot to spread laterally in breached networks, and a new Linux encryptor was found for the ransomware operation as well.

The Cuba ransomware operation also came back to life, with numerous attacks in March and April.

For the most bizarre news of the week, a ransomware dev is selling their decryptor on the Roblox gaming platform.

Finally, Vice Society claimed the attack on the City of Palermo, Italy, whose online operations are still impacted.

Contributors and those who provided new ransomware information and stories this week include: @billtoulas@VK_Intel@demonslay335@DanielGallagher@Ionut_Ilascu@LawrenceAbrams@fwosar@malwrhunterteam@jorntvdw@malwareforme@FourOctets@serghei@PolarToffee@Seifreed@struppigel@BleepinComputer@TrendMicro@uptycs@NCCGroupInfosec@Intel_by_KELA@y_advintel@Avast@BrettCallow@ValeryMarchive, and @pcrisk.

Also Read: What it means to get a Data Protection Trustmark Certification

June 6th 2022

QBot now pushes Black Basta ransomware in bot-powered attacks

The Black Basta ransomware gang has partnered with the QBot malware operation to spread laterally through hacked corporate environments.

Italian city of Palermo shuts down all systems to fend off cyberattack

The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists.

Ransomware gangs now give victims time to save their reputation

Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries.

Decrypted: TaRRaK Ransomware

The TaRRaK ransomware appeared in June of 2021. This ransomware contains many coding errors, so we decided to publish a small blog about them. Samples of this ransomware were spotted in our user base, so we also created a decryptor for this ransomware.

New VoidCrypt variant

PCrisk found a new VoidCrypt variant that appends the .linda extension.

Also Read: A guide to Singapore’s Do Not Call Registry

New STOP ransomware variant

PCrisk found new STOP ransomware variants that append the .bnrs and .eegf extensions.

June 7th 2022

Linux version of Black Basta ransomware targets VMware ESXi servers

Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines (VMs) running on enterprise Linux servers.

BlackCat — In a Shifting Threat Landscape, It Helps to Land on Your Feet: Tech Dive

This report is part one of AdvIntel’s new series on the ALPHV (aka BlackCat) ransomware group. In the upcoming part two, AdvIntel will hold an analytical lens on BlackCat’s organizational, recruitment, and operations process. This part introduces the context and offers a deep dive into the group’s technical capabilities which could herald a new breed of threat actors entering the cybercriminal ecosystem.

June 8th 2022

Cuba ransomware returns to extorting victims with updated encryptor

The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks.

June 9th 2022

Vice Society ransomware claims attack on Italian city of Palermo

The Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage.

Bizarre ransomware sells decryptor on Roblox Game Pass store

A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service’s in-game Robux currency.

June 10th 2022

New STOP ransomware variant

PCrisk found new STOP ransomware variants that append the .bbyy and .bbzz extensions.

That’s it for this week! Hope everyone has a nice weekend!



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us