Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

The Week in Ransomware – June 25th 2021 – Back in Business

The Week in Ransomware – June 25th 2021 – Back in Business

It has been relatively quiet this week, with few attacks revealed and few new ransomware variants released. However, some interesting information came out that we have summarized below.

Last week, a law enforcement operation arrestest numerous Clop Ransomware gang members, assisted by the Binance cryptocurrency exchange which helped track the threat actors performing money laundering for the Clop ransomware.

However, this did not seem to stop the ransomware gang for long as they continued to release the data of new victims this week.

The City of Tulsa also reported a data breach this week after the Conti ransomware gang began leaking stolen police citations online on their data leak site.

This week’s most significant attack was against Brazilian medical diagnostics giant Grupo Fleury who was hit with an REvil ransomware attack.

Contributors and those who provided new ransomware information and stories this week include: @malwrhunterteam@demonslay335@BleepinComputer@FourOctets@jorntvdw@fwosar@DanielGallagher@VK_Intel@Ionut_Ilascu@LawrenceAbrams@Seifreed@serghei@malwareforme@PolarToffee@struppigel@GelosSnake@ProferoSec@SecurityJoes@RansomAlert@JakubKroustek@GrujaRS@fbgwls245@coveware@pcrisk@Amigo_A_@BlackBerry, and @symantec.

June 19th 2021

New APIS Wiper

GrujaRS found a wiper that pretends to be the APIS ransomware.


Also Read: PDPA Singapore Guidelines: 16 Key Concepts For Your Business

New ransomware targeting WD NAS devices

Amigo-A found a new ransomware called 0XXX that is encrypted Western Digital NAS devices and appending the .0xxx extension and dropping a ransom note named !0XXX_DECRYPTION_README.TXT.

June 21st 2021

Data leak marketplace pressures victims by emailing competitors

The Marketo data theft marketplace is applying maximum pressure on victims by emailing their competitors and offering sample packs of the stolen data.

ADATA suffers 700 GB data leak in Ragnar Locker ransomware attack

The Ragnar Locker ransomware gang have published download links for more than 700GB of archived data stolen from Taiwanese memory and storage chip maker ADATA.

June 22nd 2021

Mysterious ransomware payment traced to a sensual massage site

A ransomware targeting an Israeli company has led researchers to track a portion of a ransom payment to a website promoting sensual massages.

Healthcare giant Grupo Fleury hit by REvil ransomware attack

Brazilian medical diagnostic company Grupo Fleury has suffered a ransomware attack that has disrupted business operations after the company took its systems offline.

New Rapid Ransomware variant

dnwls0719 found a new variant of the Rapid ransomware that appends the .snoopdog extension.

June 23rd 2021

Clop ransomware is back in business after recent arrests

The Clop ransomware operation is back in business after recent arrests and has begun listing new victims on their data leak site again.

Tulsa warns of data breach after Conti ransomware leaks police citations

The City of Tulsa, Oklahoma, is warning residents that their personal data may have been exposed after a ransomware gang published police citations online.

PYSA ransomware backdoors education orgs using ChaChi malware

The PYSA ransomware gang has been using a remote access Trojan (RAT) dubbed ChaChi to backdoor the systems of healthcare and education organizations and steal data that later gets leveraged in double extortion ransom schemes.

New Dharma Ransomware variant

Jakub Kroustek found new Dharma Ransomware variants that append the .nmc or .ZEUS extension to encrypted files.

Ransomware: Growing Number of Attackers Using Virtual Machines

Symantec has found evidence that an increasing number of ransomware attackers are using virtual machines (VMs) in order to run their ransomware payloads on compromised computers. The motivation behind the tactic is stealth. In order to avoid raising suspicions or triggering antivirus software, the ransomware payload will “hide” within a VM while encrypting files on the host computer.

June 24th 2021

Binance exchange helped track down Clop ransomware money launderers

Cryptocurrency exchange service Binance played an important part in the recent arrests of Clop ransomware group members, helping law enforcement in their effort to identify, and ultimately detain the suspects.

What We Can Learn From Ransomware Actor “Security Reports”

Luckily, some threat actors are more forthcoming. What follows are several case studies from real ransomware negotiations wherein the threat actor provided granular details on the full attack lifecycle, including usernames and passwords of compromised accounts and specific CVE’s leveraged to gain entry. Please note that these reports have not been edited or spell checked and that we redacted identifying information. Additionally, the tactics described by the threat actors herein were validated following thorough forensic investigation.

Also Read: Data Protection Officer Singapore | 10 FAQs

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .ddsg extension.

June 25th 2021

New Spyro Ransomware

Amigo-A found the new Spyro Ransomware that appends the .Spyro extension and drops the Decrypt-info.txt ransom note.

That’s it for this week! Hope everyone has a nice weekend!



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us