The Week In Ransomware – March 26th 2021 – Attacks Increase
Ransomware attacks against the enterprise continue in the form of Accellion data leaks, full-fledged ransomware attacks, and more ransomware gangs targeting Microsoft Exchange.
Early in the week, it was discovered that a threat actor was deploying the Black Kingdom Ransomware on Microsoft Exchange servers. By the end of the week, Microsoft estimates that approximately 1,500 exchange servers were targeted in this group’s attack.
The Clop ransomware gang has continued to leak data stolen in Accellion attacks, with this week’s victims being energy giant
Shell, the University of Miami, and the University of Colorado.
We also saw an increase in standard encrypting ransomware attacks targeting enterprise victims, such as Sierra Wireless, Stratus, and insurance giant CNA.
On a different note, Danny Palmer wrote an interesting piece on how a company handled a recent ransomware attack and did not pay the ransom.
Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @Ionut_Ilascu, @demonslay335, @jorntvdw, @PolarToffee, @malwrhunterteam, @FourOctets, @struppigel, @LawrenceAbrams, @malwareforme, @Seifreed, @DanielGallagher, @serghei, @VK_Intel, @fwosar, @CrowdStrike, @BrettCallow, @MalwareTechBlog, @MsftSecIntel, @fbgwls245, @siri_urz, @Amigo_A_, @dannyjpalmer, @campuscodi, @ValeryMarchive, and @alexscroxton.
March 21st 2021
New Pay2Decrypt variant
S!Ri found a new Pay2Decrypt variant that appends the .aes extension.
Also Read: What You Should Know About The Data Protection Obligation Singapore
March 22nd 2021
Microsoft Exchange servers now targeted by Black Kingdom ransomware
Another ransomware operation known as ‘Black Kingdom’ is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.
Energy giant Shell discloses data breach after Accellion hack
Energy giant Shell has disclosed a data breach after attackers compromised the company’s secure file-sharing system powered by Accellion’s File Transfer Appliance (FTA).
New Dharma ransomware variant
Jakub Kroustek found a new Dharma ransomware variant that appends the .bqd2 extension.
March 23rd 2021
Ransomware attack shuts down Sierra Wireless IoT maker
Sierra Wireless, a world-leading IoT (Internet of Things) solutions provider, today disclosed a ransomware attack that forced it to halt production at all manufacturing sites.
High-availability server maker Stratus hit by ransomware
Stratus Technologies has suffered a ransomware attack that required systems to be taken offline to prevent the attack’s spread.
Ransomware gang leaks data stolen from Colorado, Miami universities
Grades and social security numbers for students at the University of Colorado and University of Miami patient data have been posted online by the Clop ransomware group.
CNA insurance firm hit by a cyberattack, operations impacted
CNA Financial, a leading US-based insurance company, has suffered a cyberattack impacting its business operations and shutting down its website.
March 24th 2021
New Makop variant
dnwls0719 found a new Makop ransomware variant that appends the .pecunia extension and drops a ransom note named readme-warning.txt.
March 25th 2021
Insurance giant CNA hit by new Phoenix CryptoLocker ransomware
Insurance giant CNA has suffered a ransomware attack using a new variant called Phoenix CryptoLocker that is possibly linked to the Evil Corp hacking group.
Evil Corp switches to Hades ransomware to evade sanctions
Hades ransomware has been linked to the Evil Corp cybercrime gang who uses it to evade sanctions imposed by the Treasury Department’s Office of Foreign Assets Control (OFAC).
Ransomware gang leaks data from US military contractor the PDI Group
A major supplier of military equipment to the US Air Force and militaries across the globe appears to have fallen victim to a ransomware attack.
New Stop Ransomware variant
Amigo-A found a new STOP ransomware variant that appends the .ekvf extension.
This company was hit by ransomware. Here’s what they did next, and why they didn’t pay up
It started out as a normal Thursday for Tony Mendoza, senior IT director at Spectra Logic, a data storage company based in Boulder, Colorado. And then the ransomware attack began.
March 26th 2021
FBI exposes weakness in Mamba ransomware, DiskCryptor
An alert from the U.S. Federal Bureau of Investigation about Mamba ransomware reveals a weak spot in the encryption process that could help targeted organizations recover from the attack without paying the ransom.
Ransomware gang urges victims’ customers to fight for their privacy
A ransomware operation known as ‘Clop’ is applying maximum pressure on victims by emailing their customers and asking them to demand a ransom payment to protect their privacy.
Microsoft: Black Kingdom ransomware hacked 1.5K Exchange servers
Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks.
Retailer FatFace pays $2m ransom to Conti cyber criminals
Fashion retailer FatFace has paid a $2m ransom to the Conti ransomware gang following a successful cyber attack on its systems that took place in January 2021, Computer Weekly has learned.
Also Read: The Difference Between GDPR And PDPA Under 10 Key Issues
New HiddenTear variant
dnwls0719 found a new HiddenTear variant that appends the .HANTA extension and drops a ransom note named how_to_recover.txt.
0 Comments