Privacy Ninja

The Week in Ransomware – May 20th 2022 – Another One Bites the Dust

The Week in Ransomware – May 20th 2022 – Another One Bites the Dust

Ransomware attacks continue to slow down, likely due to the invasion of Ukraine, instability in the region, and subsequent worldwide sanctions against Russia.

This does not mean, though, that there has been no ransomware activity.

This week’s biggest news is the Conti ransomware gang beginning to shut down their operation, with internal infrastructure taken offline and team leaders/members told that the brand is ending.

While the ‘Conti’ brand may be shut down, cybersecurity firm Advanced Intel says that the cybercrime syndicate will continue to operate, with members joining other ransomware operations or the Conti leadership taking over smaller operations.

By splintering into smaller ‘cells,’ it is believed that Conti will be able to evade law enforcement more easily and simply switch between different ransomware operation’s encryptors. While this may mean less revenue for the syndicate, it creates greater mobility for the overall operation.

What this means for the Costa Rican government, which was severely impacted by a recent Conti attack, is unclear.

Other news this week includes the charging of a Venezuelan doctor to create the Thanos and Jigsaw ransomware families, QNAP warning customers that a new DeadBolt campaign is targeting NAS devices, and a report that ransomware gangs are increasingly use vulnerabilities for initial access.

Also Read: PDPA compliance and progressive HR practices: Why this tandem makes sense

Finally, Publishing giant Nikkei disclosed that its Singapore branch suffered a ransomware attack.

Contributors and those who provided new ransomware information and stories this week include: @PolarToffee@malwrhunterteam@struppigel@FourOctets@LawrenceAbrams@DanielGallagher@Seifreed@Ionut_Ilascu@VK_Intel@BleepinComputer@jorntvdw@demonslay335@billtoulas@fwosar@serghei@malwareforme@y_advintel@AdvIntel@vxunderground@douglasmun@GroupIB_GIB@PRODAFT@kateconger@pcrisk@Amigo_A_, and @Fortinet

May 16th 2022

US links Thanos and Jigsaw ransomware to 55-year-old doctor

The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals.

[WS] Wizard Spider Group In-Depth Analysis

The PRODAFT Threat Intelligence (PTI) team has assembled this report to provide in-depth knowledge about Wizard Spider.

New EarthGrass ransomware

PCrisk found a new EarthGrass ransomware that appends the .34r7hGr455 extension and drops a ransom note named Read ME (Decryptor).txt.

May 17th 2022

Russian Hacking Cartel Attacks Costa Rican Government Agencies

A Russian hacking cartel carried out an extraordinary cyberattack against the government of Costa Rica, crippling tax collection and export systems for more than a month so far and forcing the country to declare a state of emergency.

Conti accuses LockBit and AlphV or stealing from affiliates

Chaos Ransomware Variant Sides with Russia

In this vein, FortiGuard Labs recently came across a variant of the Chaos ransomware that appears to side with Russia. This blog explains the vicious consequences that the Chaos variant delivers to a compromised machine.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .dfwe extension.

May 18th 2022

National bank hit by ransomware trolls hackers with dick pics

After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination).

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .fdcv extension.

New CryptBit ransomware

PCrisk found the new CryptBit ransomware that appends the .cryptbit extension and drops the CryptBIT-restore-files.txt ransom note.

May 19th 2022

Ransomware gangs rely more on weaponizing vulnerabilities

Security researchers are warning that external remote access services continue to be the main vector for ransomware gangs to breach company networks but there’s a notable uptick in exploiting vulnerabilities.

QNAP alerts NAS customers of new DeadBolt ransomware attacks

Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads.

Also Read: Changes to the access and correction obligations you should know

Media giant Nikkei’s Asian unit hit by ransomware attack

Publishing giant Nikkei disclosed that the group’s headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13, 2022.

Conti ransomware shuts down operation, rebrands into smaller units

The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .fefg extension.

May 20th 2022

DisCONTInued: The End of Conti’s Brand Marks New Chapter For Cybercrime Landscape

On May 19, 2022, the admin panel of the Conti ransomware gang’s official website, Conti News, was shut down. The negotiations service site was also down, while the rest of the infrastructure: from chatrooms to messengers, and from servers to proxy hosts was going through a massive reset.

New ZareuS ransomware variant

PCrisk found a ransomware named ZareuS that appends the .ZareuS extension and drops a ransom note named HELP_DECRYPT_YOUR_FILES.txt.

That’s it for this week! Hope everyone has a nice weekend!



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us