The Week In Ransomware – October 15th 2021 – Disrupting Ransoms
This week, senior officials from over thirty countries held virtual conferences on disrupting ransomware operations and attacks.
Russia and China were left out of these talks, even though there are signs that Russia has begun to crack down on cybercriminal activity in its country.
Through these talks, senior officials announced that governments will be disrupting ransomware operations through intelligence sharing, cryptocurrency seizures, anti-money laundering operations, and more scrutiny into the exploitation of cryptocurrency.
This disruption is necessary, as the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has linked a staggering $5.2 billion in Bitcoin transactions to ransomware operations.
There have been quite a few attacks this week, likely the result of ransomware.
This week’s most prominent attack is against Banco Pichincha, Ecuador’s largest private bank, where a ransomware attack severely disrupted operations.
Contributors and those who provided new ransomware information and stories this week include: @VK_Intel, @PolarToffee, @FourOctets, @jorntvdw, @LawrenceAbrams, @malwareforme, @demonslay335, @serghei, @Ionut_Ilascu, @Seifreed, @BleepinComputer, @DanielGallagher, @fwosar, @billtoulas, @malwrhunterteam, @struppigel, @BroadcomSW, @trompi, @virustotal, @fbgwls245, @Amigo_A_, and @pcrisk.
October 10th 2021
Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021.
dnwls0719 found a new variant of the Karma ransomware that appends the .KARMA_V2 extension.
October 11th 2021
Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month.
PCrisk found a new STOP ransomware variant that appends the .nqsq extension to encrypted files.
dnwls0719 found a new JCrypt variant that appends the .poison extension to encrypted files.
October 12th 2021
Ecuador’s largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline.
PCrisk found a new Dharmaransomware variant that appends the .NaS extension to encrypted files.
October 13th 2021
The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat.
Australia’s Minister for Home Affairs has announced the “Australian Government’s Ransomware Action Plan,” which is a set of new measures the country will adopt in an attempt to tackle the rising threat.
VirusTotal’s first Ransomware Activity Report provides a holistic view of ransomware attacks by combining more than 80 million potential ransomware-related samples submitted over the last year and a half. This report is designed to help researchers, security practitioners and the general public understand the nature of ransomware attacks while enabling cyber professionals to better analyze suspicious files, URLs, domains and IP addresses. Sharing insights behind how attacks develop is essential to anticipating their evolution and detecting cybersecurity threats across the globe.
October 14th 2021
A new and still under development ransomware strain is being used in highly targeted attacks against enterprise entities as Broadcom’s Symantec Threat Hunter Team discovered.
The University of Sunderland in the UK has announced extensive operational issues that have taken most of its IT systems down, attributing the problem to a cyber-attack.
October 15th 2021
Senior officials from 31 countries and the European Union said that their governments would take action to disrupt the cryptocurrency payment channels used by ransomware gangs to finance their operations.
U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years, U.S. government agencies said in a joint advisory on Thursday.
The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has identified roughly $5.2 billion worth of outgoing Bitcoin transactions likely tied to the top 10 most commonly reported ransomware variants.
Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company’s systems in August 2021.