The Week In Ransomware – October 15th 2021 – Disrupting Ransoms
This week, senior officials from over thirty countries held virtual conferences on disrupting ransomware operations and attacks.
Russia and China were left out of these talks, even though there are signs that Russia has begun to crack down on cybercriminal activity in its country.
Through these talks, senior officials announced that governments will be disrupting ransomware operations through intelligence sharing, cryptocurrency seizures, anti-money laundering operations, and more scrutiny into the exploitation of cryptocurrency.
This disruption is necessary, as the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has linked a staggering $5.2 billion in Bitcoin transactions to ransomware operations.
There have been quite a few attacks this week, likely the result of ransomware.
Also Read: How Long Do Employers Keep Employee Records After Termination? 1 Hard Question
This week’s most prominent attack is against Banco Pichincha, Ecuador’s largest private bank, where a ransomware attack severely disrupted operations.
Other attacks that have not been confirmed to be ransomware are Olympus U.S. and the University of Sunderland.
Contributors and those who provided new ransomware information and stories this week include: @VK_Intel, @PolarToffee, @FourOctets, @jorntvdw, @LawrenceAbrams, @malwareforme, @demonslay335, @serghei, @Ionut_Ilascu, @Seifreed, @BleepinComputer, @DanielGallagher, @fwosar, @billtoulas, @malwrhunterteam, @struppigel, @BroadcomSW, @trompi, @virustotal, @fbgwls245, @Amigo_A_, and @pcrisk.
October 10th 2021
Olympus US systems hit by cyberattack over the weekend
Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021.
New Karma ransomware extension
dnwls0719 found a new variant of the Karma ransomware that appends the .KARMA_V2 extension.
October 11th 2021
Pacific City Bank discloses ransomware attack claimed by AvosLocker
Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month.
New STOP ransomware variant
PCrisk found a new STOP ransomware variant that appends the .nqsq extension to encrypted files.
New JCrypt ransomware variant
dnwls0719 found a new JCrypt variant that appends the .poison extension to encrypted files.
Also Read: By Attending This Event You Agree To Be Photographed
October 12th 2021
Cyberattack shuts down Ecuador’s largest bank, Banco Pichincha
Ecuador’s largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline.
New Dharma ransomware variant
PCrisk found a new Dharmaransomware variant that appends the .NaS extension to encrypted files.
October 13th 2021
Russia and China left out of global anti-ransomware meetings
The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat.
Australia to tackle ransomware data breaches by deleting stolen files
Australia’s Minister for Home Affairs has announced the “Australian Government’s Ransomware Action Plan,” which is a set of new measures the country will adopt in an attempt to tackle the rising threat.
We analyzed 80 million ransomware samples – here’s what we learned
VirusTotal’s first Ransomware Activity Report provides a holistic view of ransomware attacks by combining more than 80 million potential ransomware-related samples submitted over the last year and a half. This report is designed to help researchers, security practitioners and the general public understand the nature of ransomware attacks while enabling cyber professionals to better analyze suspicious files, URLs, domains and IP addresses. Sharing insights behind how attacks develop is essential to anticipating their evolution and detecting cybersecurity threats across the globe.
October 14th 2021
New Yanluowang ransomware used in targeted enterprise attacks
A new and still under development ransomware strain is being used in highly targeted attacks against enterprise entities as Broadcom’s Symantec Threat Hunter Team discovered.
University of Sunderland announces outage following cyberattack
The University of Sunderland in the UK has announced extensive operational issues that have taken most of its IT systems down, attributing the problem to a cyber-attack.
October 15th 2021
Governments worldwide to crack down on ransomware payment channels
Senior officials from 31 countries and the European Union said that their governments would take action to disrupt the cryptocurrency payment channels used by ransomware gangs to finance their operations.
US government discloses more ransomware attacks on water plants
U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years, U.S. government agencies said in a joint advisory on Thursday.
US links $5.2 billion worth of Bitcoin transactions to ransomware
The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has identified roughly $5.2 billion worth of outgoing Bitcoin transactions likely tied to the top 10 most commonly reported ransomware variants.
Accenture confirms data breach after August ransomware attack
Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company’s systems in August 2021.