The Week in Ransomware – September 24th 2021 – Targeting Crypto
This week’s biggest news is the USA sanctioning a crypto exchange used by ransomware gangs to convert cryptocurrency into fiat currency. By targeting rogue exchanges, the US government is hoping to disrupt ransomware’s payment system.
This other interesting news this week is a list of vulnerabilities commonly used by ransomware gangs and how the REvil operators reportedly use their operator key to hijack negotiations from affiliates.
Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @struppigel, @LawrenceAbrams, @jorntvdw, @malwareforme, @fwosar, @FourOctets, @BleepinComputer, @PolarToffee, @Ionut_Ilascu, @VK_Intel, @demonslay335, @malwrhunterteam, @serghei, @DanielGallagher, @ddd1ms, @ido_cohen2, @uuallan, @pancak3lullz, @Intel471Inc, @McAfee_Business, @fbgwls245, @pcrisk, @y_advintel, @AdvIntel, @tosscoinwitcher, and @PogoWasRight.
September 18th 2021
Security researchers are compiling an easy-to-follow list of vulnerabilities ransomware gangs and their affiliates are using as initial access to breach victims’ networks.
dnwls0719 found a new ransomware that appends the .kcry extension to encrypted files.
September 19th 2021
dnwls0719 found a new Redeemer ransomware that appends the .redeem extension to encrypted files.
September 20th 2021
U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor.
PCrisk found a new STOP ransomware variant that appends the .koom extension.
September 21st 2021
The US Treasury Department announced the first-ever sanctions against a cryptocurrency exchange, the Russian-linked Suex, for facilitating ransom transactions for ransomware gangs and helping them evade sanctions.
September 22nd 2021
Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend.
CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned today of an increased number of Conti ransomware attacks targeting US organizations.
The main goal of BlackMatter is to encrypt files in the infected computer and demand a ransom for decrypting them. As with previous ransomware, the operators steal files and private information from compromised servers and request an additional ransom to not publish on the internet.
The manufacturing sector is highly dependent on a secure supply chain. Companies powering this sector are acutely aware of how a cyber attack on any part of a supply chain can bring their business to a screeching halt.
dnwls0719 found a new Quantum ransomware that appends the .quantum extension to encrypted files.
September 23rd 2021
Cybercriminals are slowly realizing that the REvil ransomware operators may have been hijacking ransom negotiations, to cut affiliates out of payments.
PCRisk found a new ransomware variant calling appending the .yandex extension and dropping a ransom note named READ_ME_NOW.txt.
September 24th 2021
?California-based United Health Centers suffered a ransomware attack that reportedly disrupted all of their locations and resulted in patient data theft.
GSS, the Spanish and Latin America division of Covisian, one of Europe’s largest customer care and call center providers, has suffered a debilitating ransomware attack that froze a large part of its IT systems and crippled call centers across its Spanish-speaking customerbase.
Grief threat actors have added another k-12 district to their list of victims who have refused to pay their ransom demands.
That’s it for this week! Hope everyone has a nice weekend!
Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.