Lock

It has been a pretty quiet week with only a few large attacks disclosed and only a few new ransomware variants released.

The highest-profile attack this week is the NBA’s Houston Rockets who were transparent about their ransomware attack. Strangely, Babuk Locker who had begun leaking their data has suddenly taken the data leak from their site.

Another large attack is against La Martinière group, which is the fourth largest publisher in France.

Finally, we learned from Emsisoft that severe bugs in Babuk Locker’s decryptor is causing unencrypted files to be decrypted, and trashing the files in the process.

Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @fwosar, @Seifreed, @BleepinComputer, @FourOctets, @struppigel, @DanielGallagher, @LawrenceAbrams, @jorntvdw, @VK_Intel, @serghei, @demonslay335, @PolarToffee, @malwareforme, @malwrhunterteam,  @ValeryMarchive, @emsisoft@Kangxiaopao, and @3xp0rtblog@fbgwls245@Amigo_A_@siri_urz@chum1ng0, and @GrujaRS.

April 10th 2021

New Maoloa Ransomware ransomware variant

dnwls0719 found a Maoloa Ransomware variant that appends the .charlie.j0hnson extension.

April 12th 2021

Dutch supermarkets run out of cheese after ransomware attack

A ransomware attack against conditioned warehousing and transportation provider Bakker Logistiek has caused a cheese shortage in Dutch supermarkets.

New Dharma ransomware variants

xiaopao found new Dharma ransomware variant that append the .error, .gold, .zphs, and .back extensions to encrypted files.

April 13th 2021

Capcom: Ransomware gang used old VPN device to breach the network

Capcom has released a final update about the ransomware attack it suffered last year, detailing how the hackers gained access to the network, compromised devices, and stole personal information belonging to thousands of individuals.

New Runsomware variants

xiaopao found new Dharma ransomware variant that append the .graysuit and .swagkarna extensions.

New Hakbit ransomware variant

dnwls0719 found a new Hakbit ransomware variant that appends .CRYSTAL extension.

April 14th 2021

PSA: Severe bug in Babuk ransomware decryptor leads to data loss

In this particular case, we found a severe issue within the Babuk ransomware strain that targets Linux and more specifically ESXi servers. ESXi is a popular virtualization platform offered by VMware. Virtualization platforms like ESXi have become a very lucrative target for many ransomware groups, like Defray/RansomExx, Darkside, and since recently also Babuk.

NBA’s Houston Rockets Face Cyber-Attack by Ransomware Group

The Houston Rockets of the National Basketball Association are investigating a cyber-attack against their networks from a relatively new ransomware group that claims to have stolen internal business data.

New VoidCrypt Ransomware ransomware variant

dnwls0719 found a new VoidCrypt Ransomware variant that appends the .hydra and drops a ransom note named Decrypt-me.txt.

New STOP Ransomware variant

Michael Gillespie found a new STOP ransomware variant that appends the .wrui extension.

April 15th 2021

Cyberattaque : le groupe La Martinière rejoint la trop longue liste de victimes

Le téléphone sonne. Le standard peut prendre les appels. Mais les mises en relations directes avec les interlocuteurs sont impossibles. « Pas de mail, pas de réseau, pas d’Internet… c’est compliqué », peut-on s’entendre expliquer. Et c’est ainsi depuis le mardi 13 avril. Les collaborateurs de l’entreprise semblent avoir été informés qu’une cyberattaque est survenue. Nous avons tenté de joindre la direction de la communication, sans succès à ce stade

DarkSide adding more features

3xp0rt spotted DarkSide promoting some of their new features:

Another DarkSide update. Added automatic test decrypting, all processes now are automated. Available DDoS (L3, L7), is performing before the target enters online. Also, the DarkSide team expand specialties like network supplies, pentesting.

April 16th 2021

New wiper destroys your files

Michael Gillespie found a wiper that appends the .combo13 extension TO destroyed files and drops a ransom note named FILES ENCRYPTED.TXT.

That’s it for this week! Hope everyone has a nice weekend!