Even though the holidays are over in many countries, it has been a very quiet week for ransomware. Unfortunately, ransomware activity will likely pick up shortly.
This week’s biggest news was China APT hackers starting to use ransomware and Ryuk bitcoin wallets indicating they have earned $150 million in ransom payments.
We also had victims, such as Dassault Jet and TransLink, disclosing data breaches after ransomware attacks earlier this year. Other than that, it was your standard release of new variants of existing ransomware.
Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @demonslay335, @FourOctets, @Seifreed, @struppigel, @VK_Intel, @fwosar, @malwrhunterteam, @jorntvdw, @PolarToffee, @LawrenceAbrams, @BleepinComputer, @serghei, @malwareforme, @DanielGallagher, @siri_urz, @cPeterr, @PogoWasRight, @ValeryMarchive, @IntelAdvanced, @hyasinc, @CheckPointSW, @ProferoSec, @GelosSnake, @SecurityJoes, @vxunderground, @GrujaRS, @0x4143, and @Emm_ADC_Soft.
January 2nd 2021
DataBreaches.net recently reported that Apex Laboratory Inc. had apparently been attacked by DoppelPaymer ransomware threat actors. Apex was added to their leak site on December 15.
January 4th 2021
TransLink confirms ransomware data theft, still restoring systems
Metro Vancouver’s transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees’ banking and social security information.
China’s APT hackers move to ransomware attacks
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.
Yeah, this is real. Keeps you, uh, locked up unless you pay a ransom.
GrujaRS found the new in-development Sharp ransomware that appends the .0x0M4R extension to encrypted files.
January 5th 2021
Babuk Locker is the first new enterprise ransomware of 2021
It’s a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks.
Ryuk ransomware is the top threat for the healthcare sector
Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent.
S!ri found a new MBRLocker calling itself Covid21.
GrujaRS found a new HiddenTear variant that appends the .ZIEBF_4561drgf extension.
GrujaRS found a new Makop ransomware variant that appends the .moloch extension.
January 6th 2021
FOR YEARS, RADICAL transparency-focused activists like WikiLeaks have blurred the line between whistle-blowing and hacking. Often, they’ve published any data they consider to be of public interest, no matter how questionable the source. But now one leak-focused group is mining a controversial new vein of secrets: the massive caches of data stolen by ransomware crews and dumped online when victims refuse to pay.
January 7th 2021
Ryuk ransomware Bitcoin wallets point to $150 million operation
Security researchers following the money circuit from Ryuk ransomware victims into the threat actor’s pockets estimate that the criminal organization made at least $150 million.
FBI warns of Egregor ransomware extorting businesses worldwide
The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.
0x4143 found the new Solaso Ransomware that appends the .solaso extension and drops a ransom note named __READ_ME_TO_RECOVER_YOUR_FILES. It may be a variant of the ‘Encrp ransomware.’
January 8th 2021
Dassault Falcon Jet reports data breach after ransomware attack
Dassault Falcon Jet has disclosed a data breach that may have led to the exposure of personal information belonging to current and former employees, as well as their spouses and dependents.
Emmanuel_ADC-Soft found the new Bonsoir Ransomware that appends the .bonsoir and drops a ransom note named HOW-RECOVER-MY-FILES.txt.
S!ri found the new Niros Ransomware.