11-08-2021 , 01:19 AM
https://www.bleepingcomputer.com/news/se...-bounties/ The Week in Ransomware - November 5th 2021 - Placing bounties
By Lawrence Abrams
November 5, 2021 06:05 PM Law enforcement continues to keep up the pressure on ransomware operations with infrastructure hacks and million-dollar rewards, leading to the shut down of criminal operations.
Due to this increased pressure by law enforcement, the BlackMatter (DarkSide) ransomware gang announced to affiliates that they were shutting down this week after members were missing.
BleepingComputer later discovered that BlackMatter began moving existing victims to LockBit ransomware's infrastructure to continue extortion demands.
To keep pressure on the DarkSide gang and warn that rebranding to a new operation won't stop law enforcement, the US Department of State announced a $10 million reward for identifying or locating key leaders in the organization. In addition, the US government is also offering $5 million for the arrest of any individuals participating in future attacks using DarkSide variants.
The FBI also issued advisories this week warning that HelloKitty has added DDoS attacks to their arsenal, that ransomware gangs commonly conduct attacks "during time-sensitive financial events," and that gangs are targeting tribal-owned businesses, including casinos.
Ransomware attacks we saw this week were against the UK Labour Party and the Newfoundland and Labrador health systems.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @malwareforme, @LawrenceAbrams, @BleepinComputer, @fwosar, @DanielGallagher, @Ionut_Ilascu, @struppigel, @jorntvdw, @VK_Intel, @billtoulas, @malwrhunterteam, @FourOctets, @demonslay335, @PolarToffee, @Seifreed, @CofenseLabs, @TalosSecurity, @vxunderground, @pancak3lullz, @Fortinet, @GelosSnake, @nakashimae, @DDaltonBennett, @fbgwls245, @pcrisk, and @Amigo_A_.
October 30th 2021
Chaos ransomware targets gamers via fake Minecraft alt lists
The Chaos Ransomware gang encrypts gamers' Windows devices through fake Minecraft alt lists promoted on gaming forums.
November 1st 2021
FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics
The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.
BlackShadow hackers breach Israeli hosting firm and extort customers
The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company's services.
Canadian province health care system disrupted by cyberattack
The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals.
November 2nd 2021
New Dharma ransomware variant
dnwls0719 found a new Dharma ransomware variant that append the .MS extension to encrypted files.
New STOP ransomware variant
PCrisk found new STOP ransomware variants that append the .cool and .palq extensions to encrypted files.
FBI: Ransomware targets companies during mergers and acquisitions
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in "time-sensitive financial events" such as corporate mergers and acquisitions to make it easier to extort their victims.
November 3rd 2021
BlackMatter ransomware claims to be shutting down due to police pressure
The BlackMatter ransomware is allegedly shutting down its operation due to pressure from the authorities and recent law enforcement operations.
UK Labour Party discloses data breach after ransomware attack
The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data.
BlackMatter ransomware moves victims to LockBit after shutdown
With the BlackMatter ransomware operation shutting down, existing affiliates are moving their victims to the competing LockBit ransomware site for continued extortion.
A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked
A major overseas ransomware group shut down last month after a pair of operations by U.S. Cyber Command and a foreign government targeting the criminals’ servers left its leaders too frightened of identification and arrest to stay in business, according to several U.S. officials familiar with the matter.
New Polaris ransomware targeting Linux
Amigo-A found a new Polaris ransomware that is targeting Linux and dropping ransom notes named WARNING.txt.
Polaris
November 4th 2021
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware
A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware.
Phishing emails deliver spooky zombie-themed MirCop ransomware
A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.
US targets DarkSide ransomware, rebrands with $10 million reward
The US government is targeting the DarkSide ransomware and its rebrands with up to a $10,000,000 reward for information leading to the identification or arrest of members of the operation.
Lockean multi-ransomware affiliates linked to attacks on French orgs
Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France’s Computer Emergency Response Team (CERT).
November 5th 2021
New Dharma ransomware variant
PCrisk found a new Dharma ransomware variant that append the .WORM extension to encrypted files.
New STOP ransomware variant
PCrisk found new STOP ransomware variants that append the .stax and .irkf extensions to encrypted files.
New Thanos ransomware variant
dnwls0719 found a new Thanos ransomware variant that appends the .stepik extension.
That's it for this week! Hope everyone has a nice weekend!
By Lawrence Abrams
November 5, 2021 06:05 PM Law enforcement continues to keep up the pressure on ransomware operations with infrastructure hacks and million-dollar rewards, leading to the shut down of criminal operations.
Due to this increased pressure by law enforcement, the BlackMatter (DarkSide) ransomware gang announced to affiliates that they were shutting down this week after members were missing.
BleepingComputer later discovered that BlackMatter began moving existing victims to LockBit ransomware's infrastructure to continue extortion demands.
To keep pressure on the DarkSide gang and warn that rebranding to a new operation won't stop law enforcement, the US Department of State announced a $10 million reward for identifying or locating key leaders in the organization. In addition, the US government is also offering $5 million for the arrest of any individuals participating in future attacks using DarkSide variants.
The FBI also issued advisories this week warning that HelloKitty has added DDoS attacks to their arsenal, that ransomware gangs commonly conduct attacks "during time-sensitive financial events," and that gangs are targeting tribal-owned businesses, including casinos.
Ransomware attacks we saw this week were against the UK Labour Party and the Newfoundland and Labrador health systems.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @malwareforme, @LawrenceAbrams, @BleepinComputer, @fwosar, @DanielGallagher, @Ionut_Ilascu, @struppigel, @jorntvdw, @VK_Intel, @billtoulas, @malwrhunterteam, @FourOctets, @demonslay335, @PolarToffee, @Seifreed, @CofenseLabs, @TalosSecurity, @vxunderground, @pancak3lullz, @Fortinet, @GelosSnake, @nakashimae, @DDaltonBennett, @fbgwls245, @pcrisk, and @Amigo_A_.
October 30th 2021
Chaos ransomware targets gamers via fake Minecraft alt lists
The Chaos Ransomware gang encrypts gamers' Windows devices through fake Minecraft alt lists promoted on gaming forums.
November 1st 2021
FBI: HelloKitty ransomware adds DDoS attacks to extortion tactics
The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.
BlackShadow hackers breach Israeli hosting firm and extort customers
The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company's services.
Canadian province health care system disrupted by cyberattack
The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals.
November 2nd 2021
New Dharma ransomware variant
dnwls0719 found a new Dharma ransomware variant that append the .MS extension to encrypted files.
New STOP ransomware variant
PCrisk found new STOP ransomware variants that append the .cool and .palq extensions to encrypted files.
FBI: Ransomware targets companies during mergers and acquisitions
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in "time-sensitive financial events" such as corporate mergers and acquisitions to make it easier to extort their victims.
November 3rd 2021
BlackMatter ransomware claims to be shutting down due to police pressure
The BlackMatter ransomware is allegedly shutting down its operation due to pressure from the authorities and recent law enforcement operations.
UK Labour Party discloses data breach after ransomware attack
The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party's data.
BlackMatter ransomware moves victims to LockBit after shutdown
With the BlackMatter ransomware operation shutting down, existing affiliates are moving their victims to the competing LockBit ransomware site for continued extortion.
A ransomware gang shut down after Cybercom hijacked its site and it discovered it had been hacked
A major overseas ransomware group shut down last month after a pair of operations by U.S. Cyber Command and a foreign government targeting the criminals’ servers left its leaders too frightened of identification and arrest to stay in business, according to several U.S. officials familiar with the matter.
New Polaris ransomware targeting Linux
Amigo-A found a new Polaris ransomware that is targeting Linux and dropping ransom notes named WARNING.txt.
Polaris
November 4th 2021
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware
A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware.
Phishing emails deliver spooky zombie-themed MirCop ransomware
A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.
US targets DarkSide ransomware, rebrands with $10 million reward
The US government is targeting the DarkSide ransomware and its rebrands with up to a $10,000,000 reward for information leading to the identification or arrest of members of the operation.
Lockean multi-ransomware affiliates linked to attacks on French orgs
Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France’s Computer Emergency Response Team (CERT).
November 5th 2021
New Dharma ransomware variant
PCrisk found a new Dharma ransomware variant that append the .WORM extension to encrypted files.
New STOP ransomware variant
PCrisk found new STOP ransomware variants that append the .stax and .irkf extensions to encrypted files.
New Thanos ransomware variant
dnwls0719 found a new Thanos ransomware variant that appends the .stepik extension.
That's it for this week! Hope everyone has a nice weekend!