Ransomware continues to target government entities and the enterprise, while victims quietly pay ransoms that power this cycle of attacks.
This week we learned that government software provider Tyler Technologies paid a ransom to obtain a decryptor for their attack.
We also learned about attacks against the Crytek and Ubisoft, City of Mt. Pleasant, the London borough of Hackney, International law firm Seyfarth Shaw, and an attack on Barnes & Noble that caused them to shut down the service powering Nook e-Readers.
While Hackney and Barnes & Noble have not disclosed that they suffered a ransomware attack, they highly likely have.
This week we also learned that the ThunderX ransomware was part of Ako Ransomware, who renamed their operation Ranzy Locker.
It’s now the beginning of the weekend when ransomware operators come out to play. Monitor your networks for suspicious activity and make sure your admin credentials are secure because there will be a slew of new victims come Monday.
Contributors and those who provided new ransomware information and stories this week include: @fwosar, @demonslay335, @serghei, @Seifreed, @jorntvdw, @Ionut_Ilascu, @struppigel, @BleepinComputer, @LawrenceAbrams, @PolarToffee, @FourOctets, @malwrhunterteam, @malwareforme, @VK_Intel, @DanielGallagher, @ESET, @msftsecurity, @Mandiant, @BrettCallow, @IntelAdvanced, @RobbyCortes, @Bitdefender, @Kangxiaopao, @siri_urz, @Arkbird_SOLG, and @Amigo_A_.
October 10th 2020
Tyler Technologies has paid a ransom for a decryption key to recover files encrypted in a recent ransomware attack.
October 12th 2020
TrickBot, one of the most active botnets on the planet, recently has suffered some strong blows from actors in the cybersecurity industry aiming at disrupting its operations.
The TrickBot gang operators are increasingly targeting high-value targets with the new stealthy BazarLoader trojan before deploying the Ryuk ransomware.
Michael Gillespie found a new Matrix Ransomware variant that appends the .TG33 extension and drops the TG33_INFO.rtf ransom note.
Michael Gillespie found a new STOP Ransomware variant that appends the .foqe extension.
The City of Mt. Pleasant has fallen victim to a ransomware attack, that is according to city officials.
Siri found a new Nephilim ransomware variant that appends the .MERIN extension.
Arkbird found a new Loki Stealer variant that steals files and then encrypts your computer. When encrypting, it appends the .loki extension to encrypted files.
October 13th 2020
International law firm Seyfarth Shaw announced on Monday that it was the victim of a ransomware attack over the weekend.
The city council systems for the London Borough of Hackney have been hit with a ‘serious’ cyberattack that impacts many of their services and IT systems.
xiaopao found the Badboymnb Ransomware that appends the .Badboy extension and drops a ransom note named ReadME-BadboyEncryption.txt.
October 14th 2020
FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method.
U.S. Bookstore giant Barnes & Noble has disclosed that they were victims of a cyberattack that may have exposed customers’ data.
xiaopao found a new Philadelphia Ransomware variant.
xiaopao found the Dharma ransomware variant that appends the .zxcv extension.
Siri found a new PewPew ransomware variant that appends the .artemis extension.
Amigo-A found a new variant of the Scarab Ransomware that appends the .Bioawards extension and drops ransom notes named Instruction.txt and DECRYPT FILES.TXT.
October 15th 2020
The Egregor ransomware gang has hit game developer Crytek in a confirmed ransomware attack and leaked what they claim are files stolen from Ubisoft’s network.
Michael Gillespie found a new STOP Ransomware variant that appends the .mmpa extension.
xiaopao found the Adhubllka Ransomware that appends the .see_read_me and drops a ransom note named Read_Me.txt.
Siri found a new ransomware that appends the .CRPTD extension.
October 16th 2020
ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom.
Sports data provider Stats Perform has been down for almost a week thanks to a ransomware hack, Legal Sports Report understands.
We’re happy to announce the availability of a new decryptor for MaMoCrypt, a strain of ransomware that appeared in December last year.
Michael Gillespie found a new HiddenTear ransomware named MadDog that appends the .id-.[firstname.lastname@example.org].MadDog to encrypted files.
That’s it for this week! Hope everyone has a nice weekend!