The Week in Ransomware – August twelfth 2022

about The Week in Ransomware – August twelfth 2022 will cowl the most recent and most present counsel not far off from the world. entrance slowly due to this fact you perceive capably and accurately. will addition your data dexterously and reliably


It was a busy week for ransomware information and assaults, particularly with the revelation that Cisco was focused by a risk actor affiliated with the Yanluowang ransomware gang.

On Wednesday, the Yanluowang ransomware gang claimed to have breached Cisco’s community and stolen 2.8GB of firm information, later telling BleepingComputer {that a} complete of 55GB was stolen.

Whereas the precise quantity of knowledge couldn’t be verified, Cisco confirmed that they suffered a community breach that allowed the risk actor to steal information from a Field account and acquire administrator entry to their area.

Different assaults we realized extra about this week have been at 7-Eleven Denmark, ista Worldwide and Superior MSP, resulting in a UK NHS outage.

Researchers have been additionally busy this week, with reviews printed on how ransomware gangs are shifting to name again social engineering assaults, that Cuba ransomware is utilizing new RAT malware, a report on BlueSky and that it has been seen Zeppelin encrypt units a number of occasions in a single assault.

Lastly, the US authorities launched a picture of a member of the Conti ransomware for the primary time, asking folks to supply info on members named ‘Goal’, ‘Tramp’, ‘Dandis’, ‘Professor’ and ‘Reshaev’. The State Division is providing a reward of as much as $10 million for info resulting in his location, journey plans and identification.

Contributors and those that offered new info and ransomware tales this week embrace: @demonslay335, @Ionut_Ilascu, @PolarToffee, @malwareforme, @LawrenceAbrams, @DanielGallagher, @VK_Intel, @fwosar, @struppigel, @Seifreed, @BleepinComputer, @billtoulas, @serghei, @malwrhunterteam, @FourOctets, @jorntvdw, @fiskerlarsen, @Sophos, @y_advintel, @AdvIntel, @Cyberknow20, @kaspersky, @PaloAltoNtwks, @AhnLab_SecuInfo, @ReversingLabs, @pcrisk, @Friend_A_, @jamiemaccol, @JarneckiY @PogoHadCorrect.

August 6, 2022

New GwisinLocker ransomware encrypts Home windows and Linux ESXi servers

A brand new household of ransomware referred to as ‘GwisinLocker’ targets South Korean healthcare, industrial, and pharmaceutical firms with Home windows and Linux encryptors, together with help for encrypting VMware ESXi servers and digital machines.

August 8, 2022

7-Eleven shops in Denmark closed because of cyber assault

7-Eleven shops in Denmark closed in the present day after a cyber assault disrupted checkout and checkout techniques at shops throughout the nation.

New variant of Phobos ransomware

PCrisk discovered a brand new variant of Phobos that provides the .FLSCRYPT Y .BITCOINPAYMENT extensions to encrypted recordsdata.

New World2022 ransomware

PCrisk discovered a brand new ransomware referred to as World2022 which provides .world2022 decoding and drops a ransom notice referred to as WE CAN RECOVER YOUR DATA.MHT.

August 9, 2022

Maui Ransomware Operation Linked To North Korean Hackers ‘Andariel’

The Maui ransomware operation has been linked to North Korea’s state-sponsored hacking group ‘Andariel’, recognized for utilizing malicious cyber actions to generate income and trigger discord in South Korea.

New variants of VoidCrypt

PCrisk discovered new variants of VoidCrypt that add the .Daz Y .Oiltraffic extensions

New MedusaLocker variant

PCrisk discovered a brand new MedusaLocker ransomware variant that provides the .readlockfiles and drops a ransom notice referred to as HOW_TO_RECOVER_DATA.html.

August 10, 2022

Cisco hacked by Yanluowang ransomware gang, 2.8 GB allegedly stolen

Cisco in the present day confirmed that the Yanluowang ransomware group breached its company community in late Might and that the actor tried to extort cash from them underneath the specter of leaking stolen recordsdata on-line.

7-Eleven Denmark confirms ransomware assault behind retailer closures

7-Eleven Denmark has confirmed {that a} ransomware assault was behind the closure of 175 shops within the nation on Monday.

Ransomware gangs flip to ‘callback’ social engineering assaults

Not less than three separate teams throughout the Conti ransomware operation have adopted BazarCall phishing ways as the first technique of gaining preliminary entry to a sufferer’s community.

Automotive provider breached by 3 ransomware gangs in 2 weeks

Three completely different ransomware gangs breached the techniques and encrypted recordsdata of an automotive provider over two weeks in Might, with two of the assaults occurring in simply two hours.

Hacker Makes use of New RAT Malware in Cuba Ransomware Assaults

A member of the Cuba ransomware operation is using never-before-seen ways, methods, and procedures (TTPs), together with a brand new RAT (Distant Entry Trojan) and a brand new native privilege escalation device.

BlueSky Ransomware – Quick encryption through multi-threading

BlueSky ransomware is an rising household that has adopted fashionable methods to evade safety defenses.

ista Worldwide shuts down techniques after ransomware assault

Daixin Crew claims hundreds of encrypted servers

New FileRec ransomware

Friend-A discovered a brand new FileRec ransomware that provides the .filerec extension and drops a ransom notice referred to as filerec.txt.

August 11, 2022

UK NHS service restoration might take a month after MSP ransomware assault

Managed service supplier (MSP) Superior confirmed {that a} ransomware assault on its techniques disrupted the UK’s Nationwide Well being Service (NHS) emergency providers (111).

FBI: Zeppelin ransomware can encrypt units a number of occasions in assaults

The Cybersecurity and Infrastructure Safety Company (CISA) and the Federal Bureau of Investigation (FBI) in the present day warned US organizations that attackers deploying the Zeppelin ransomware may encrypt your recordsdata a number of occasions.

The US authorities can pay you $10 million for info on members of the Conti ransomware

The US Division of State in the present day introduced a $10 million reward for info on 5 high-ranking members of the Conti ransomware, together with exhibiting the face of one of many members for the primary time.

August 12, 2022

Ransomware now threatens the worldwide south

Traditionally, ransomware has focused plenty of high-value sectors (finance, skilled providers, public sector) in rich nations, with a concentrate on the US and different G7 members. Current assaults on nations similar to Costa Rica, South Africa, Malaysia, Peru, Brazil, and India illustrate the rising risk to governments, essential nationwide infrastructure suppliers, and companies in creating and middle-income nations. Ransomware poses a threat to the event, financial progress, and political stability of those nations by disrupting commerce and the supply of important providers.

That is all for this week! I hope everybody has a very good weekend!


I want the article not fairly The Week in Ransomware – August twelfth 2022 provides notion to you and is beneficial for surcharge to your data

The Week in Ransomware – August 12th 2022