While the beginning of this week was fairly quiet, it definitely ended with a bang as news came out of the largest ransom demand yet.
It was revealed at the end of the week that computer maker Acer suffered a REvil ransomware attack where the threat actors are demanding a massive $50,000,000 ransom.
REvil also made this news this week with the addition of a new -smode argument that causes Windows to reboot into Safe Mode with Networking to perform the encryption. REvil’s ‘Unknown’ also conducted an interview with TheRecord.
Finally, we saw an FBI warning about PYSA and new variants of ransomware families released.
GrujaRSA found a new variant of the RunExeMemory that appends the .z8sj2c extension and drops a ransom note named Read me, if you want to recover your files.txt.
The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.
Unknown talked to Recorded Future expert threat intelligence analyst Dmitry Smilyanets recently about using ransomware as a weapon, staying out of politics, experimenting with new tactics, and much more. The interview was conducted in Russian and translated to English with the help of a professional translator, and has been edited for clarity.
xiaopao found a new variant of the SFile ransomware that appends the .zuadr extension and drops a ransom note named RESTORE_FILES_INFO.hta and RESTORE_FILES_INFO.txt.
The REvil ransomware operation has added a new ability to encrypt files in Windows Safe Mode, likely to evade detection by security software and for greater success when encrypting files.
Les opérateurs du rançongiciel Revil, aussi connu sous le nom Sodinokibi, ont ajouté le constructeur à la liste de victimes. Ils laissent encore près de 9 jours à Acer pour négocier, faute de quoi ils doubleront leurs exigences.
2020, the year of the pandemic, was another lucrative year for ransomware. As nations around the world scrambled to slow the spread of the virus, cybercriminals attempted to capitalize on the chaos.