This ‘Week in Ransomware’ covers the last two weeks of ransomware news, with new information on attacks, arrests, data wipers, and reports shared by cybersecurity firms and researchers.
The big news is the arrest of a Russian LockBit member in Canada, who is said to be responsible for making ransom demands between €5 to €70 million.
Over the past few weeks, a threat actor has been trolling victims by distributing the Azov Ransomware and blaming its creation on cybersecurity researchers and journalists.
Unfortunately, this ransomware was later confirmed to be a data wiper that overwrites alternating ‘666’ bytes of data with garbage, making it impossible to recover data.
Other reports have linked the Black Basta ransomware to FIN7 (Carbanak), warned that Venus ransomware is targeting healthcare, linked the Russian Sandworm hackers with Ukrainian ransomware attacks, and detailed how a threat actor is distributing LockBit through the Amdey botnet.
Finally, we learned more about ransomware attacks this week, with a REvil-linked gang claiming responsibility for Medibank, LockBit hitting the Continental automotive giant, and Black Basta behind Sobeys’ business disruptions.
Contributors and those who provided new ransomware information and stories this week include @jorntvdw, @DanielGallagher, @Seifreed, @LawrenceAbrams, @struppigel, @malwareforme, @demonslay335, @Ionut_Ilascu, @fwosar, @FourOctets, @VK_Intel, @malwrhunterteam, @serghei, @PolarToffee, @BleepinComputer, @billtoulas, @LabsSentinel, @vinopaljiri, @_CPResearch_, @ahnlab. @jgreigj, @MsftSecIntel, and @pcrisk.
October 30th 2022
A new and destructive ‘Azov Ransomware’ data wiper is being heavily distributed through pirated software, key generators, and adware bundles, trying to frame well-known security researchers by claiming they are behind the attack.
November 3rd 2022
Security researchers at Sentinel Labs have uncovered evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7, also known as “Carbanak.”
The LockBit ransomware gang has claimed responsibility for a cyberattack against the German multinational automotive group Continental.
PCrisk found new STOP ransomware variants that append the .bozq and .bowd extensions.
PCrisk found a new ‘Anon_by Ransomware’ that appends the .anon_by and drops a ransom note named anon_by.txt.
November 4th 2022
PCrisk found a new ransomware that appends the .inlock extension and drops a ransom note named READ_IT.txt.
November 7th 2022
The Azov Ransomware continues to be heavily distributed worldwide, now proven to be a data wiper that intentionally destroys victims’ data and infects other programs.
A ransomware gang that some believe is a relaunch of REvil and others track as BlogXX has claimed responsibility for last month’s ransomware attack against Australian health insurance provider Medibank Private Limited.
PCrisk found a new Dharma ransomware variant that appends the .bDAT extension.
PCrisk found new STOP ransomware variants that append the .zate and .zatp extensions.
PCrisk found a new Xorist variant that appends the .CrySpheRe extension and drops a ransom note named КАК РАСШИФРОВАТЬ ФАЙЛЫ.txt.
November 8th 2022
A LockBit 3.0 ransomware affiliate is using phishing emails that install the Amadey Bot to take control of a device and encrypt devices.
November 9th 2022
Australian health insurance giant Medibank has warned customers that the ransomware group behind last month’s breach has started to leak data stolen from its systems.
November 10th 2022
Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations and high-profile companies worldwide.
A series of attacks targeting transportation and logistics organizations in Ukraine and Poland with Prestige ransomware since October have been linked to an elite Russian military cyberespionage group.
The U.S. Department of Health and Human Services (HHS) warned today that Venus ransomware attacks also target the country’s healthcare organizations.
One of the most popular motor racing circuits in the United Kingdom is investigating a ransomware attack after a gang added it to its list of victims this week.
November 11th 2022
Grocery stores and pharmacies belonging to Canadian food retail giant Sobeys have been experiencing IT systems issues since last weekend.
Source: https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-11th-2022-lockbit-feeling-the-heat/