This week we have multiple reports of new ransomware families targeting the enterprise, named Cactus and Akira, both increasingly active as they target the enterprise.
The encryptor requires an encryption key to be passed on the command line to decrypt the configuration file used by the malware. If the proper configuration key is not passed, the encryptor will terminate, and nothing will be encrypted.
This method is to evade detection by security researchers and antivirus software.
BleepingComputer also reported on the Akira ransomware, a new operation launched in March that quickly amassed sixteen victims on its data leak site.
The Akira operation uses a retro-looking data leak site that requires you to enter commands as if you’re using a Linux shell.
We also learned about new attacks and significant developers in previous ones.
ABB is the developer of numerous SCADA and industrial control systems (ICS) for energy suppliers and manufacturing, raising concerns about whether data was stolen and what it contained.
The new Akira ransomware operation has slowly been building a list of victims as they breach corporate networks worldwide, encrypt files, and then demand million-dollar ransoms.
A new ransomware operation called Cactus has been exploiting vulnerabilities in VPN appliances for initial access to networks of “large commercial entities.”
Intel is investigating the leak of alleged private keys used by the Intel Boot Guard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware on MSI devices.
An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers.
Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations.
The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks.