Latest Ransomware Attacks and Research
Today’s column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week’s article. The big news over the past two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure suddenly stopped working for almost five days. Multiple sources told BleepingComputer that this outage was related to a law enforcement operation, but BlackCat claims the outages were caused by a hardware/hosting issue. However, BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have started to contact victims directly via email to perform negotiations outside of the ransomware operation’s Tor negotiation sites. It is unclear if that is because they are working on their final victims under this operation before they switch to another gang or if they feel the ALPHV operation has been compromised in some manner. Whatever the reasons, the LockBit operation is taking advantage of the drama. The cybercrime gang has told BleepingComputer that they see this as a Christmas gift and have started recruiting ALPHV’s affiliates. In other news, we learned about numerous ransomware attacks over the past two weeks, including: Finally, law enforcement has had some confirmed actions this week, including arresting a money launderer linked to Hive ransomware and a Russian pleading guilty to running a crypto exchange used by ransomware gangs.
Contributors and those who provided new ransomware information and stories this week include: @malwrhunterteam, @demonslay335, @billtoulas, @fwosar, @Seifreed, @serghei, @BleepinComputer, @LawrenceAbrams, @Ionut_Ilascu, @ValeryMarchive, @BushidoToken, @azalsecurity, @SentinelOne, @g0njxa, @AlvieriD, @ShadowStackRE, @AShukuhi, @BrettCallow, @GossiTheDog, @vmiss33, @pcrisk, and @RESecurity.
December 3rd 2023
Linux version of Qilin ransomware focuses on VMware ESXi
A sample of the Qilin ransomware gang’s VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date.
December 4th 2023
Tipalti investigates claims of data stolen in ransomware attack
Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network and stole 256 GB of data, including data for Roblox and Twitch.