Governments struck again this week towards members of ransomware operations, imposing sanctions on one risk actor and sentencing one other to jail.
On Tuesday, the Australian, US, and UK governments introduced sanctions towards Aleksandr Gennadievich Ermakov, a Russian nationwide believed to be liable for the 2022 Medibank hack and a member of the REvil ransomware group.
In a report by Intel471, we study that Ermakov had in depth involvement in cybercrime, together with as a ransomware operator and affiliate. The risk actor can be believed to be concerned in each official and felony software program improvement.
On Thursday, the US authorities additionally sentenced Russian nationwide Vladimir Dunaev to 5 years and 4 months in jail for serving to to create and distribute the TrickBot malware and dealing with ransomware operations.
“Dunaev was a malware developer for the Trickbot Group, overseeing the creation of web browser injection, machine identification, and information harvesting codes utilized by the Trickbot malware,” reads the criticism towards Dunaev and his co-conspirators.
Unfortunately, we additionally discovered about quite a few large-scale assaults this week, together with an Akira assault on Tietoevry, an assault on water companies large Veolia North America, and an assault on fintech agency Equilend, which LockBit claimed.
loanDepot additionally shared extra details about the impression of its January sixth ransomware assault, stating that it uncovered the info of 16.6 million folks.
Contributors and people who supplied new ransomware data and tales this week embody: @billtoulas, @LawrenceAbrams, @serghei, @BleepinComputer, @Seifreed, @Ionut_Ilascu, @demonslay335, @fwosar, @malwrhunterteam, @NCSC@TrendMicro, @Intrinsic, @Fortinet, @pcriskand @rivitna2.
January twentieth 2024
Researchers hyperlink 3AM ransomware to Conti, Royal cybercrime gangs
Security researchers analyzing the exercise of the lately emerged 3AM ransomware operation uncovered shut connections with notorious teams, such because the Conti syndicate and the Royal ransomware gang.
January twenty first 2024
Tietoevry ransomware assault causes outages for Swedish corporations, cities
Finnish IT companies and enterprise cloud internet hosting supplier Tietoevry has suffered an Akira ransomware assault impacting cloud internet hosting clients in one in every of its information facilities in Sweden.
January twenty second 2024
loanDepot cyberattack causes information breach for 16.6 million folks
Mortgage lender loanDepot says that roughly 16.6 million folks had their private data stolen in a ransomware assault disclosed earlier this month.
Cactus Ransomware technical evaluation
On January twentieth the Cactus ransomware group attacked plenty of victims throughout various industries. The assaults had been disclosed on their leak website with the accompanying sufferer information. The ransomware group has routinely put stress on victims by releasing private details about workers of the sufferer group; This contains driver’s licenses, passports, footage and different private identification.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .gotmydatafast extension.
New Frivinho Ransomware
PCrisk discovered a brand new ransomware that appends the .Frivinho0 extension and drops a ransom observe named PLS_READ_ME.txt.
New Chaos Ransomware variant
PCrisk discovered a brand new ransomware that appends the .backoff extension and drops a ransom observe named read_it.txt.
January twenty third 2024
Water companies large Veolia North America hit by ransomware assault
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware assault that impacted methods a part of its Municipal Water division and disrupted its invoice fee methods.
Kasseika ransomware makes use of antivirus driver to kill different antiviruses
A lately uncovered ransomware operation named ‘Kasseika’ has joined the membership of risk actors that make use of Bring Your Own Vulnerable Driver (BYOVD) ways to disable antivirus software program earlier than encrypting recordsdata.
US, UK, Australia sanction REvil hacker behind Medibank information breach
The Australian, US, and UK governments have introduced sanctions for Aleksandr Gennadievich Ermakov, a Russian nationwide thought of liable for the 2022 Medibank hack and a member of the REvil ransomware group.
Threat Assessment: BianLian
Unit 42 researchers have been monitoring the BianLian ransomware group, which has been within the high 10 of essentially the most lively teams primarily based on the leak website information we have gathered. From that leak website information, we have primarily noticed exercise affecting the healthcare and manufacturing sectors and industries, and impacting organizations primarily within the United States (US) and Europe (EU).
January twenty fourth 2024
UK says AI will empower ransomware over the subsequent two years
The United Kingdom’s National Cyber Security Center (NCSC) warns that synthetic intelligence (AI) instruments could have an antagonistic near-term impression on cybersecurity, serving to escalate the specter of ransomware.
Global fintech agency EquiLend offline after latest cyber assault
New York-based international monetary expertise agency EquiLend says its operations have been disrupted after some methods had been taken offline in a Monday cyberattack.
Medibank’s Attacker: IT Businessman, Claimed Psychologist and Alleged Cybercriminal
Ermakov’s id was uncovered by the Australian Signals Directorate (ASD) and the Australian Federal Police (AFP). According to a Jan. 23, 2024, unique interview with Australia’s Channel 9, ASD Acting Director-General Abi Bradshaw mentioned the investigation met useless ends at occasions. But the ASD drew on assist from different Five Eyes intelligence companions (the NSA, FBI and GCHQ within the UK) in addition to information from non-public business together with Microsoft, which wrote about its position right here. Bradshaw says Microsoft’s information bolstered the federal government’s confidence in Ermakov’s real-world identification.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .rdptest extension.
New LockXX ransomware
Rivitna discovered the brand new LockXX ransomware that appends the .lockxx extension and drops a ransom observe named lockxx.recovery_data.hta.
January twenty fifth 2024
Russian TrickBot malware dev sentenced to 64 months in jail
Russian nationwide Vladimir Dunaev has been sentenced to 5 years and 4 months in jail for his position in creating and distributing the Trickbot malware utilized in assaults towards hospitals, firms, and people worldwide.
Another Phobos Ransomware Variant Launches Attack – FAUST
January twenty sixth 2024
Ransomware Roundup – Albabat
This version of the Ransomware Roundup covers the Albabat ransomware.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .cdcc and .cdxx extensions.