HackDig : Dig high-quality web security articles for hackers

The Week in Ransomware - November 20th 2020 - Don't mess with the turkey

2020-11-20 22:19

Lock

This week we saw two massive attacks that had a signifcant impact on the food supply industry, as well as a demonstration of Egregor's annoying ransom note print bombs.

Last weekend, Latin American retail giant Cencosud suffered an attack by the Egregor ransomware gang that caused technical difficulties at numerous retail stores, including supermarkets and grocery stores.  During this attack we also got a demonstration of Egregor's annoying tactic of print bombing printers with ransom notes.

Cold storage warehouse operator Americold was also hit with a ransomware attack this weekend that caused significant food distribution problems for numerous supermarkets who utilize them in the USA.  One food distribution logistics operator who was having trouble picking up food deliveries told BleepingComputer that this attack came at the worst time as they gear up for Thanksgiving.

Finally, the TrickBot gang has started spamming out a new lightweight reconnaissance tool called LightBot to collect information about a victim's network before potentially deploying ransomware. Just one more thing to keep an eye out for as we come to the weekend.

Contributors and those who provided new ransomware information and stories this week include: @demonslay335, @malwareforme, @malwrhunterteam, @jorntvdw, @struppigel, @fwosar, @serghei, @PolarToffee, @LawrenceAbrams, @VK_Intel, @Seifreed, @FourOctets, @BleepinComputer, @DanielGallagher, @Ionut_Ilascu, @GroupIB_GIB, @Intel471Inc, @coveware, @juanbrodersen, @identidadrobada, @Kangxiaopao, @fbgwls245, @TalosSecurity, @0x4143, @JakubKroustek, @campuscodi, @siri_urz, and the @FBI.

November 14th 2020

Retail giant Cencosud hit by Egregor Ransomware attack, stores impacted

Chilean-based multinational retail company Cencosud has suffered a cyberattack by the Egregor ransomware operation that impacts services at stores.

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .vvoa extension.

New HiddenTear variant

dnwls0719 found a new HiddenTear variant that appends the .ZqVIkE extension and drops a ransom note named @READ_ME@.txt.

HiddenTear

November 15th 2020

DarkSide ransomware's Iranian hosting raises U.S. sanction concerns

Ransomware negotiation firm Coveware has placed the DarkSide operation on an internal restricted list after the threat actors announced plans to host infrastructure in Iran.

New VoidCrypt variant

xiaopao found a new variant of the VoidCrypt Ransomware that appends the .honor extension.

VoidCrypt

November 16th 2020

Capcom confirms data breach after gamers' data stolen in cyberattack

Japanese game giant Capcom has announced a data breach after confirming that attackers stole sensitive customer and employee information during a recent ransomware attack.

Dozens of ransomware gangs partner with hackers to extort victims

Ransomware-as-a-service (RaaS) crews are actively looking for affiliates to split profits obtained in outsourced ransomware attacks targeting high profile public and private organizations.

Cold storage giant Americold hit by cyberattack, services impacted

Cold storage giant Americold is currently dealing with a cyberattack impacting their operations, including phone systems, email, inventory management, and order fulfillment.

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .epor extension.

New Flamingo Ransomware variant

Michael Gillespie spotted a new Flamingo Ransomware variant that appends the .LIZARD extension and drops a ransom note named #READ ME.TXT.

New MXX Ransomware hunt

Michael Gillespie spotted a new unidentified ransomware that appends the .MXX extension and drops a ransom note named How To Recover Your Files!!!!.txt.

New Phobos Ransomware variant

xXToffeeXx spotted a new Phobos ransomware variant that appends the .ELDAOLSA extension.

New Joker Ransomware

@0x4143 found the new Joker's Ransomware that appends the .joker extension and drops a ransom note named POWER-JOKER-PASSWORD.txt.

Joker

New Dharma Ransomware variants

Jakub Kroustek found a bunch of Dharma Ransomware variants that append the .dex, .sss, .zimba, and .help extensions.

November 17th 2020

Nibiru ransomware variant decryptor

The Nibiru ransomware is a .NET-based malware family. It traverses directories in the local disks, encrypts files with Rijndael-256 and gives them a .Nibiru extension. Rijndael-256 is a secure encryption algorithm. However, Nibiru uses a hard-coded string "Nibiru" to compute the 32-byte key and 16-byte IV values. The decryptor program leverages this weakness to decrypt files encrypted by this variant.

New Matrix ransomware variant

xiaopao found a new Matrix Ransomware variant that appends the .TG33 extension.

New HiddenTear ransomware variant

xiaopao found a new HiddenTear ransomware variant that appends the .r2block extension.

HT

New ZIN Dharma ransomware variant

xiaopao found a new Dharma Ransomware variant that appends the .ZIN extension.

New Pulpit Ransomware

Siri found a new ransomware that appends .pulpit extension.

November 18th 2020

REvil ransomware hits Managed.com hosting provider, 500K ransom

Managed web hosting provider Managed.com has taken their servers and web hosting systems offline as they struggle to recover from a weekend REvil ransomware attack.

Egregor ransomware bombards victims' printers with ransom notes

The Egregor ransomware uses a novel approach to get a victim's attention after an attack - shoot ransom notes from all available printers.

New Lola Ransomware

MalwareHunterTeam found a new ransomware pretending to be a Blockchain Generator that appends the .lola extension and drops a ransom note named Please_Read.txt.

November 19th 2020

Mount Locker ransomware now targets your TurboTax tax returns

The Mount Locker ransomware operation is gearing up for the tax season by specifically targeting TurboTax returns for encryption.

New STOP Djvu ransomware variant

Michael Gillespie found a new STOP Djvu ransomware variant that appends the .slgh extension.

New REDROMAN Ransomware

MalwareHunterTeam found a new ransomware that appends the .REDROMAN and drops ransom notes names RR_README.html, OPENTHIS.html, and README.html.

November 20th 2020

QBot partners with Egregor ransomware in bot-fueled attacks

The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September.

LightBot: TrickBot’s new reconnaissance malware for high-value targets

The notorious TrickBot has gang has released a new lightweight reconnaissance tool used to scope out an infected victim's network for high-value targets.

FBI warns of increasing Ragnar Locker ransomware activity

The U.S. Federal Bureau of Investigation (FBI) Cyber Division has warned private industry partners of increased Ragnar Locker ransomware activity following a confirmed attack from April 2020.

New Ransomware hunt

Michael Gillespie spotted a new unidentified ransomware that appends the .esexz and drops a ransom note named readme.txt.

New SWP Dharma ransomware variant

xiaopao found a new Dharma Ransomware variant that appends the .SWP extension.

The malware that usually installs ransomware and you need to remove right away

This article focuses on the known malware strains that have been used over the past two years to install ransomware.

Sportfondsen Nederland swimming pool operator hit with ransomware

During the lock down of the past two weeks, we were hit by an IT failure caused by a computer virus (ransomware). As a result, we are difficult to reach and we have to deal with systems that do not work.

Ransomware with hidden message

MalwareHunterTeam found a ransomware with an interesting hidden message.

Hidden Message

Hospital hit with custom ransomware

Michael Gillespie found that a hospital was hit with a custom ransomware.

Hospital

New Dharma Ransomware variants

Jakub Kroustek found a bunch of Dharma Ransomware variants that append the .cvc extension.

That's it for this week! Hope everyone has a nice weekend!


Source: w-ssem-tnod-0202-ht02-rebmevon-erawmosnar-ni-keew-eht/ytiruces/swen/moc.retupmocgnipeelb.www

Read:211 | Comments:0 | Tags:Security ransomware

“The Week in Ransomware - November 20th 2020 - Don't mess with the turkey”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Tools