Ransomware

This week, senior officials from over thirty countries held virtual conferences on disrupting ransomware operations and attacks.

Russia and China were left out of these talks, even though there are signs that Russia has begun to crack down on cybercriminal activity in its country.

Through these talks, senior officials announced that governments will be disrupting ransomware operations through intelligence sharing, cryptocurrency seizures, anti-money laundering operations, and more scrutiny into the exploitation of cryptocurrency.

This disruption is necessary, as the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) has linked a staggering $5.2 billion in Bitcoin transactions to ransomware operations.

There have been quite a few attacks this week, likely the result of ransomware.

This week's most prominent attack is against Banco Pichincha, Ecuador's largest private bank, where a ransomware attack severely disrupted operations.

Other attacks that have not been confirmed to be ransomware are Olympus U.S. and the University of Sunderland.

Contributors and those who provided new ransomware information and stories this week include: @VK_Intel, @PolarToffee, @FourOctets, @jorntvdw, @LawrenceAbrams, @malwareforme, @demonslay335, @serghei, @Ionut_Ilascu, @Seifreed, @BleepinComputer, @DanielGallagher, @fwosar, @billtoulas, @malwrhunterteam, @struppigel, @BroadcomSW, @trompi, @virustotal, @fbgwls245, @Amigo_A_, and @pcrisk.

October 10th 2021

Olympus US systems hit by cyberattack over the weekend

Olympus, a leading medical technology company, was forced to take down IT systems in the Americas (U.S., Canada, and Latin America) following a cyberattack that hit its network Sunday, October 10, 2021.

New Karma ransomware extension

dnwls0719 found a new variant of the Karma ransomware that appends the .KARMA_V2 extension.

October 11th 2021

Pacific City Bank discloses ransomware attack claimed by AvosLocker

Pacific City Bank (PCB), one of the largest Korean-American community banking service providers in America, has disclosed a ransomware incident that took place last month.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .nqsq extension to encrypted files.

New JCrypt ransomware variant

dnwls0719 found a new JCrypt variant that appends the .poison extension to encrypted files.

Jcrypt ransomware

October 12th 2021

Cyberattack shuts down Ecuador's largest bank, Banco Pichincha

Ecuador's largest private bank Banco Pichincha has suffered a cyberattack that disrupted operations and taken the ATM and online banking portal offline.

New Dharma ransomware variant

PCrisk found a new Dharmaransomware variant that appends the .NaS extension to encrypted files.

October 13th 2021

Russia and China left out of global anti-ransomware meetings

The White House National Security Council facilitates virtual meetings this week with senior officials and ministers from more than 30 countries in a virtual international counter-ransomware event to rally allies in the fight against the ransomware threat.

Australia to tackle ransomware data breaches by deleting stolen files

Australia's Minister for Home Affairs has announced the "Australian Government's Ransomware Action Plan," which is a set of new measures the country will adopt in an attempt to tackle the rising threat.

We analyzed 80 million ransomware samples – here’s what we learned

VirusTotal’s first Ransomware Activity Report provides a holistic view of ransomware attacks by combining more than 80 million potential ransomware-related samples submitted over the last year and a half. This report is designed to help researchers, security practitioners and the general public understand the nature of ransomware attacks while enabling cyber professionals to better analyze suspicious files, URLs, domains and IP addresses. Sharing insights behind how attacks develop is essential to anticipating their evolution and detecting cybersecurity threats across the globe.

October 14th 2021

New Yanluowang ransomware used in targeted enterprise attacks

A new and still under development ransomware strain is being used in highly targeted attacks against enterprise entities as Broadcom's Symantec Threat Hunter Team discovered.

University of Sunderland announces outage following cyberattack

The University of Sunderland in the UK has announced extensive operational issues that have taken most of its IT systems down, attributing the problem to a cyber-attack.

October 15th 2021

Governments worldwide to crack down on ransomware payment channels

Senior officials from 31 countries and the European Union said that their governments would take action to disrupt the cryptocurrency payment channels used by ransomware gangs to finance their operations.

US government discloses more ransomware attacks on water plants

U.S. Water and Wastewater Systems (WWS) Sector facilities have been breached multiple times in ransomware attacks during the last two years, U.S. government agencies said in a joint advisory on Thursday.

US links $5.2 billion worth of Bitcoin transactions to ransomware

The U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) has identified roughly $5.2 billion worth of outgoing Bitcoin transactions likely tied to the top 10 most commonly reported ransomware variants.

Accenture confirms data breach after August ransomware attack

Global IT consultancy giant Accenture confirmed that LockBit ransomware operators stole data from its systems during an attack that hit the company's systems in August 2021.

That's it for this week! Hope everyone has a nice weekend!

Related Articles:

City of Wichita breach claimed by LockBit ransomware gang

UnitedHealth confirms it paid ransomware gang to stop data leak

Ransomware payments drop to record low of 28% in Q1 2024

The Week in Ransomware - April 19th 2024 - Attacks Ramp Up

Optics giant Hoya hit with $10 million ransomware demand