Ransomware

With the holidays these past two weeks, there have been only a few known ransomware attacks and little research released.

At the end of December, a new enterprise-targeting ransomware operation called Night Sky was launched, but it is not very active so far.

We also saw an increase in Qlocker and eCh0raix campaigns targeting QNAP NAS devices, leading to QNAP releasing a security advisory.

The most noteworthy information that came out today is a new FBI flash alert warning that FIN7 hackers were sending malicious USB drives to defense firms that deployed REvil and BlackMatter ransomware. 

Finally, there have been a few ransomware attacks over the past two weeks, including FinalSiteBernalillo County, and SIC.

Now that the holidays are over, we can expect to see more attacks by threat actors and research related to new TTPs.

Contributors and those who provided new ransomware information and stories this week include: @PolarToffee, @LawrenceAbrams, @VK_Intel, @FourOctets, @jorntvdw, @serghei, @Ionut_Ilascu, @DanielGallagher, @struppigel, @malwrhunterteam, @billtoulas, @malwareforme, @demonslay335, @fwosar, @BleepinComputer, @Seifreed@BrettCallow@pancak3lullz@fbgwls245, @brfreed@campuscodi, and @Amigo_A_,

January 1st 2022

New Golang ransomware variant

dnwls0719 found a new Golang ransomware variant that appends the .xyz extension.

January 2nd 2022

New STOP ransomware variant

Jakub Kroustek found a new STOP ransomware variant that appends the .loov extension.

New STOP ransomware variant

Jakub Kroustek found a new STOP ransomware variant that appends the .dehd extension.

Lapsus$ ransomware gang hits SIC, Portugal’s largest TV channel

The Lapsus$ ransomware gang has hacked and is currently extorting Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper, respectively.

January 4th, 2022

New Mexico county 'first' local-government ransomware victim of 2022

Government buildings in Bernalillo County, New Mexico, were closed to the public Wednesday in response to what appears to be the first ransomware attack this year against a local government in the United States.

January 6th 2022

FinalSite ransomware attack shuts down thousands of school websites

FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide.

Night Sky is the latest ransomware targeting corporate networks

It's a new year, and with it comes a new ransomware to keep an eye on called 'Night Sky' that targets corporate networks and steals data in double-extortion attacks.

January 7th 2022

FBI: Hackers target US defense firms with malicious USB packages

The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminal group is targeting the US defense industry with packages containing malicious USB devices to deploy ransomware.

QNAP warns of ransomware targeting Internet-exposed NAS devices

QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks.

New Problem ransomware variant

Amigo-A spotted a new Problem Ransomware variant that appends the .problem extension and drops a ransom note named readme.txt.

That's it for this week! Hope everyone has a nice weekend!

Related Articles:

The Week in Ransomware - April 19th 2024 - Attacks Ramp Up

The Week in Ransomware - April 5th 2024 - Virtual Machines under Attack

The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand

REvil hacker behind Kaseya ransomware attack gets 13 years in prison

French hospital CHC-SV refuses to pay LockBit extortion demand