Ransomware has continued to be part of the 24-hour news cycle as another significant attack against critical infrastructure took place this week.
This week's most notable attack was an REvil ransomware attack against JBS, the world's largest meat supplier. This attack led to disruption on numerous meat production sites while the company restored their data from backup.
Due to these attacks, the White House sent an open letter to businesses warning them to take ransomware seriously. The DOJ has also begun to treat ransomware attacks at a similar priority as terrorism.
This week's other attacks include ones against Fujifilm, the Massachusetts Steamship Authority, and UF Health Central Florida hospitals.
Finally, the DOJ announced Friday night that they arrested and charged a Latvian woman for developing a ransomware module for the TrickBot malware. This ransomware module was never used outside of development, allowing the FBI to prevent further attacks.
Contributors and those who provided new ransomware information and stories this week include: @FourOctets, @DanielGallagher, @malwareforme, @Ionut_Ilascu, @jorntvdw, @Seifreed, @VK_Intel, @BleepinComputer, @demonslay335, @LawrenceAbrams, @malwrhunterteam, @serghei, @fwosar, @struppigel, @PolarToffee, @InkyPhishFence, @SophosLabs, @campuscodi, @KartikayM, @WilliamTurton, @Bing_Chris, @fbgwls245, and the @FBI.
May 29th 2021
New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers
A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network.
New Matrix Ransomware variant
dnwls0719 found a new Matrix Ransomware variant that appends the .MMTA extension and drops a ransom note named #MMTA_README#.rtf.
New STOP ransomware variant
dnwls0719 found a new STOP ransomware variant that appends the .paas extension and drops a ransom note named _readme.txt.
May 31st 2021
Food giant JBS Foods shuts down production after cyberattack
JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack.
June 1st 2021
US: Russian threat actors likely behind JBS ransomware attack
The White House has confirmed today that JBS, the world's largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia.
June 2nd 2021
FUJIFILM shuts down network after suspected ransomware attack
FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack's spread.
FBI: REvil cybergang behind the JBS ransomware attack
The Federal Bureau of Investigations has officially stated that the REvil operation, aka Sodinokibi, is behind the ransomware attack targeting JBS, the world's largest meat producer.
June 3rd 2021
Massachusetts' largest ferry service hit by ransomware attack
The Steamship Authority, Massachusetts' largest ferry service, was hit by a ransomware attack on Wednesday which led to ticketing and reservation disruptions.
White House urges businesses to "take ransomware crime seriously"
The White House has urged business leaders and corporate executives to take ransomware attacks seriously in a letter issued by Anne Neuberger, the National Security Council's chief cybersecurity adviser.
Scripps Health notifies patients of data breach after ransomware attack
Nonprofit healthcare provider, Scripps Health in San Diego, has disclosed a data breach exposing patient information after suffering a ransomware attack last month.
UF Health Florida hospitals back to pen and paper after cyberattack
UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.
Live streams go down across Cox radio & TV stations in apparent ransomware attack
Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, have gone down earlier today in what multiple sources have described as a ransomware attack.
Exclusive: U.S. to give ransomware hacks similar priority as terrorism
The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters.
June 4th 2021
Meat giant JBS now fully operational after ransomware attack
JBS, the world's largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend.
Fujifilm confirms ransomware attack disrupted business operations
Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.
Phishing uses Colonial Pipeline ransomware lures to infect victims
The recent ransomware attack on Colonial Pipeline inspired a threat actor to create a new phishing lure to trick victims into downloading malicious files.
Hackers Breached Colonial Pipeline Using Compromised Password
The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.
New Dharma Ransomware variants
Jakub Kroustek found two new Dharma ransomware variants that append the .cnc and the .PARTY extensions.
US charges Latvian for helping develop the Trickbot malware
The US Department of Justice (DOJ) announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization.
Comments
Amigo-A - 2 years ago
Thank you!
Several additions over the past week.
May 26, 2021
A message from the ransomware victim appeared on the forum. As a result of the case, we named it as 'Findnotefile Ransomware'. Malware file detected, but it is not the encryptor itself.
Description on Digest: https://id-ransomware.blogspot.com/2021/05/findnotefile-ransomware.html
R/n: HOW_TO_RECOVER_MY_FILES.txt
Extension: .findnotefile
Later, on June 4, 2021, а appeared second 'Findnotefile Ransomware' variant was discovered with another extension and a new contact email address.
Extension: .findthenotefile
R/n: HOW_TO_RECOVER_MY_FILES.txt
Amigo-A - 2 years ago
June 1, 2021
Researcher dnwls0719 found a 'SplinterJoke Ransomware' sample, which in the text calls himself 'POC for SentinelOne Demo', but contains an error in the spelling of the company - "SetinelOne", and is detected by the antivirus engine this company as malicious. It is hard to imagine that a programmer of an American company could make two mistakes in the text in the way that actors-extortionists, for whom English is not native, usually do.
And it's hard to imagine that this dubious test tool is detected as malicious by the developer's antivirus. Moreover, a sample was found in China, so the fact of spreading took place.
Tweet: https://twitter.com/fbgwls245/status/1399682065172340738
Description: https://id-ransomware.blogspot.com/2021/06/splinterjoke-ransomware.html
Amigo-A - 2 years ago
June 2, 2021
Researcher dnwls0719 found a 'TaRRaK Ransomware' sample/
R/n: Note_fom_TaRRaK.txt
Extension: .TaRRaK
Tweet: https://twitter.com/fbgwls245/status/1399924643876638723
Description: https://id-ransomware.blogspot.com/2021/06/tarrak-ransomware.html