This week comes with reports on a hospital ransomware attack that led to the death of a baby and new efforts by governments worldwide to combat ransomware.
This week, the biggest news is President Biden announcing a partnership between the USA and thirty other countries to disrupt global ransomware attacks.
A heartbreaking report by the Wall Street Journal about a ransomware attack leading to the death of a baby also illustrates how dangerous these attacks can be for health care.
There was also some interesting news about how Conti targets Veeam backups, how the RansomExx ransomware can incorrectly encrypt Linux files, and the reemergence of the ransomware group known as Apostle.
Ransomware attacks this week include JVCKenwood, Hawaii Payroll Services, and Lufkin ISD.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @DanielGallagher, @malwrhunterteam, @struppigel, @BleepinComputer, @LawrenceAbrams, @demonslay335, @PolarToffee, @Seifreed, @VK_Intel, @Ionut_Ilascu, @malwareforme, @fwosar, @jorntvdw, @FourOctets, @pancak3lullz, @ProferoSec, @GelosSnake, @barnhartguy, @kpoulsen, @bobmcmillan, @_melaevans, @y_advintel, @AdvIntel, @LabsSentinel, @pcrisk, and @fbgwls245.
September 27th 2021
New ransomware targeting Russia
Michael Gillespie found a new ransomware that is targeting CIS countries that appends the .bugs and drops ransom notes named "1ВАЖЛИВА ІНФОРМАЦІЯ!!!.txt" and "2ВАЖЛИВА ІНФОРМАЦІЯ!!!.txt."
New STOP Ransomware variant
PCRisk found a new STOP ransomware variant that appends the .rigd extension to encrypted files.
New Dharma Ransomware variant
PCRisk found a new Dharma ransomware variant that appends the .nomad extension to encrypted files.
September 28th 2021
Thousands Affected by Ransomware Attack on Hawaii Company
In February, company Hawaii Payroll Services suffered a ransomware attack. The company believes the attack was carried out by a criminal who somehow compromised a client's account.
September 28, 2021 •
Lufkin ISD hit by ransomware attack
The hack was discovered Saturday but according to Sheila Adams at Lufkin ISD the program they had in place to stop the attack worked because it shut down the system, that’s how they knew of the attack.
September 29th 2021
Trucking giant Forward Air reports ransomware data breach
Trucking giant Forward Air has disclosed a data breach after a ransomware attack that allowed threat actors to access employees' personal information.
Backup “Removal” Solutions - From Conti Ransomware With Love
Conti’s “backup removal solutions” begin on the team development level. While selecting network intruders for their divisions also known as “teams”, Conti is particularly clear that experience related to backup identification, localization, and deactivation is among their top priorities for a successful pentester. This backup focus implemented within the partnership-building process enables Conti to assemble teams, equipped with knowledge and skills aimed at backup removal.
New Soli ransomware
dnwls0719 found a new ransomware that appends the .soli extension to encrypted files and drops a ransom note named _READ_ME_PLEASE.txt.
New Dharma Ransomware variant
PCRisk found a new Dharma ransomware variant that appends the .chld extension to encrypted files.
New Dharma Ransomware variant
PCRisk found a new Dharma ransomware variant that appends the .MOON extension to encrypted files.
September 30th 2021
RansomEXX ransomware Linux encryptor may damage victims' files
Cybersecurity firm Profero has discovered that the RansomExx gang does not correctly lock Linux files during encryption, leading to potentially corrupted files.
JVCKenwood hit by Conti ransomware claiming theft of 1.5TB data
JVCKenwood has suffered a Conti ransomware attack where the threat actors claim to have stolen 1.7 TB of data and are demanding a $7 million ransom.
New Version Of Apostle Ransomware Reemerges In Targeted Attack On Higher Education
SentinelLabs has been tracking the activity of Agrius, a suspected Iranian threat actor operating in the Middle East, throughout 2020 and 2021 following a set of destructive attacks starting December 2020. Since we last reported on this threat actor in May 2020, Agrius lowered its profile and was not observed conducting destructive activity. This changed recently as the threat actor likely initiated a ransomware attack on the Israeli university Bar-Ilan utilizing the group’s custom Apostle ransomware.
US Congress asks FBI to explain delay in helping Kaseya atack victims
The House Committee on Oversight and Reform has requested a briefing to understand the rationale behind the FBI's decision to delay providing the victims of the Kaseya REvil ransomware with a universal decryption key for three weeks.
A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death
When Teiranni Kidd walked into Springhill Medical Center on July 16, 2019, to have her baby, she had no idea the Alabama hospital was deep in the midst of a ransomware attack.
Comments
cybercynic - 2 years ago
According to the PcRisk tweet, the new STOP variant .chld is actually Dharma
Lawrence Abrams - 2 years ago
Fixed..thanks
SSM230 - 2 years ago
Having a realy hard time taking in the news article about the death due to the ransomware attack, it's legitimately disgusting how people are willing to risk a lot of people's lifes just for a quick buck. I've never wished for a ransomware group to get busted so hard in my lfie
Some-Other-Guy - 2 years ago
Leaving vulnerable systems online makes the hospital 100% liable for the death
If you know this will happen and refuse to mitigate the threat, you are to blame for the damages done
you can be told a million times what the problem is and refuse to do anything to fix it
But once the problem blows up in your face, you blame an anonymous attacker for showing you why this is such a huge problem if you choose to ignore it
R-K - 2 years ago
Those ransomware cyber-terrorists must be put to death row for killing a baby…
No forgiveness.