With the holidays of the past two weeks, there have been only a few known ransomware attacks and little published research.
At the end of December, a new ransomware operation targeting businesses called Night Sky was launched, but it is not yet very active.
We have also seen an increase in Qlocker and eCh0raix campaigns targeting QNAP NAS devices, leading QNAP to issue a security advisory.
The most notable information released today is a new FBI flash alert warning that REvil and BlackMatter are sending malicious USB drives to defense firms that have deployed ransomware.
Now that the holidays are over, we can expect to see more attacks from malicious actors and research related to the new TTPs.
Contributors and those who provided new ransomware information and stories this week include: @PolarToffee, @LawrenceAbrams, @VK_Intel, @OvenObytes, @jontvdw, @serghei, @Ionut_Ilascu, @DanielGallagher, @struppigel, @malwrhunterteam, @billtoulas, @malwareforme, @ demonslay335, @fwosar, @BleepinComputer, @Seifree, @BrettCallow, @ pancak3lullz, @ fbgwls245, @brfreed, @campuscodi, and @Friend_A_,
- January 1, 2022
- January 2, 2022
- January 4, 2022
- January 6, 2022
- January 7, 2022
January 1, 2022
dnwls0719 found a new variant of the Golang ransomware that adds the .X Y Z extension.
January 2, 2022
Jakub Kroustek found a new variant of STOP ransomware that adds the .Creative extension.
Jakub Kroustek has found a new variant of STOP ransomware that adds the .dehd extension.
The Lapsus $ ransomware gang has hacked and extorted Impresa, Portugal’s largest media conglomerate and owner of SIC and Expresso, the country’s largest television station and weekly newspaper, respectively.
January 4, 2022
Government buildings in Bernalillo County, New Mexico were closed to the public on Wednesday in response to what appears to be the first ransomware attack this year against a local government in the United States.
January 6, 2022
FinalSite ransomware attack shuts down thousands of school websites
FinalSite, a leading school website service provider, suffered a ransomware attack disrupting access to the websites of thousands of schools around the world.
Night Sky is the latest ransomware targeting corporate networks
It’s a new year, and with it comes a new ransomware to watch out for called “Night Sky” that targets corporate networks and steals data in double-extortion attacks.
January 7, 2022
FBI: Hackers Target U.S. Defense Firms With Malicious USB Packages
The Federal Bureau of Investigation (FBI) warned U.S. companies in a recently updated flash alert that the financially motivated cybercriminal group FIN7 is targeting the U.S. defense industry with packages containing malicious USB devices to deploy ransomware.
QNAP Warns of Ransomware Targeting NAS Devices Exposed to the Internet
QNAP today warned its customers to immediately secure Network Attached Storage (NAS) devices exposed to the Internet from ongoing ransomware and brute force attacks.
Friend-one spotted a new variant of Ransomware problem that adds the .problem extension and file a named ransom note readme.txt.