Ransomware week – January 7, 2022


With the holidays of the past two weeks, there have been only a few known ransomware attacks and little published research.

At the end of December, a new ransomware operation targeting businesses called Night Sky was launched, but it is not yet very active.

We have also seen an increase in Qlocker and eCh0raix campaigns targeting QNAP NAS devices, leading QNAP to issue a security advisory.

The most notable information released today is a new FBI flash alert warning that REvil and BlackMatter are sending malicious USB drives to defense firms that have deployed ransomware.

Finally, there have been a few ransomware attacks over the past two weeks, including FinalSite, Bernalillo County, and CIS.

Now that the holidays are over, we can expect to see more attacks from malicious actors and research related to the new TTPs.

Contributors and those who provided new ransomware information and stories this week include: @PolarToffee, @LawrenceAbrams, @VK_Intel, @OvenObytes, @jontvdw, @serghei, @Ionut_Ilascu, @DanielGallagher, @struppigel, @malwrhunterteam, @billtoulas, @malwareforme, @ demonslay335, @fwosar, @BleepinComputer, @Seifree, @BrettCallow, @ pancak3lullz, @ fbgwls245, @brfreed, @campuscodi, and @Friend_A_,

January 1, 2022

New variant of Golang ransomware

dnwls0719 found a new variant of the Golang ransomware that adds the .X Y Z extension.

January 2, 2022

New variant of STOP ransomware

Jakub Kroustek found a new variant of STOP ransomware that adds the .Creative extension.

New variant of STOP ransomware

Jakub Kroustek has found a new variant of STOP ransomware that adds the .dehd extension.

Lapsus $ ransomware gang hits SIC, Portugal’s biggest TV channel

The Lapsus $ ransomware gang has hacked and extorted Impresa, Portugal’s largest media conglomerate and owner of SIC and Expresso, the country’s largest television station and weekly newspaper, respectively.

January 4, 2022

New Mexico County ‘first’ victim of local government ransomware in 2022

Government buildings in Bernalillo County, New Mexico were closed to the public on Wednesday in response to what appears to be the first ransomware attack this year against a local government in the United States.

January 6, 2022

FinalSite ransomware attack shuts down thousands of school websites

FinalSite, a leading school website service provider, suffered a ransomware attack disrupting access to the websites of thousands of schools around the world.

Night Sky is the latest ransomware targeting corporate networks

It’s a new year, and with it comes a new ransomware to watch out for called “Night Sky” that targets corporate networks and steals data in double-extortion attacks.

January 7, 2022

FBI: Hackers Target U.S. Defense Firms With Malicious USB Packages

The Federal Bureau of Investigation (FBI) warned U.S. companies in a recently updated flash alert that the financially motivated cybercriminal group FIN7 is targeting the U.S. defense industry with packages containing malicious USB devices to deploy ransomware.

QNAP Warns of Ransomware Targeting NAS Devices Exposed to the Internet

QNAP today warned its customers to immediately secure Network Attached Storage (NAS) devices exposed to the Internet from ongoing ransomware and brute force attacks.

New variant of problem ransomware

Friend-one spotted a new variant of Ransomware problem that adds the .problem extension and file a named ransom note readme.txt.

It’s all for this week ! Hope everyone has a good weekend!


Please enter your comment!
Please enter your name here

Trending this Week