Law enforcement continues to keep the pressure on ransomware operations with infrastructure hacks and million dollar rewards, bringing criminal operations to a halt.
Due to this increased pressure from law enforcement, the BlackMatter (DarkSide) ransomware gang has announced to affiliates that they are shutting down this week after members disappeared.
TechToSee later discovered that BlackMatter had started moving existing victims to the LockBit ransomware infrastructure to continue extortion requests.
To keep the pressure on the DarkSide gang and warn that rebranding to a new operation will not stop law enforcement, the US State Department announced a $ 10 million reward for identifying or locating the key leaders of the organization. In addition, the US government is also offering $ 5 million for the arrest of anyone participating in future attacks using DarkSide variants.
The FBI also issued notices this week warning that HelloKitty has added DDoS attacks to its arsenal, that ransomware gangs typically carry out attacks “during urgent financial events” and that gangs target tribal-owned businesses, including casinos.
The ransomware attacks we saw this week were directed against the British Labor Party and the health systems of Newfoundland and Labrador.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @malwareforme, @LawrenceAbrams, @BleepinComputer, @fwosar, @DanielGallagher, @Ionut_Ilascu, @struppigel, @jontvdw, @VK_Intel, @billtoulas, @malwrhunterteam, @OvenObytes, @ demonslay335, @PolarToffee, @Seifree, @CofenseLabs, @TalosSecurity, @vxunderground, @ pancak3lullz, @Fortinet, @GelosSnake, @nakashimae, @DDaltonBennett, @ fbgwls245, @pcrisk, and @Friend_A_.
- October 30, 2021
- November 1, 2021
- November 2, 2021
November 3, 2021
- BlackMatter ransomware claims to be shut down due to police pressure
- UK Labor Party reveals data breach after ransomware attack
- BlackMatter ransomware moves victims to LockBit after shutdown
- Ransomware gang shut down after Cybercom hijacked its site and discovered it had been hacked
- New Polaris ransomware targeting Linux
- November 4, 2021
- November 5, 2021
October 30, 2021
Chaos ransomware targets gamers via fake Minecraft alt lists
The Chaos Ransomware Gang encrypts players’ Windows devices via fake Minecraft alt listings promoted on gaming forums.
November 1, 2021
FBI HelloKitty ransomware adds DDoS attacks to extortion tactics
The US Federal Bureau of Investigation (FBI) sent a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added Distributed Denial of Service (DDoS) attacks to its arsenal extortion tactics.
BlackShadow Hackers Break Into Israeli Hosting Company, Extort Customers
The hacking group BlackShadow has attacked Israeli hosting provider Cyberserve for stealing customer databases and disrupting company services.
Health system in Canadian provinces disrupted by cyberattack
The Canadian province of Newfoundland and Labrador suffered a cyberattack that caused serious disruption to health care providers and hospitals.
November 2, 2021
dnwls0719 found a new variant of the Dharma ransomware that adds the .MRS extension to encrypted files.
PCrisk has found new variants of STOP ransomware that add the .costs and .palq extensions to encrypted files.
FBI: Ransomware targets companies in mergers and acquisitions
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “urgent financial events” such as corporate mergers and acquisitions to facilitate extortion of their victims.
November 3, 2021
BlackMatter ransomware claims to be shut down due to police pressure
The BlackMatter ransomware is said to be shutting down its operations due to pressure from authorities and recent law enforcement operations.
UK Labor Party reveals data breach after ransomware attack
The UK Labor Party has informed its members that some of their information was affected by a data breach after a ransomware attack hit a vendor handling party data.
BlackMatter ransomware moves victims to LockBit after shutdown
With the closure of the BlackMatter ransomware operation, existing affiliates are moving their victims to the LockBit ransomware competitor site for continued extortion.
A major overseas ransomware group shut down last month after a pair of US Cyber Command and a foreign government operations targeting criminals’ servers left its executives too frightened of it. identification and arrest to stay in business, according to several US officials familiar with the matter. .
Friend-one Found New Polaris Ransomware That Targets Linux And Drops Named Ransom Notes WARNING.txt.
November 4, 2021
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware
New threat actor hacks Microsoft Exchange servers and breaches corporate networks by using ProxyShell vulnerability to deploy Babuk Ransomware.
Phishing emails send spooky zombie-themed MirCop ransomware
A new phishing campaign masquerading as provisioning lists infects users with MirCop ransomware that encrypts a target system in less than fifteen minutes.
US targets DarkSide ransomware, rebrands itself with $ 10 million reward
The US government targets DarkSide ransomware and its new brands with a reward of up to $ 10,000,000 for information leading to the identification or arrest of operatives.
Details of the tools and tactics used by a ransomware-affiliated group, now identified as Lockean, emerged today in a report from the French Computer Emergency Response Team (CERT) .
November 5, 2021
PCrisk has found a new variant of the Dharma ransomware that adds the .EARTHWORM extension to encrypted files.
PCrisk has found new variants of STOP ransomware that add the .stax and .irkf extensions to encrypted files.
dnwls0719 has found a new variant of the Thanos ransomware that adds the .stepik extension.