This week is accompanied by reports of a ransomware attack at a hospital that resulted in the death of a baby and new efforts by governments around the world to fight ransomware.
The biggest news this week is President Biden’s announcement of a partnership between the United States and thirty other countries to disrupt global ransomware attacks.
A heartbreaking Wall Street Journal report on a ransomware attack that resulted in the death of a baby also illustrates just how dangerous these attacks can be for healthcare.
There was also some interesting news about how Conti targets Veeam backups, how RansomExx ransomware may incorrectly encrypt Linux files, and the re-emergence of the ransomware group known as Apostle.
Ransomware attacks this week include JVCKenwood, Hawaii Payroll Services, and Lufkin ISD.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @DanielGallagher, @malwrhunterteam, @struppigel, @BleepinComputer, @LawrenceAbrams, @ demonslay335, @PolarToffee, @Seifree, @VK_Intel, @Ionut_Ilascu, @malwareforme, @fwosar, @jontvdw, @OvenObytes, @ pancak3lullz, @ProferoSec, @GelosSnake, @barnhartguy, @kpoulsen, @bobmcmillan, @_melaevans, @y_advintel, @AdvIntel, @LabsSentinel, @pcrisk, and @ fbgwls245.
- 1. September 27, 2021
- 2. September 28, 2021
- 3. September 29, 2021
September 30, 2021
- 4.1. RansomEXX ransomware Linux encryption may damage victims’ files
- 4.2. JVCKenwood hit by Conti ransomware for 1.5TB data theft
- 4.3. New version of Apostle Ransomware reappears in targeted attack on higher education
- 4.4. US Congress Calls on FBI to Explain Delay in Helping Victims of Kaseya Attack
- 4.5. Hospital hit by hackers, baby in distress: the case of the first suspected death from ransomware
- 5. It’s all for this week ! Hope everyone has a good weekend!
September 27, 2021
Michel gillespie has found new ransomware that targets CIS countries that adds the .Bugs and files ransom notes named “1IMPORTANT INFORMATION !!!. txt” and “2IMPORTANT INFORMATION !!!. txt.”
PCR risk found a new variant of STOP ransomware that adds the .rigd extension to encrypted files.
PCRisk has found a new variant of STOP ransomware that adds the .nomadic extension to encrypted files.
September 28, 2021
Thousands affected by ransomware attack on Hawaii Company
In February, the Hawaii Payroll Services company suffered a ransomware attack. The company believes the attack was carried out by a criminal who somehow compromised a client’s account.
September 28, 2021 •
Lufkin ISD affected by ransomware attack
The hack was discovered on Saturday, but according to Sheila Adams of Lufkin ISD, the program they had in place to stop the attack worked because it shut down the system, which is how they learned about it. ‘attack.
September 29, 2021
Trucking giant Forward Air reports ransomware data breach
Trucking giant Forward Air has exposed a data breach after a ransomware attack that allowed malicious actors to gain access to employees’ personal information.
Backup “removal” solutions – from Conti Ransomware With Love
Conti’s “backup deletion solutions” start at the team development level. While selecting network intruders for their divisions, also known as “teams”, Conti is particularly clear that the experience of identifying, locating and disabling backups is one of their top priorities for a pentester. succeeded. This focus on the backup implemented as part of the partnership building process allows Conti to build teams with knowledge and skills aimed at removing backups.
dnwls0719 found new ransomware that adds the .alone extension to encrypted files and files a named ransom note _READ_ME_PLEASE.txt.
PC risk found a new variant of STOP ransomware that adds the .chld extension to encrypted files.
PCRisk has found a new variant of STOP ransomware that adds the .MOON extension to encrypted files.
September 30, 2021
RansomEXX ransomware Linux encryption may damage victims’ files
Cyber security company Profero has discovered that the RansomExx gang does not properly lock Linux files during encryption, leading to potentially corrupted files.
JVCKenwood hit by Conti ransomware for 1.5TB data theft
JVCKenwood suffered a Conti ransomware attack where threat actors claim to have stolen 1.7TB of data and demand a ransom of $ 7 million.
New version of Apostle Ransomware reappears in targeted attack on higher education
SentinelLabs has been tracking the activity of Agius, a suspected Iranian threat actor operating in the Middle East, throughout 2020 and 2021 following a series of destructive attacks beginning in December 2020. Since our last report on this threat actor in May 2020, Agrius lowered his profile and was not observed carrying out destructive activity. That has changed recently, as the threat author likely launched a ransomware attack on Israeli Bar-Ilan University using the group’s custom Apostle ransomware.
US Congress Calls on FBI to Explain Delay in Helping Victims of Kaseya Attack
The House Monitoring and Reform Committee has requested a briefing to understand the reasons for the FBI’s decision to delay the provision of a universal decryption key to victims of the Kaseya REvil ransomware for three weeks.
Hospital hit by hackers, baby in distress: the case of the first suspected death from ransomware
When Teiranni Kidd entered Springhill Medical Center on July 16, 2019 to have her baby, she had no idea the Alabama hospital was at the center of a ransomware attack.