For the most part, it has been a quiet week on the ransomware front, with a few new reports, product developments, and attacks revealed.
Mandiant revealed this week that an Iranian threat actor is behind ransomware attacks on the Albanian government, likely in retaliation for an upcoming Iranian opposition groups’ conference.
Microsoft also announced this week that new Windows 11 builds in the Beta Channel had improved Microsoft Defender for Endpoint ransomware attack blocking capabilities.
Finally, we learned about ransomware attacks this week, including ones on Spanish National Research Council (CSIC), Semikron getting hit by LV ransomware, the German Chambers of Industry and Commerce, and Creos Luxembourg.
Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @malwrhunterteam, @DanielGallagher, @FourOctets, @struppigel, @VK_Intel, @Ionut_Ilascu, @demonslay335, @BleepinComputer, @Seifreed, @PolarToffee, @malwareforme, @jorntvdw, @fwosar, @LawrenceAbrams, @serghei, @secuninja, @pcrisk, @siri_urz, @Dschwarcz, @Balgan, and @Mandiant.
August 1st 2022
The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country.
PCrisk found a new Phobos ransomware variant that appends the .FILE extension and drops a ransom note named info.hta and info.txt.
PCrisk found a new Phobos ransomware variant that appends the .hydrox extension and drops a ransom note named Hydrox Ransomware.txt.
PCrisk found a new Chaos-based ‘Root’ ransomware that appends the .Root extension and drops a ransom note named read_it.txt.
PCrisk found the new Payt ransomware that appends the .Payt extension and drops a ransom note named ReadthisforDecode.txt.
August 2nd 2022
German power electronics manufacturer Semikron has disclosed that it was hit by a ransomware attack that partially encrypted the company’s network.
Microsoft has released new Windows 11 builds to the Beta Channel with improved Microsoft Defender for Endpoint ransomware attack blocking capabilities.
In recent years, cyberattacks have cost firms countless billions of dollars, undermined consumer privacy, distorted world geopolitics, and even resulted in death and bodily harm. Rapidly accelerating cyberattacks have not, however, been bad news for many lawyers. To the contrary, lawyers that specialize in coordinating all elements of victims’ incident response efforts are increasingly in demand. Lawyers’ dominant role in cyber-incident response is driven predominantly by their purported capacity to ensure that information produced during the breach-response process remains confidential, particularly in any subsequent lawsuit.
August 3rd 2022
The Spanish National Research Council (CSIC) last month was hit by a ransomware attack that is now attributed to Russian hackers.
A must read Twitter thread on cyber insurance
A about cyber insurance, and some myth-busting on some topics that I read this week. Full disclosure: I work for a cyberinsurance provider and will only talk about how WE are doing things,we too agree the it could be done better and decided to do it.1/N
— Tiago Henriques (@Balgan) August 4, 2022
PCrisk found a new STOP ransomware variant that appends the .Readnet7 extension and drops a ransom note named HOW_TO_RECOVER_DATA.html.
S!Ri found a new ransomware that appends the .hicrypt extension to encrypted files.
August 4th 2022
The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
Mandiant identified the ROADSWEEP ransomware family and a Telegram persona which targeted the Albanian government in a politically motivated disruptive operation ahead of an Iranian opposition organization’s conference in late July 2022.
PCrisk found a new STOP ransomware variant that appends the .vvyu extension.