It’s been a mostly quiet week regarding ransomware, with only a few information released on older attacks and a few reports released on existing organizations.

This week, the theft of customer data remains at the center of concerns, with Yum! Brands Sending Data Breach Notifications for a ransomware attack in January.

Capita also remains silent on a Black Basta ransomware attack that occurred earlier this month, remaining silent on whether customer data was stolen, even as the a ransomware gang tries to extort them.

Other news this week relates to published research on particular operations, including:

• DarkAngels ransomware started a data leak site.
• Vice Society now uses a custom PowerShell script for data exfiltration.
• A technical analysis of Trigona, that BleepingComputer reported for the first time in 2022.
• Information about new Kadavro Vector Ransomware.

Finally, we’ve seen LockBit mess with cybersecurity companies, claiming to have breached DarkTrace. However, the company said this was untrue and the systems had been compromised.

Contributors and those who provided new ransomware information and stories this week include @LawrenceAbrams, @demonslay335, @malwareforme, @malwhunterteam, @fwosar, @BleepinComputer, @Seifreed, @struppigel, @billtoulas, @Ionut_Ilascu, @serghei, @McAfee, @Fortinet, @Threatlabz, @pcriskAnd @GossiTheDog.

April 9, 2023

Black Basta ransomware group extorts Capita with stolen customer data, Capita’s response escapes.

As for Black Basta and Capita, they list Capita as currently being held for extortion – and provide evidence of exfiltrated data. This includes primary and secondary school job applications, a Capita nuclear document, Capita documents marked confidential, passport scans, security checks for clients, and architecture diagrams.

April 10, 2023

Pizza Hut Owner KFC Reveals Data Breach After Ransomware Attack

Yum! Brands, the brand owner of fast food chains KFC, Pizza Hut and Taco Bell, is now sending data breach notification letters to an undisclosed number of people whose personal information was stolen in a ransomware on January 13.

DarkAngels ransomware launches data leak site

Zscaler discovered that DarkAngels ransomware (AKA RansomHouse) started a data leak site.

April 11, 2023

New Variant STOP Ransomware

PCrisk has found a new STOP ransomware variant that adds the .kiop extension.

April 14, 2023

Darktrace: investigation found no evidence of LockBit breach

Cybersecurity firm Darktrace says it has found no evidence that the LockBit ransomware gang breached its network after the group added an entry to its dark web leak platform, implying that they stole data from company systems.

Vice Society ransomware uses new PowerShell data theft tool in attacks

The Vice Society ransomware gang is rolling out a rather sophisticated new PowerShell script to automate data theft from compromised networks.

Technical Analysis of Trigona Ransomware

Zscaler ThreatLabz followed the Trine ransomware family, which dates back to June 2022. There have been public reports that some of the group’s tactics, techniques, and procedures (TTPs) overlapped with BlackCat/ALPHV ransomware.

Ransomware Overview – Kadavro Vector Ransomware

FortiGuard Labs recently came across ransomware dubbed “Kadavro Vector,” a NoCry ransomware variant that encrypts files on compromised machines and demands a ransom in Monero (XMR) cryptocurrency for file decryption.

It’s all for this week ! I hope everyone is having a good weekend!