It’s been a mostly quiet week regarding ransomware, with only a few information released on older attacks and a few reports released on existing organizations.
This week, the theft of customer data remains at the center of concerns, with Yum! Brands Sending Data Breach Notifications for a ransomware attack in January.
Capita also remains silent on a Black Basta ransomware attack that occurred earlier this month, remaining silent on whether customer data was stolen, even as the a ransomware gang tries to extort them.
Other news this week relates to published research on particular operations, including:
- DarkAngels ransomware started a data leak site.
- Vice Society now uses a custom PowerShell script for data exfiltration.
- A technical analysis of Trigona, that BleepingComputer reported for the first time in 2022.
- Information about new Kadavro Vector Ransomware.
Finally, we’ve seen LockBit mess with cybersecurity companies, claiming to have breached DarkTrace. However, the company said this was untrue and the systems had been compromised.
Contributors and those who provided new ransomware information and stories this week include @LawrenceAbrams, @demonslay335, @malwareforme, @malwhunterteam, @fwosar, @BleepinComputer, @Seifreed, @struppigel, @billtoulas, @Ionut_Ilascu, @serghei, @McAfee, @Fortinet, @Threatlabz, @pcriskAnd @GossiTheDog.
April 9, 2023
As for Black Basta and Capita, they list Capita as currently being held for extortion – and provide evidence of exfiltrated data. This includes primary and secondary school job applications, a Capita nuclear document, Capita documents marked confidential, passport scans, security checks for clients, and architecture diagrams.
April 10, 2023
Yum! Brands, the brand owner of fast food chains KFC, Pizza Hut and Taco Bell, is now sending data breach notification letters to an undisclosed number of people whose personal information was stolen in a ransomware on January 13.
Zscaler discovered that DarkAngels ransomware (AKA RansomHouse) started a data leak site.
April 11, 2023
PCrisk has found a new STOP ransomware variant that adds the .kiop extension.
April 14, 2023
Cybersecurity firm Darktrace says it has found no evidence that the LockBit ransomware gang breached its network after the group added an entry to its dark web leak platform, implying that they stole data from company systems.
The Vice Society ransomware gang is rolling out a rather sophisticated new PowerShell script to automate data theft from compromised networks.
Zscaler ThreatLabz followed the Trine ransomware family, which dates back to June 2022. There have been public reports that some of the group’s tactics, techniques, and procedures (TTPs) overlapped with BlackCat/ALPHV ransomware.
FortiGuard Labs recently came across ransomware dubbed “Kadavro Vector,” a NoCry ransomware variant that encrypts files on compromised machines and demands a ransom in Monero (XMR) cryptocurrency for file decryption.