[ad_1]
It’s been a very quiet week for ransomware news, with only a few published reports and little information about cyberattacks.
However, one item of interest was Microsoft linking the recent PaperCut server attacks against Clop and LockBit ransomware operation.
Clop claims to have started exploiting PaperCut servers on April 13, the same day that Microsoft began to see active exploitation of the vulnerabilities.
The ransomware operation told BleepingComputer that they were using these exploits for initial access to corporate networks rather than stealing documents stored on the server.
Other ransomware reports released this week include:
Finally, we learned that Yellow Pages Canada suffered a BlackBasta ransomware attack.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @DanielGallagher, @malwareforme, @malwhunterteam, @FourBytes, @billtoulas, @struppigel, @LawrenceAbrams, @Ionut_Ilascu, @Seifreed, @demonslay335, @BleepinComputer, @fwosar, @jorntvdw, @PolarToffee, @uptycs, @Trellix, @MsftSecIntel, @AlvieriD, @Jon__DiMaggio, @FortinetAnd @pcrisk.
April 24, 2023
Yellow Pages Canada confirms cyberattack as Black Basta leaks data
Yellow Pages Group, a Canadian directory publisher, has confirmed to BleepingComputer that it has been the victim of a cyberattack.
New variant of Dharma ransomware
Risk found a new variant of Dharma ransomware that adds the .rea extension.
New variant of Xorist ransomware
PCrisk has found a new Xorist ransomware variant that adds the .VoNiX extension and drops a ransom note named HOW TO DECRYPTE .txt FILES.
April 25, 2023
Ransomware Diaries: Volume 2 – A ransomware hacker origin story
The story I am about to tell you is not my own, but it is the story of a man who was once no different from you or me. Unfortunately, bad decisions and difficulties in his life pushed him into a dark place, from which he never returned.
This is the story of Basserlord.
New variant of STOP ransomware
PCrisk has found a new STOP ransomware variant that adds the .foza extension.
April 26, 2023
Microsoft: Clop and LockBit ransomware behind PaperCut server hacks
“Microsoft attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.
New variant of MedusaLocker ransomware
PCrisk has found a new Xorist ransomware variant that adds the .attack7 (the number may change) extension and drops a ransom note named how_to_back_files.html.
New variant of STOP ransomware
PCrisk has found a new STOP ransomware variant that adds the .foty extension.
April 27, 2023
Linux version of RTM Locker ransomware targets VMware ESXi servers
RTM Locker is the latest enterprise-targeted ransomware operation that deploys a Linux encryptor that targets virtual machines on VMware ESXi servers.
Ransomware Overview – UNIZA Ransomware
FortiGuard Labs recently discovered a new ransomware variant called UNIZA. Like other ransomware variants, it encrypts files on victim machines in an attempt to extort money. It uses Command Prompt window (cmd.exe) to display its ransom message and interestingly it does not append the filename of the files it encrypts which makes it more difficult to determine which files impacted.
New Variant of Chaos Ransomware
PCrisk has found a new Chaos ransomware variant that adds the .devinn extension and drops a ransom note named unlock_here.txt.
It’s all for this week ! I hope everyone is having a good weekend!
[ad_2]
Source link