MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations that fell victim to the attacks.

Wednesday, the The Clop gang began listing the names of organizations breachedwarning that data would be leaked in seven days if a ransom was not negotiated.

Many organizations have opted to disclose breaches rather than negotiate, warning affected individuals that their data has been exposed.

Known affected organizations include US Federal AgenciesTHE Louisiana and Oregon DMV, Zellis (BBC, Boots and Aer Lingus, Irish HSE via Zellis), the University of Rochester, the Nova Scotia governmentTHE US state of MissouriTHE US state of Illinois, BORN IN Ontario, Ofcam, Extreme networksand the American Board of Internal Medicine.

As for Clop, they have now listed thirty-seven organizations affected by MOVEit breaches on their website, hoping this will spur them to negotiate.

The other big news this week is the FBI arrest a LockBit subsidiary in Arizona just as CISA warned that the ransomware operation extorted over $90 million in 1,700 attacks on American organizations.

We also learned more about ransomware attacks this week, with Operation Medusa extort the National Securities Commission of Argentina (CNV) and Rhysida ransomware leak of data stolen from the Chilean army.

Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @DanielGallagher, @malwhunterteam, @BleepinComputer, @VK_Intel, @LawrenceAbrams, @PolarToffee, @struppigel, @jorntvdw, @Ionut_Ilascu, @FourBytes, @serghei, @fwosar, @Seifreed, @malwareforme, @demonslay335, @AuCyble, @pcrisk, @FortiGuardLabs, @1ZRR4H, @SentinelOne, @SttyK, @juanbrodersen, @Ashukuhi, @BrettCallow, @Jon__DiMaggioAnd @snlyngaas.

June 11, 2023

Hackers add the National Securities Commission to their list of victims: they say they have sensitive data

A group of cybercriminals claim to have 1.5TB (1,500 gigabytes) of information from the National Securities Commission (CNV), the official body that oversees markets across the country. Medusa, the same ransomware cartel that encrypted Garbarino’s data in March this year, is asking for $500,000 and giving a one-week deadline to release the data.

June 12, 2023

New STOP ransomware variants

Risk found new STOP ransomware variants that add the .ahui, .ahgrAnd .ahtw expansions.

New Variant of Chaos Ransomware

PCrisk has found a new Chaos ransomware variant that adds the .mini Me extension.

June 13, 2023

New Variant of Chaos Ransomware

PCrisk has found a new Chaos ransomware variant that adds the .LMAO extension and drops a ransom note named read_it.txt.

June 14, 2023

CISA: LockBit ransomware extorted $91 million in 1,700 US attacks

US and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang managed to extort around $91 million following around 1,700 attacks on US organizations since 2020.

WannaCry ransomware impersonator targets Russian ‘enlisted’ FPS gamers

A ransomware operation targets Russian players of the multiplayer first-person shooter Enlisted, using a fake website to distribute trojanized versions of the game.

New Techniques: Discovering Tor’s Hidden Service with Etag

Report on finding the public IP address of a RagnarLocker Tor site.

This investigation was conducted primarily through publicly available open-source intelligence services such as Shodan, as well as underground community sources. The associated server has already been shut down and the person believed to be the suspect has been charged, resulting in the publication of the report. The de-anonymization method using Etag is almost unknown to the public, and I think it’s a valuable contribution to the community.

June 15, 2023

Clop ransomware gang begins extorting MOVEit data theft victims

The Clop ransomware gang has begun extorting companies affected by MOVEit data theft attacks, first listing the company’s names on a data leak site – a tactic often used before the information is publicly disclosed. stolen

Suspected LockBit ransomware affiliate arrested and charged in US

Russian national Ruslan Magomedovich Astamirov has been arrested in Arizona and charged by the US Department of Justice for allegedly deploying LockBit ransomware on victim networks in the US and abroad.

Rhysida ransomware leaks stolen documents to Chilean military

The threat actors behind a recently emerged ransomware operation known as Rhysida have leaked online what they claim are documents stolen from the Chilean Army (Ejército de Chile) network.

US government agencies hit by global cyberattack

Editor’s note: No more MOVEit attacks.

Several U.S. federal government agencies were affected in a global cyberattack by russian cybercriminals which exploits a vulnerability in widely used software, according to a major US cybersecurity agency.

June 16, 2023

Millions of Oregon and Louisiana state IDs stolen in MOVEit breach

Louisiana and Oregon are warning that millions of driver’s licenses have been exposed to a data breach after a ransomware gang hacked into their MOVEit Transfer security file transfer systems to steal stored data.

Ransomware Overview — Bighead

FortiGuard Labs has discovered two new ransomware variants, “Big Head” and another likely used by the same attacker, targeting consumers to extort money.

It’s all for this week ! I hope everyone is having a good weekend!