MOVEit Transfer extortion attacks continue to dominate the news cycle, with the Clop ransomware operation now extorting organizations that fell victim to the attacks.
Wednesday, the The Clop gang began listing the names of organizations breachedwarning that data would be leaked in seven days if a ransom was not negotiated.
Many organizations have opted to disclose breaches rather than negotiate, warning affected individuals that their data has been exposed.
Known affected organizations include US Federal AgenciesTHE Louisiana and Oregon DMV, Zellis (BBC, Boots and Aer Lingus, Irish HSE via Zellis), the University of Rochester, the Nova Scotia governmentTHE US state of MissouriTHE US state of Illinois, BORN IN Ontario, Ofcam, Extreme networksand the American Board of Internal Medicine.
As for Clop, they have now listed thirty-seven organizations affected by MOVEit breaches on their website, hoping this will spur them to negotiate.
We also learned more about ransomware attacks this week, with Operation Medusa extort the National Securities Commission of Argentina (CNV) and Rhysida ransomware leak of data stolen from the Chilean army.
Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @DanielGallagher, @malwhunterteam, @BleepinComputer, @VK_Intel, @LawrenceAbrams, @PolarToffee, @struppigel, @jorntvdw, @Ionut_Ilascu, @FourBytes, @serghei, @fwosar, @Seifreed, @malwareforme, @demonslay335, @AuCyble, @pcrisk, @FortiGuardLabs, @1ZRR4H, @SentinelOne, @SttyK, @juanbrodersen, @Ashukuhi, @BrettCallow, @Jon__DiMaggioAnd @snlyngaas.
June 11, 2023
Hackers add the National Securities Commission to their list of victims: they say they have sensitive data
A group of cybercriminals claim to have 1.5TB (1,500 gigabytes) of information from the National Securities Commission (CNV), the official body that oversees markets across the country. Medusa, the same ransomware cartel that encrypted Garbarino’s data in March this year, is asking for $500,000 and giving a one-week deadline to release the data.
June 12, 2023
Risk found new STOP ransomware variants that add the .ahui, .ahgrAnd .ahtw expansions.
PCrisk has found a new Chaos ransomware variant that adds the .mini Me extension.
June 13, 2023
PCrisk has found a new Chaos ransomware variant that adds the .LMAO extension and drops a ransom note named read_it.txt.
June 14, 2023
US and international cybersecurity authorities said in a joint LockBit ransomware advisory that the gang managed to extort around $91 million following around 1,700 attacks on US organizations since 2020.
A ransomware operation targets Russian players of the multiplayer first-person shooter Enlisted, using a fake website to distribute trojanized versions of the game.
Report on finding the public IP address of a RagnarLocker Tor site.
This investigation was conducted primarily through publicly available open-source intelligence services such as Shodan, as well as underground community sources. The associated server has already been shut down and the person believed to be the suspect has been charged, resulting in the publication of the report. The de-anonymization method using Etag is almost unknown to the public, and I think it’s a valuable contribution to the community.
June 15, 2023
The Clop ransomware gang has begun extorting companies affected by MOVEit data theft attacks, first listing the company’s names on a data leak site – a tactic often used before the information is publicly disclosed. stolen
Russian national Ruslan Magomedovich Astamirov has been arrested in Arizona and charged by the US Department of Justice for allegedly deploying LockBit ransomware on victim networks in the US and abroad.
The threat actors behind a recently emerged ransomware operation known as Rhysida have leaked online what they claim are documents stolen from the Chilean Army (Ejército de Chile) network.
Editor’s note: No more MOVEit attacks.
Several U.S. federal government agencies were affected in a global cyberattack by russian cybercriminals which exploits a vulnerability in widely used software, according to a major US cybersecurity agency.
June 16, 2023
Louisiana and Oregon are warning that millions of driver’s licenses have been exposed to a data breach after a ransomware gang hacked into their MOVEit Transfer security file transfer systems to steal stored data.
FortiGuard Labs has discovered two new ransomware variants, “Big Head” and another likely used by the same attacker, targeting consumers to extort money.