It’s been a fairly quiet week for ransomware, with only a few published reports and no significant new attacks. However, we may have a new branding in the works and a ransomware operation is likely behind another zero-day data theft campaign, so we have some news for you.

Many companies have had their data stolen after hackers used a zero-day vulnerability in the MOVEit Transfer program to breach the servers.

Although the extortion demands have not yet been sent to the victims and no one has claimed responsibility, this attack is similar to previous ones Clop ransomware attacks using GoAnywhere MFT And Accellion FTA zero-days to steal files.

So it wouldn’t be surprising to learn that Clop was behind the recent MOVEit attacks.

There have also been rumors for weeks that Royal ransomware is changing its name to a new ransomware operation called BlackSuit. This week, Trend Micro analysis of the ciphers of the two operations and stated that they share very strong similarities with each other.

Although this link is not strong enough, the attack on dallas may have put Operation Royal ransomware in the crosshairs, spooking them into a rebrand.

Finally, IBM published a report on The new ‘Sphynx’ encryptor from BlackCat/ALPHV and other tools used by the operation which is worth reading.

We have also heard of some previous ransomware attacks, including @Seifreed, @billtoulas, @Ionut_Ilascu, @struppigel, @BleepinComputer, @serghei, @LawrenceAbrams, @malwhunterteam, @demonslay335, @fwosar, @rapid7, @HuntressLabs, @GossiTheDog, @IBMSecurity, @TrendMicro, @Avast, @jgreigjAnd @pcrisk.

May 29, 2023

MCNA Dental data breach affects 8.9 million people after ransomware attack

Managed Care of North America (MCNA) Dental posted a data breach notification on its website, notifying nearly 9 million patients that their personal data has been compromised.

May 30, 2023

BlackCat (ALPHV) ransomware improves for stealth, speed and exfiltration

BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc on organizations around the world this year. The most recent attacks from ransomware affiliates BlackCat (aka ALPHV) target organizations in the healthcare, government, education, manufacturing, and hospitality sectors. Reportedly, several of these incidents resulted in the group posting sensitive data on its leak site, including financial and medical information stolen from victim organizations.

New STOP ransomware variants

Risk found new STOP ransomware variants that add the .weon Or .werz extension.

New variant of Dharma

PCrisk has found a new variant of Dharma ransomware that adds the .xCor extension.

May 31, 2023

Investigation of similarities between BlackSuit Ransomware and Royal

Royal ransomware, which is already one of the most notable ransomware families of 2022, gained further notoriety in early May 2023 after being used to attack computer systems in Dallas, Texas. Around the same time, several Twitter researchers came across a new ransomware family called BlackSuit that targeted both Windows and Linux users. Other posts on Twitter mentioned links between BlackSuit and Royal, which piqued our interest. We managed to recover and analyze a 32-bit Windows sample of the Twitter ransomware.

New STOP variant

PCrisk has found a new STOP ransomware variant that adds the .weqp extension.

June 1, 2023

New zero-day MOVEit Transfer widely exploited in data theft attacks

Hackers are actively exploiting a zero-day vulnerability in MOVEit Transfer file transfer software to steal data from organizations.

Harvard Pilgrim Health Care ransomware attack affects 2.5 million people

Harvard Pilgrim Health Care (HPHC) has revealed that a ransomware attack it suffered in April 2023 affected 2,550,922 people, with threat actors also stealing their sensitive data from compromised systems.

June 2, 2023

The Rise and Fall of Ransomware: Insights from Avast’s Q1 2023 Threat Report

Ransomware has been a significant cybersecurity threat for over a decade, but incident rates are showing a slight decline. The Avast Q1/2023 threat report examines why.

Legal services platform used by SEC and Pentagon investigating ransomware attack allegations

A legal documents platform used by several branches of the US government is investigating claims by a ransomware group that it was attacked.

It’s all for this week ! I hope everyone is having a good weekend.

Source link