A case of mistaken identity and other MOVEit Transfer data breaches continue to dominate the ransomware news cycle this week.

This week, the New York City Department of Education revealed that the data from 45,000 students exposedAnd Siemens Energy confirmed an offense as well.

Separately, a group affiliated with the LockBit ransomware operation claimed to have targeted Taiwan Semiconductor Manufacturing Company (TSMC), one of the world’s largest semiconductor manufacturers.

However, after threatening to release data, credentials and loopholes in their network if a $70 million ransom demand was not paid, TSMC denied the hacking allegations and said the ransomware gang breached a third-party vendor.

A new report from VMware’s Carbon Black team sheds light on how 8Base ransomware worksillustrating how they use Phobos ransomware in attacks.

Finally, we had bad news and good news regarding the Akira ransomware operation.

The bad news is that they created a Linux encryptor to target VMware ESXi servers. The good news is that Avast released a decryptor allowing victims to recover files encrypted by the ransomware operation.

Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @fwosar, @demonslay335, @billtoulas, @Seifreed, @LawrenceAbrams, @malwhunterteam, @struppigel, @serghei, @rivitna2, @Avast, @AuCyble, @VMware, @pcrisk, @BushidoTokenAnd @BrettCallow.

June 26, 2023

Hackers steal data from 45,000 New York students in MOVEit breach

The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.

New STOP ransomware variants

Risk found new STOP ransomware variants that add the .thgz, .tgpoAnd .tgvv expansions.

New Tuga ransomware

PCrisk has found new ransomware that adds the .TUGA extension and drops a ransom note named README.txt.

June 27, 2023

Siemens Energy confirms data breach after MOVEit data theft attack

Siemens Energy has confirmed that data was stolen in recent Clop ransomware data theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.

New Anti-American Ransomware

PCrisk has found new ransomware that adds the .anti us extension and drops a ransom note named read it.

June 28, 2023

Linux version of Akira ransomware targets VMware ESXi servers

Akira ransomware operation uses Linux encryptor to encrypt VMware ESXi virtual machines in double extortion attacks against companies worldwide

8Base Ransomware Gang Steps Up Dual Extortion Attacks in June

An 8Base ransomware gang is targeting organizations around the world in double extortion attacks, with a steady stream of new victims since early June.

New Havoc ransomware

PCrisk has found new ransomware that adds the .ravaged extension and drops a ransom note named resq_Recovery.txt.

June 29, 2023

New Resq100 ransomware

PCrisk has found new ransomware that adds the .resq100 extension and drops a ransom note named ENCRYPTED FILES.txt.

June 30, 2023

TSMC denies LockBit hack as ransomware gang demands $70 million

Chipmaker giant TSMC (Taiwan Semiconductor Manufacturing Company) has denied being hacked after the LockBit ransomware gang demanded $70 million to withhold stolen data.

Free Akira ransomware decryptor helps recover your files

Cybersecurity company Avast has released a free decryptor for Akira ransomware which can help victims to recover their data without paying any money to crooks.

New STOP ransomware variants

PCrisk has found new STOP ransomware variants that add the .aghz, .agpoAnd .agvv expansions.

Top 5 Highest Ransom Demands

Will Thomas (aka BushidoToken) gave an overview of the 5 highest ransom demands.

It’s all for this week ! I hope everyone is having a good weekend!