This week’s news was dominated by Clop ransomware gang extortion firms whose GoAnywhere services were hacked using a zero-day vulnerability.

Over the past month, one hundred new companies have been added to Clop’s data leak site, with the extortion gang threatening to release data if a ransom is not paid.

While it’s unconfirmed if all of these companies were breached using GoAnywhere Zero Day, BleepingComputer confirmed this week that Saks Fifth AvenueTHE City of Toronto, Procter & GambleVirgin Red and the UK Pension Protection Fund are linked to the vulnerability.

In some weird news this week, the city of Oakland is suddenly extorted from LockBit data leak site, when a few weeks ago they were claimed by a Play ransomware attack. It is unclear whether LockBit is helping Play extort the city.

There also seems to be a spat mixing between the Monti ransomware gang and Donut Leaks.

Finally, we have seen ransomware reports published this week on ACL scareware masquerading as ransomware and one DarkPower gang article.

Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @Seifreed, @fwosar, @malwhunterteam, @LawrenceAbrams, @serghei, @demonslay335, @billtoulas, @PogoWasRight, @cyfirma, @pcrisk, @TrellixAnd @jgreigj.

March 19, 2023

MONTI Ransomware Gang Leaks Donut Leaks

In one of the most intriguing lists this week, ransomware group MONTI has added another group, Donut Leaks, to its leak site.

March 20, 2023

ALC Scareware claims to be ransomware

CYFIRMA research team recently discovered a malicious sample in the wild that claims to be ransomware named ALC Ransomware. Our research team analyzed and found that it is actually scareware, as it does not encrypt files on the victim machine.

New Variant STOP Ransomware

Risk found a new STOP ransomware variant that adds the .darj extension to encrypted files.

March 21, 2023

LockBit Ransomware Gang Now Also Claims City of Oakland Breach

Another ransomware operation, the LockBit gang, is now threatening to release what it describes as stolen files from systems in the city of Oakland.

Clop ransomware claims Saks Fifth Avenue, retailer claims fictitious data was stolen

The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its dark website.

March 22, 2023

Dole reveals employee data breach after ransomware attack

Fresh produce giant Dole Food Company has confirmed that threat actors behind a ransomware attack in February accessed information from an undisclosed number of employees.

New Variant STOP Ransomware

PCrisk has found a new STOP ransomware variant that adds the .tywd extension to encrypted files.

New variant of Xorist ransomware

PCrisk has found a new Xorist ransomware variant that adds the .Rans-A extension and removes ransom notes named HOW TO DECRYPTE .txt FILES.

March 23, 2023

City of Toronto confirms data theft, Clop claims responsibility

The City of Toronto is among the latest victims of the Clop ransomware gang in the ongoing GoAnywhere hacking spree.

Tennessee town hit by ransomware attack

Oak Ridge, Tennessee, said city officials are working with law enforcement and cybersecurity experts to deal with a ransomware attack affecting its technology systems.

New Variant STOP Ransomware

PCrisk has found a new STOP ransomware variant that adds the .tyos extension to encrypted files.

March 24, 2023

Procter & Gamble confirms data theft via GoAnywhere zero-day

Consumer goods giant Procter & Gamble has confirmed a data breach affecting an undisclosed number of employees after its GoAnywhere MFT secure file sharing platform was compromised in early February.

It’s all for this week ! I hope everyone is having a good weekend!