Ransomware Week – April 1, 2022

While ransomware continues to mount attacks and all businesses need to remain vigilant, ransomware news has been relatively slow this week. However, there were still some interesting stories which we describe below.

The most interesting story this week is CNN’s report on Conti Leaks, a Ukrainian researcher who had access to Conti’s internal servers for years.

After Conti sided with Russia over the invasion of Ukraine, the researcher retaliated by leaking internal conversations and source code from the Conti Ransomware gang, offering researchers and law enforcement an overview of their operations.

Another interesting piece of news is a clever “IPFuscation” technique used by the Hive ransomware gang to obfuscate payloads by representing them as IP addresses to evade detection. Running the list of IP addresses through a decoder results in a binary payload that can be installed.

Contributors and those who provided new ransomware information and stories this week include: @PolarToffee, @FourBytes, @jorntvdw, @LawrenceAbrams, @Seifreed, @serghei, @malwhunterteam, @DanielGallagher, @VK_Intel, @malwareforme, @Ionut_Ilascu, @struppigel, @demonslay335, @fwosar, @billtoulas, @BleepinComputer, @rivitna2, @MinervaLabs, @Amigo_A_, @SentinelOne, @AquaSecTeam, @ContiLeaks, @snlyngaasand @pcrisk.

March 27, 2022

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

The Hive ransomware operation converted its VMware ESXi Linux encryptor to the Rust programming language and added new features to make it harder for security researchers to spy on the victim’s ransom negotiations.

March 28, 2022

SunCrypt ransomware is still alive and active in 2022

SunCrypt, a ransomware-as-a-service (RaaS) operation that rose to prominence in mid-2020, is said to still be active, if only barely, as its operators continue to work to give its strain new capabilities.

New KalajaTomorr ransomware

Amigo-A found a new ransomware that drops a ransom note named Hello.txt.

March 29, 2022

Threat Alert: First Python Ransomware Attack Targeting Jupyter Laptops

The Nautilus team discovered a Python-based ransomware attack that for the first time targeted Jupyter Notebook, a popular tool used by data scientists. The attackers gained initial access through misconfigured environments, then executed a ransomware script that encrypts every file at a given path on the server and deletes itself after execution to conceal the attack. Since Jupyter notebooks are used to analyze data and create data models, this attack can cause significant damage to organizations if these environments are not properly backed up.

New variant of Dharma ransomware

Risk found a new variant of Dharma ransomware that adds the .snwd extension.

March 30, 2022

Hive ransomware uses new ‘IPfuscation’ trick to hide payload

Threat analysts have discovered a new obfuscation technique used by the Hive ransomware gang, which involves IPv4 addresses and a series of conversions that ultimately lead to a Cobalt Strike beacon being downloaded.

‘I can fight with a keyboard’: How a Ukrainian IT specialist exposed a notorious Russian ransomware gang

As Russian artillery began raining down on his homeland last month, a Ukrainian computer scientist decided to fight back in the best way he knew how: by sabotaging one of Russia’s most fearsome ransomware gangs.

March 31, 2022

LockBit Victim Estimates Cost of Ransomware Attack at $42 Million

Atento, a customer relationship management (CRM) service provider, released its financial performance results for 2021, which show a massive impact of $42.1 million due to a ransomware attack suffered by the company in October last year.

Four new variants of STOP ransomware

Risk found new STOP ransomware variants that add the .voom, .mpag, .gtysWhere .udla expansions.

It’s all for this week ! I hope everyone is having a good weekend!

About Jon Moses

Check Also

Azul Helps Filipino Customers Run Java Applications Efficiently – Manila Bulletin

One of the reasons why some companies are still determined to adopt cloud technologies for …