Connect with us

Hi, what are you looking for?


The Week in Ransomware – November 19th 2021


While last week was full of arrests and law enforcement actions, this week has been much quieter, with mostly new research released.

Security firms released reports on the types of cryptomixers used by ransomware gangs, a detailed report on Conti, and how Russian ransomware gangs are starting to work with Chinese hackers.

Today, US regulators also ordered banks to report cyber attacks within 36 hours if they impact their operations, the ability to deliver banking products and services, or the US financial sector’s stability.

Finally, a Tor negotiation site for the Conti ransomware gang was taken down, likely due to the release of its IP address in the PRODAFT report.

Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @fwosar, @struppigel, @FourOctets, @malwrhunterteam, @billtoulas, @Seifreed, @Ionut_Ilascu, @serghei, @jorntvdw, @PolarToffee, @demonslay335, @VK_Intel, @LawrenceAbrams, @malwareforme, @BleepinComputer, @intel_bo7, @_aftrdrk, @thepacketrat, @SophosLabs, @FlashpointIntel, @sucurisecurity, @ Intel471Inc, @_CPResearch_, @BrettCallow, @emsisoft, @PRODAFT, @joetidy, @RepMaloney, @siri_urz, @fbgwls245, @pcrisk, @Friend_A_, and @AdvIntel.

November 13th 2021

Ransomware uses IRC for negotiations

dnwls0719 found a new ransomware that appends the .dst extension and expects users to use IRC over Tor to negotiate.

Ransomware using IRC

November 14th 2021

US Education Dept urged to boost K-12 schools’ ransomware defenses

The US Department of Education and Department of Homeland Security (DHS) were urged this week to more aggressively strengthen cybersecurity protections at K-12 schools across the nation to keep up with a massive wave of attacks.

Advertisement. Scroll to continue reading.

New RansomNow ransomware

Friend-a found a new ransomware in our forums called RansomNow that drops the HELP – README TO UNLOCK FILES.txt ransom note and does not append a new extension.

November 15th 2021

Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions

A new hacker group named Moses Staff has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated as they do not make any ransom payment demands.

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .futm extension.

November 16th 2021

These are the cryptomixers hackers use to clean their ransoms

Cryptomixers have always been at the epicenter of cybercrime activity, allowing hackers to “clean” cryptocurrency stolen from victims and making it hard for law enforcement to track them.

WordPress sites are being hacked in fake ransomware attacks

A new wave of attacks starting late last week has hacked close to 300 WordPress sites to display fake encryption notices, trying to trick the site owners into paying 0.1 bitcoin for restoration.

Evil Corp: ‘My hunt for the world’s most wanted hackers’

Many of the people on the FBI’s cyber most wanted list are Russian. While some allegedly work for the government earning a normal salary, others are accused of making a fortune from ransomware attacks and online theft. If they left Russia they’d be arrested – but at home they appear to be given free rein.

Ahead of Hearing, Committee Releases New Staff Memo on Ransom Attacks on U.S. Companies

Today, Carolyn B. Maloney, Chairwoman of the Committee on Oversight and Reform, released a supplemental memo providing new insights into how the high-profile ransomware attacks on CNA Financial Corporation (CNA), Colonial Pipeline Company (Colonial), and JBS Foods USA (JBS) unfolded, and how legislation and policies responses may be developed to counter the threat of ransomware.

New ChiChi Ransomware

dnwls0719 found a new ransomware that appends the .chichi extension.

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .utjg extension.

Advertisement. Scroll to continue reading.

November 17th 2021

Russian ransomware gangs start collaborating with Chinese hackers

?There’s some unusual activity brewing on Russian-speaking cybercrime forums, where hackers appear to be reaching out to Chinese counterparts for collaboration

November 18th 2021

[Conti] Ransomware Group In-Depth Analysis

PRODAFT Threat Intelligence (PTI) Team has obtained valuable insights on theinner workings of the Conti ransomware group. The PTI team accessed Conti’s infrastructure and identified the real IP addresses of the servers in question. This report provides unprecedented detail into the way the Conti ransomware gang works, how they select their targets, how many targets they’ve breached, and more.

New Memento ransomware switches to WinRar after failing at encryption

A new ransomware group called Memento takes the unusual approach of locking files inside password-protected archives after their encryption method kept being detected by security software.

New HelloKitty variant

S! Ri found a new HelloKitty ransomware variant that appends the .boombye extension and drops a ransom note named _read_me_bro.txt.

HelloKitty ransom note

November 19th 2021

US regulators order banks to report cyberattacks within 36 hours

US federal bank regulatory agencies have approved a new rule ordering banks to notify their primary federal regulators of significant computer-security incidents within 36 hours.

Emotet botnet comeback orchestrated by Conti ransomware gang

The Emotet botnet is back by popular demand, resurrected by its former operator, who was convinced by members of the Conti ransomware gang.

Conti’s Tor negotiation site briefly shut down by hijack

The Conti Tor negotiation sites were shut down for approximately 24 hours after the Prodaft report revealed its IP address, and law enforcement reportedly took the server offline.

That’s it for this week! Hope everyone has a nice weekend!

Source link

Advertisement. Scroll to continue reading.
Click to comment

Leave a Reply




While last week was full of arrests and law enforcement actions, this week has been much quieter, with mostly new research released. Security firms...

Top Stories

Michael Hsu, the acting head of the United States Office of the Comptroller of the Currency, hopes to address gaps in the supervision of...

Online Business Success

The picture shows the logo of the Federation of Pakistan Chambers of Commerce and Industry (FPCCI). FPCCI chief says economy doesn’t have capacity to absorb...

Top Stories

At present, your DeFi product needs to be multichain to be competitive — this is the hard (and exciting) truth of 2021. Whether you’re...

Top Stories

The first rule of Bitcoin (BTC) trading should be “expect the unexpected.” In just the past year alone, there have been five instances of...

Loan And Finance

If you’re like most of us, you know what it’s like to live paycheck to paycheck. You do your best to make the most...


Source: iMore Remember when you first started playing Animal Crossing: New Horizons when it first launched, back before it became one of the most...

Top Stories

Robinhood’s chief legal officer Dan Gallagher described the idea of creating a new digital asset regulator was “just plain silly” at a conference on...


You May Also Like

SEO Guide

How to index website on Google? Do you want to drive more organic traffic to your new website? I am sure your answer is...


In this post, I will discuss the top ten profitable blogging niches ideas for Adsense approval and high traffic. whether you use Blogger or...

SEO Guide

There are all kinds of pictures of the world on the internet, but to find one of these specific pictures that you want to...

SEO Guide

Want to rank in Google image search? Images that you use as a featured images when writing a post actually appear on Google Images...