The Week in Ransomware - October 8th 2021 - Making arrrests - BleepingComputer
2021-10-08 17:44:49 - Lawrence Abrams
This week's big news is the arrests of two ransomware operators in Ukraine responsible for hundreds of attacks targeting organizations worldwide.
The US is also proposing new bills and initiatives to force companies to disclose ransom payments and government contractors to disclose breaches.
Under the new Civil Cyber-Fraud Initiative, the US DOJ will allow government contractors to be sued if they don't report a breach or fail to meet required cybersecurity standards.
A new ' Ransom Disclosure Act' bill has been introduced to require any ransomware victims to report ransom payments within 48 hours.
Finally, some of the ransomware attacks revealed this week include SandHills Global , Weir Group , and we finally have confirmation that Cox Media Group was attacked in June.
Contributors and those who provided new ransomware information and stories this week include: @struppigel , @Seifreed , @FourOctets , @malwareforme , @billtoulas , @demonslay335 , @fwosar , @VK_Intel , @PolarToffee , @serghei , @Ionut_Ilascu , @malwrhunterteam , @LawrenceAbrams , @BleepinComputer , @DanielGallagher , @jorntvdw , @kaspersky , @threatresearch , @thepacketrat , @vikas891 , @fbgwls245 , and @Mandiant .
OCTOBER 2ND 2021
Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations.
OCTOBER 3RD 2021
NEW STOP RANSOMWARE VARIANT
dnwls0719 found a new STOP ransomware variant that appends the .tisc extension.
OCTOBER 4TH 2021
Europol has announced the arrest of two men in Ukraine, said to be members of a prolific ransomware operation that extorted victims with ransom demands ranging between €5 to €70 million.
Atom Silo, a newly spotted ransomware group, is targeting a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads.
OCTOBER 5TH 2021
Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers.
OCTOBER 6TH 2021
Under the new Civil Cyber-Fraud Initiative that the U.S. Department of Justice announced today, government contractors are accountable in a civil court if they don’t report a breach or fail to meet required cybersecurity standards.
Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the ‘Ransom Disclosure Act’.
xXToffeeXx found a "BabyDuck" ransomware that uses the .babyduck extension and drops a ransom note named #README.babyduck. No this is not a joke.
OCTOBER 7TH 2021
It can take less than two days for the FIN12 gang to execute on the target network a file-encrypting payload - most of the time Ryuk ransomware.
OCTOBER 8TH 2021
Scottish multinational engineering firm Weir Group has disclosed an "attempted ransomware attack" that led to "significant temporary disruption" in September.
Even though American and European companies enjoy the lion’s share of ransomware attacks launched from Russian ground, companies in the country aren’t spared from having to deal with file encryption and double-extortion troubles of their own.
American media conglomerate Cox Media Group (CMG) confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021.
THAT'S IT FOR THIS WEEK! HOPE EVERYONE HAS A NICE WEEKEND!