The Week in Ransomware – April 1st 2022

Although ransomware is nonetheless conducting attacks and all organizations will have to continue to be notify, ransomware news has been comparatively gradual this 7 days. Having said that, there had been continue to some interesting tales that we outline beneath.

This week’s most fascinating tale is CNN’s report on Conti Leaks, a Ukrainian researcher who has had obtain to Conti’s internal servers for yrs.

Following Conti sided with Russia above the invasion of Ukraine, the researcher fought again by leaking inner chats and supply code for the Conti Ransomware gang, providing scientists and regulation enforcement a glimpse into their functions.

Other interesting information is a intelligent ‘IPFuscation’ technique applied by the Hive ransomware gang to obfuscate payloads by representing them as IP addresses to evade detection. By functioning the listing of IP addresses via a decoder, it results in a binary payload that can be mounted.

Contributors and these who offered new ransomware info and tales this week consist of: @PolarToffee, @FourOctets, @jorntvdw, @LawrenceAbrams, @Seifreed, @serghei, @malwrhunterteam, @DanielGallagher, @VK_Intel, @malwareforme, @Ionut_Ilascu, @struppigel, @demonslay335, @fwosar, @billtoulas, @BleepinComputer, @rivitna2, @MinervaLabs, @Amigo_A_, @SentinelOne, @AquaSecTeam, @ContiLeaks, @snlyngaas, and @pcrisk.

March 27th 2022

Hive ransomware ports its Linux VMware ESXi encryptor to Rust

The Hive ransomware operation has converted their VMware ESXi Linux encryptor to the Rust programming language and included new features to make it more challenging for security scientists to snoop on victim’s ransom negotiations.

March 28th 2022

SunCrypt ransomware is even now alive and kicking in 2022

SunCrypt, a ransomware as support (RaaS) procedure that reached prominence in mid-2020, is reportedly however active, even if barely, as its operators keep on to get the job done on providing its strain new abilities.

New KalajaTomorr ransomware

Amigo-A identified a new ransomware that drops a ransom take note named Hi.txt.

March 29th 2022

Threat Notify: Initial Python Ransomware Attack Focusing on Jupyter Notebooks

Workforce Nautilus has uncovered a Python-based mostly ransomware attack that, for the to start with time, was concentrating on Jupyter Notebook, a well-liked tool utilised by data practitioners. The attackers attained initial access via misconfigured environments, then ran a ransomware script that encrypts every single file on a supplied path on the server and deletes itself soon after execution to conceal the attack. Considering that Jupyter notebooks are employed to review knowledge and construct information designs, this assault can lead to major injury to businesses if these environments are not appropriately backed up.

New Dharma ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .snwd extension.

March 30th 2022

Hive ransomware utilizes new ‘IPfuscation’ trick to cover payload

Risk analysts have found out a new obfuscation strategy applied by the Hive ransomware gang, which involves IPv4 addresses and a sequence of conversions that sooner or later lead to downloading a Cobalt Strike beacon.

‘I can battle with a keyboard’: How one particular Ukrainian IT specialist exposed a infamous Russian ransomware gang

As Russian artillery started raining down on his homeland past thirty day period, one particular Ukrainian personal computer researcher resolved to struggle back again the ideal way he realized how — by sabotaging a single of the most formidable ransomware gangs in Russia.

March 31st 2022

LockBit sufferer estimates value of ransomware assault to be $42 million

Atento, a supplier of client relationship administration (CRM) solutions, has published its 2021 fiscal effectiveness effects, which present a large effect of $42.1 million thanks to a ransomware attack the firm endured in October final yr.

Four new Prevent ransomware variants

PCrisk found new Quit ransomware variants that append the .voom, .mpag, .gtys, or .udla extensions.

That is it for this 7 days! Hope all people has a good weekend!