This week saw the return of the BlackByte ransomware operation, which launched a new data leak site using extortion tactics similar to LockBit 3.0.
This week’s attacks were on Argentina’s Judiciary of Córdoba, a UK water supplier (though Clop attributed to the wrong company), and LockBit claiming to be behind the attack on Entrust.
Finally, researchers found a new variant of the SOVA Android malware that includes a ransomware feature to encrypt mobile devices.
While Entrust has not responded to our queries about the attack, sources have told us that LockBit conducted the attack.
Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @LawrenceAbrams, @PolarToffee, @BleepinComputer, @Seifreed, @jorntvdw, @fwosar, @serghei, @struppigel, @FourOctets, @demonslay335, @malwrhunterteam, @Ionut_Ilascu, @malwareforme, @VK_Intel, @DanielGallagher, @juanbrodersen, @AlvieriD, @Cyberknow20, @Intel_by_KELA, @MauroEldritch, @luisezegarra, @Cleafy, and @pcrisk.
August 13th 2022
SOVA malware adds ransomware feature to encrypt Android devices
The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.
August 15th 2022
Argentina’s Judiciary of Córdoba hit by PLAY ransomware attack
Argentina’s Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new ‘Play’ ransomware operation.
August 16th 2022
Hackers attack UK water supplier but extort wrong company
South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6m consumers daily, has issued a statement confirming IT disruption from a cyberattack.
IceFire Ransomware launches data leak site
So, getting close to half a year when I first tweeted about this IceFire ransomware (and until now, not even one single tweet by anyone else). The gang now has a leak page too, that is a bit unusual/strange…
Victims started to appear on BC forums: https://t.co/sQJMOt3sNw pic.twitter.com/gRFsA5iWxm
— MalwareHunterTeam (@malwrhunterteam) August 16, 2022
New STOP ransomware variants
PCrisk found a bunch of new STOP ransomware variants that append the .qqlc, .qqlo, and .qqmt extensions.
New VoidCrypt variants
PCRisk found new VoidCrypt variants that append the .dark and .Angry extensions and drops a ransom note named unlock-info.txt.
New VoidCrypt variants
PCRisk found a new Chaos ransomware variant that appends the .sex extension and drops a ransom note named read_it.txt.
August 17th 2022
BlackByte ransomware gang is back with new extortion tactics
The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit.
Videos from SANS Ransomware Summit
SANS has published the videos from their ransomware summit.
Alleged Russian Money Launderer Extradited from the Netherlands to U.S.
According to court documents, Dubnikov and his co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the United States and abroad. Specifically, Dubnikov and his accomplices laundered ransom payments extracted from victims of Ryuk ransomware attacks.
August 18th 2022
LockBit claims ransomware attack on security giant Entrust
The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.
August 19th 2022
Córdoba: chaos in the Justice after the ransomware attack
The ransomware attack suffered by the Judiciary of Córdoba last Friday left the Justice of that province in limbo. Since then, the systems team has been working amid the chaos to recover the sequestered information: password changes, USB port blockages, suspension of Exchange email and interruption of communications between users to prevent the spread of the virus.
New STOP ransomware variant
PCrisk found a new STOP ransomware variant that appends the .qqri extension.