It was a very quiet week regarding ransomware news, with the most significant news being the sentencing of a Netwalker affiliate to 20-years in prison.
A Florida court this week sentenced former Netwalker ransomware affiliate Sebastien Vachon-Desjardins to twenty years in prison and demanded he forfeits $21.5 million for an attack on a Tampa business and other companies worldwide.
We also had reports released this week that linked the Cheerscrypt ransomware to a Chinese hacking group and showed how the BlackByte ransomware operation uses ‘Bring Your Own Vulnerable Driver’ (BYOVD) attacks to terminate security software.
Motherboard also released a report based on FOIA requests, showing how US schools have responded to ransomware attacks on their networks.
Finally, the Vice Society began leaking data belonging to students, parents, and employees of the Los Angeles Unified school district, and Ferrari denies RansomEXX attacked them.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @malwrhunterteam, @demonslay335, @malwareforme, @Seifreed, @billtoulas, @jorntvdw, @serghei, @fwosar, @FourOctets, @BleepinComputer, @struppigel, @Ionut_Ilascu, @VK_Intel, @LawrenceAbrams, @PolarToffee, @Avast, @Sophos, @sygnia_labs, @BrettCallow, @pcrisk, @jgreigj, @lorenzofb, and @elhackernet.
October 2nd 2022
Ransomware gang leaks data stolen from LAUSD school system
The Vice Society Ransomware gang published data and documents Sunday morning that were stolen from the Los Angeles Unified School District during a cyberattack earlier this month.
October 3rd 2022
New STOP ransomware variants
PCrisk found new STOP ransomware variants that append the .adlg and .adww extensions.
How Ransomware Is Causing Chaos in American Schools
May 19, 2021 was supposed to be just another day at the end of the school year at Sierra College, a community college in Rocklin, California. Instead, hackers hit the school with ransomware, throwing it into chaos.
October 4th 2022
Ransomware hunters: the self-taught tech geniuses fighting cybercrime
Hackers are increasingly taking users’ data hostage and demanding huge sums for its release. They have targeted individuals, businesses, vital infrastructure and even hospitals. Authorities have been slow to respond – but there is help out there
Decrypted: MafiaWare666 Ransomware
MafiaWare666 is a ransomware strain written in C# which doesn’t contain any obfuscation or anti-analysis techniques. It encrypts files using the AES encryption. We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. New or previously unknown samples may encrypt files differently, so they may not be decryptable without further analysis.
Cheerscrypt ransomware linked to a Chinese hacking group
The Cheerscrypt ransomware has been linked to a Chinese hacking group named ‘Emperor Dragonfly,’ known to frequently switch between ransomware families to evade attribution.
Netwalker ransomware affiliate sentenced to 20 years in prison
Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.
New RedKrypt Ransomware
PCrisk found a new RedKrypt Ransomware that appends the .p.redkrypt extension and drops a ransom note named RedKrypt-Notes-README.txt.
Ferrari denies data breach and ransomware attack following gang’s online claims
Luxury car maker Ferrari is denying that it was hit with a ransomware attack after a gang added the company to its list of victims this week.
Cyber attack on health provider Pinnacle a ‘wake up call’
A top doctor is calling a cyber attack on a major primary health provider that has compromised the details of potentially thousands of patient details a “wake up call to the sector”.
October 5th 2022
BlackByte ransomware abuses legit driver to disable security products
The BlackByte ransomware gang is using a new technique that researchers are calling “Bring Your Own Driver,” which enables bypassing protections by disabling more than 1,000 drivers used by various security solutions.
October 7th 2022
Ransomware cyberattack affects 13 hospitals and outpatient clinics in Catalonia
The Consorci Sanitari Integral (CSI) has suffered a ransomware computer attack (for the second time in two years) that affects all its healthcare centers in Barcelona and Baix Llobregat. Health activity and patient care are maintained in what does not require computer services , with consultations practically only for emergencies, since health workers do not have access to patient information or procedures through computers .
New STOP ransomware variants
PCrisk found new STOP ransomware variants that append the .towz and .tohj extensions.