It has been a really quiet week for ransomware information, with just a few studies launched and never a lot information about cyberattacks.
Nonetheless, an merchandise of curiosity was Microsoft linking the current PaperCut server attacks on the Clop and LockBit ransomware operation.
Clop claims to have began exploiting PaperCut servers on April thirteenth, the identical day Microsoft started seeing energetic exploitation of the vulnerabilities.
The ransomware operation instructed BleepingComputer that they utilized these exploits for preliminary entry to company networks quite than to steal archived paperwork on the server.
Different ransomware studies launched this week embrace:
Lastly, we discovered that Yellow Pages Canada suffered a BlackBasta ransomware attack.
Contributors and those that offered new ransomware data and tales this week embrace: @serghei, @DanielGallagher, @malwareforme, @malwrhunterteam, @FourOctets, @billtoulas, @struppigel, @LawrenceAbrams, @Ionut_Ilascu, @Seifreed, @demonslay335, @BleepinComputer, @fwosar, @jorntvdw, @PolarToffee, @uptycs, @Trellix, @MsftSecIntel, @AlvieriD, @Jon__DiMaggio, @Fortinet, and @pcrisk.
April twenty fourth 2023
Yellow Pages Group, a Canadian listing writer has confirmed to BleepingComputer that it has been hit by a cyber assault.
PCrisk discovered a brand new Dharma ransomware variant that appends the .rea extension.
PCrisk discovered a brand new Xorist ransomware variant that appends the .VoNiX extension and drops a ransom notice named HOW TO DECRYPT FILES.txt.
April twenty fifth 2023
The story I’ll let you know shouldn’t be mine, however it’s the account of a person who was as soon as no completely different than you or me. Sadly, poor choices and hardships in his life pushed him to a darkish place, from which he by no means returned.
That is Bassterlord’s story.
PCrisk discovered a brand new STOP ransomware variant that appends the .foza extension.
April twenty sixth 2023
?Microsoft has attributed current assaults on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal company knowledge.
PCrisk discovered a brand new Xorist ransomware variant that appends the .attack7 (quantity might change) extension and drops a ransom notice named how_to_back_files.html.
PCrisk discovered a brand new STOP ransomware variant that appends the .foty extension.
April twenty seventh 2023
RTM Locker is the newest enterprise-targeting ransomware operation discovered to be deploying a Linux encryptor that targets digital machines on VMware ESXi servers.
FortiGuard Labs not too long ago got here throughout a brand new ransomware variant referred to as UNIZA. Like different ransomware variants, it encrypts information on victims’ machines in an try and extort cash. It makes use of the Command Immediate (cmd.exe) window to show its ransom message, and curiously, it doesn’t append the filename of the information it encrypts, making it harder to find out which information have been impacted.
PCrisk discovered a brand new Chaos ransomware variant that appends the .devinn extension and drops a ransom notice named unlock_here.txt.
That is it for this week! Hope everybody has a pleasant weekend!