Ransomware gangs proceed to hammer native governments in assaults, taking down IT methods and disrupting cities’ on-line companies.
Earlier this month, we noticed that with the Royal Ransomware assault on Dallas, and this week the Metropolis of Augusta, Georgia, can be struggling a cyberattack.
Whereas the Augusta mayor’s workplace has disclosed a press release stating that they suffered a cyberattack, they didn’t share any particulars on the breach.
“The Metropolis of Augusta, GA started experiencing technical difficulties this previous Sunday, Could 21, 2023, unrelated to final week’s outage, leading to a disruption to sure pc methods,” reads the City’s statement.
“We started an investigation and decided that we have been the sufferer of unauthorized entry to our system.”
Nonetheless, right this moment, the BlackByte ransomware operation claimed responsibility for the assault on Augusta, leaking knowledge that they declare was stolen in the course of the assault.
Different assaults we discovered extra about this week embody a BlackBasta attack on German arms manufacturer Rheinmetall and ABB confirming data was stolen throughout an attack earlier this month.
The Cuba ransomware gang additionally claimed the attack on The Philadelphia Inquirer. Nonetheless, after the writer said the info didn’t belong to them, Cuba took the Inquirer’s entry from their knowledge leak website.
We additionally noticed some attention-grabbing experiences launched by safety companies and researchers:
Lastly, ransomware affiliate Bassterlord launched a “barely” edited however extremely sought-after model of his ransomware handbook model 2.0 that was being bought for $10,000 on hacker boards.
Whereas some researchers felt the handbook lacked element, menace actors can nonetheless use it to achieve extra information and learn to breach company networks.
Whereas we aren’t sharing this handbook, it’s suggested that every one community defenders and safety professionals learn the translated variations floating round on Twitter, or a few of the linked analyses beneath, to study what techniques have been being taught.
Contributors and people who offered new ransomware info and tales this week embody: @demonslay335, @malwrhunterteam, @BleepinComputer, @serghei, @billtoulas, @fwosar, @Ionut_Ilascu, @struppigel, @LawrenceAbrams, @Seifreed, @security_score, @Unit42_Intel, @_CPResearch_, @pcrisk, @BroadcomSW, @uuallan, @Jon__DiMaggio, @AShukuhi, @BushidoToken, @BrettCallow, and @UK_Daniel_Card.
Could twenty second 2023
Malicious Windows kernel drivers used in BlackCat ransomware attacks
The ALPHV ransomware group (aka BlackCat) was noticed using signed malicious Home windows kernel drivers to evade detection by safety software program throughout assaults.
New STOP Ransomware variants
PCrisk discovered new STOP Ransomware variants that append the .gapo, .gatq, and .gaze extensions.
New MedusaLocker variant
PCrisk discovered a brand new MedusaLocker variant that appends the .itlock20 extension (the quantity might differ) and drops a ransom notice named How_to_back_files.html.
Could twenty third 2023
A Deep Dive into Medusa Ransomware
Medusa ransomware appeared in June 2021, and it turned extra lively this yr by launching the “Medusa Weblog” containing knowledge leaked from victims that didn’t pay the ransom. The malware stops an inventory of companies and processes decrypted at runtime and deletes the Quantity Shadow
Copies.
IT employee impersonates ransomware gang to extort employer
A 28-year-old United Kingdom man from Fleetwood, Hertfordshire, has been convicted of unauthorized pc entry with prison intent and blackmailing his employer.
Arms maker Rheinmetall confirms BlackBasta ransomware attack
German automotive and arms producer Rheinmetall AG confirms that it suffered a BlackBasta ransomware assault that impacted its civilian enterprise.
Cuba ransomware claims cyberattack on Philadelphia Inquirer
The Cuba ransomware gang has claimed duty for this month’s cyberattack on The Philadelphia Inquirer, which quickly disrupted the newspaper’s distribution and disrupted some enterprise operations.
Could twenty fourth 2023
Iranian hackers use new Moneybird ransomware to attack Israeli orgs
A suspected Iranian state-supported menace actor referred to as ‘Agrius’ is now deploying a brand new ransomware pressure named ‘Moneybird’ in opposition to Israeli organizations.
Could twenty fifth 2023
New Buhti ransomware gang uses leaked Windows, Linux encryptors
A brand new ransomware operation named ‘Buhti’ makes use of the leaked code of the LockBit and Babuk ransomware households to focus on Home windows and Linux methods, respectively.
New STOP Ransomware variants
PCrisk discovered new STOP Ransomware variants that append the .vapo, .vatq, and .vaze extensions.
New FAST ransomware
PCrisk discovered a brand new ransomware that appends the .FAST extension and drops a ransom notice named #FILEENCRYPTED.txt.
Really? $10K For THIS? A Look at Version 2.0 of Basterlord’s Manual
Basterlord launched the a lot wanted 2nd model of his handbook on Twitter.
Could twenty sixth 2023
BlackByte ransomware claims City of Augusta cyberattack
Town of Augusta in Georgia, U.S., has confirmed that the latest IT system outage was attributable to unauthorized entry to its community.
US govt contractor ABB confirms ransomware attack, data theft
Swiss tech multinational and U.S. authorities contractor ABB has confirmed that a few of its methods have been impacted by a ransomware assault, beforehand described by the corporate as “an IT safety incident.”
New EXISC ransomware
PCrisk discovered a brand new ransomware variant that appends the .EXISC extension and drops a ransom notice named Please Contact Us To Restore.txt.
Analysis of “THE MANUAL”
Yesterday Basterlord (an notorious ransomware operator) revealed a duplicate of “Networking Handbook v2.0” (which I’ll check with as “the handbook”). So I after all thought we should always analyze this and look to see what he was promoting for $10 thousand {dollars}!
On-Demand Webinar: The Lord Has Fallen
Be a part of the writer of Ransomware Diaries: Quantity 2- A Ransomware Hacker Origin Story, Jon DiMaggio, for a dive into the ramifications Bassterlord has confronted since his story got here out.
