The Week in Ransomware – April 28th 2023 – Clop at it again

Hacker hacking

It has been a very quiet week for ransomware news, with only a few reports released and not much info about cyberattacks.

However, an item of interest was Microsoft linking the recent PaperCut server attacks on the Clop and LockBit ransomware operation.

Clop claims to have started exploiting PaperCut servers on April 13th, the same day Microsoft began seeing active exploitation of the vulnerabilities.

The ransomware operation told BleepingComputer that they utilized these exploits for initial access to corporate networks rather than to steal archived documents on the server.
Other ransomware reports released this week include:

Finally, we learned that Yellow Pages Canada suffered a BlackBasta ransomware attack.

Contributors and those who provided new ransomware information and stories this week include: @serghei, @DanielGallagher, @malwareforme, @malwrhunterteam, @FourOctets, @billtoulas, @struppigel, @LawrenceAbrams, @Ionut_Ilascu, @Seifreed, @demonslay335, @BleepinComputer, @fwosar, @jorntvdw, @PolarToffee, @uptycs, @Trellix, @MsftSecIntel, @AlvieriD, @Jon__DiMaggio, @Fortinet, and @pcrisk.

April 24th 2023

Yellow Pages Canada confirms cyber attack as Black Basta leaks data

Yellow Pages Group, a Canadian directory publisher has confirmed to BleepingComputer that it has been hit by a cyber attack.

New Dharma ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .rea extension.

New Xorist ransomware variant

PCrisk found a new Xorist ransomware variant that appends the .VoNiX extension and drops a ransom note named HOW TO DECRYPT FILES.txt.

April 25th 2023

Ransomware Diaries: Volume 2 – A Ransomware Hacker Origin Story

The story I will tell you is not mine, but it is the account of a man who was once no different than you or me. Unfortunately, poor decisions and hardships in his life pushed him to a dark place, from which he never returned.

This is Bassterlord’s story.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .foza extension.

April 26th 2023

Microsoft: Clop and LockBit ransomware behind PaperCut server hacks

?Microsoft has attributed recent attacks on PaperCut servers to the Clop and LockBit ransomware operations, which used the vulnerabilities to steal corporate data.

New MedusaLocker ransomware variant

PCrisk found a new Xorist ransomware variant that appends the .attack7 (number may change) extension and drops a ransom note named how_to_back_files.html.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .foty extension.

April 27th 2023

Linux version of RTM Locker ransomware targets VMware ESXi servers

RTM Locker is the latest enterprise-targeting ransomware operation found to be deploying a Linux encryptor that targets virtual machines on VMware ESXi servers.

Ransomware Roundup – UNIZA Ransomware

FortiGuard Labs recently came across a new ransomware variant called UNIZA. Like other ransomware variants, it encrypts files on victims’ machines in an attempt to extort money. It uses the Command Prompt (cmd.exe) window to display its ransom message, and interestingly, it does not append the filename of the files it encrypts, making it more difficult to determine which files have been impacted.

New Chaos ransomware variant

PCrisk found a new Chaos ransomware variant that appends the .devinn extension and drops a ransom note named unlock_here.txt.

That’s it for this week! Hope everyone has a nice weekend!


Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee
Patreon

 To keep up to date follow us on the below channels.

join
Telegram
discord
Discord
reddit
Reddit
linkedin
LinkedIn