This week we have discovered numerous new ransomware operations that have started operating, and one appears to be a rebranding of previous operations.
The Quantum ransomware gang has seen a spike in victims, with a report showing the gang deploying the encryptor in quick attacks.
We also learned about a new ransomware gang called Black Basta that has rapidly racked up victims while, for the most part, remaining under the radar until this week.
Some of the recent victims of Black Basta are the American Dental Association and Deutsche Windtechnik.
The other news this week is the discovery that Onyx ransomware deliberately destroys files larger than 2 MB, so there is no point in paying a ransom.
Finally, Austin Peay State University suffered a ransomware attack and used the unusual tactic of posting the news on Twitter that students and faculty should shut down their computers.
Contributors and those who provided new information and ransomware stories this week include: @fwosar, @LawrenceAbrams, @PolarToffee, @demonslay335, @serghei, @billtoulas, @malwareforme, @DanielGallagher, @FourOctets, @VK_Intel, @BleepinComputer, @Ax_Sharma, @Ionut_Ilascu, @malwrhunterteam, @struppigel, @jorntvdw, @Seifreed, @CheckPointSW, @vinopaljiri, @TheDFIRReport, @LabsSentinel, @pcriskY @Friend_A_.
April 25, 2022
Quantum ransomware deployed in rapid network attacks
Quantum ransomware, a strain first discovered in August 2021, was observed to carry out rapid attacks that escalate rapidly, leaving defenders with little time to react.
PCrisk found a new ransomware that adds the .parker extension and drops a ransom note called RESTORE_FILES_INFO.txt.
April 26, 2022
American Dental Association hit by new Black Basta ransomware
The American Dental Association (ADA) suffered a cyberattack over the weekend, causing them to shut down parts of their network as they investigate the attack.
Coca-Cola investigates hacker claims of data breach and theft
Coca-Cola, the world’s largest soft drink maker, has confirmed in a statement to BleepingComputer that it is aware of reports of a cyberattack on its network and is currently investigating the allegations.
PCrisk found new variants of STOP ransomware that add the .jhgn, .jhbgY Dew extensions
April 27, 2022
Beware: Onyx ransomware destroys files instead of encrypting them
A new Onyx ransomware operation is destroying files larger than 2MB instead of encrypting them, preventing those files from being decrypted even if a ransom is paid.
New Black Basta ransomware springs into action with a dozen breaches
A new ransomware gang known as Black Basta quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks.
LockBit Ransomware Side-loads Cobalt Strike Beacon with legitimate VMware utility
During a recent investigation, our DFIR team discovered an interesting technique used by the LockBit Ransomware Group to upload a Cobalt Strike Beacon reflective loader. In this particular case, LockBit managed to sideload Cobalt Strike Beacon via a signed VMware xfer logs command line utility.
PCrisk found a new ransomware variant that adds the .axxes extension and drop ransom notes with the name RESTORE_FILES_INFO.hta Y RESTORE_FILES_INFO.txt.
April 28, 2022
The ransom payment is about 15% of the total cost of ransomware attacks
Researchers looking at the collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by threat actors.
Austin Peay State University Resumes After Ransomware Cyberattack
Austin Peay State University (APSU) confirmed yesterday that it had been the victim of a ransomware attack.
Friend-A found a new ransomware that adds the [email protected] extension and drops a ransom note called WE CAN RECOVER YOUR DATA.txt.
That’s all for this week! I hope everyone has a good weekend!