The Week in Ransomware – November 18th 2022

Lock with chains

There have been some interesting developments in ransomware this week, with the arrest of a cybercrime ring leader and reports shedding gentle on two new, but up-and-coming,  ransomware operations.

Just one of the major stories this week is the arrest of Ukrainian Vyacheslav Igorevich Penchukov, aka ‘Tank,’ for his alleged job as a leader in the JabberZeus cybercrime gang that operated the Zeus malware botnet.

Penchukov is also considered to be one particular of the supervisors of the notorious Maze ransomware procedure, which popularized double-extortion attacks.

Other information this 7 days are new reports on growing ransomware operations:

Last but not least, Ukraine suggests that a new Somnia ransomware is being utilized in attacks, CISA/FBI warned Iranian hackers breached a federal agency, and the FBI warned that Hive ransomware had designed about $100 million in ransom payments.

Contributors and all those who furnished new ransomware details and tales this 7 days involve: @struppigel, @Ionut_Ilascu, @malwareforme, @malwrhunterteam, @DanielGallagher, @serghei, @jorntvdw, @fwosar, @LawrenceAbrams, @PolarToffee, @demonslay335, @FourOctets, @billtoulas, @VK_Intel, @BleepinComputer, @pcrisk, @Seifreed, @GeeksCyber, @BlackBerry, @ahnlab, and @MsftSecIntel.

November 13th 2022

Ukraine claims Russian hacktivists use new Somnia ransomware

Russian hacktivists have infected multiple organizations in Ukraine with a new ransomware pressure known as ‘Somnia,’ encrypting their units and producing operational complications.

November 14th 2022

A Technological Investigation of Royal Ransomware

Royal ransomware is a current threat that appeared in 2022 and was specifically lively all through new months. The ransomware deletes all Volume Shadow Copies and avoids unique file extensions and folders. It encrypts the community shares discovered in the nearby network as very well as the area drives. A parameter termed “-id” that identifies the sufferer and is also created in the ransom observe need to be specified in the command line.

Australia to consider banning spending of ransoms to cyber criminals

Australia’s Home Affairs Minister Clare O’Neil on Sunday said the government would take into consideration making illegal the paying of ransoms to cyber hackers, next latest cyber attacks influencing tens of millions of Australians.

New Phobos ransomware variant

PCrisk uncovered a new Phobos variant that appends the .faust extension to encrypted files and drops ransom notes named details.txt and info.hta.

New Prevent ransomware variants

PCrisk identified new Quit ransomware variants that append the .fatp and .fate extensions to encrypted data files.

New Xorist ransomware variant

PCrisk found a new Xorist variant that appends the .ZeRy extension and drops a ransom take note identify HOW TO DECRYPT Documents.txt.

November 16th 2022

Suspected Zeus cybercrime ring leader ‘Tank’ arrested by Swiss police

Vyacheslav Igorevich Penchukov, also recognized as Tank and just one of the leaders of the infamous JabberZeus cybercrime gang, was arrested in Geneva past month.

US govt: Iranian hackers breached federal company employing Log4Shell exploit

The FBI and CISA unveiled in a joint advisory published right now that an unnamed Iranian-backed danger team hacked a Federal Civilian Government Branch (FCEB) group to deploy XMRig cryptomining malware.

DAGON LOCKER Ransomware Currently being Dispersed

It was found that the DAGON LOCKER ransomware (hereinafter referred to as “DAGON”) is getting dispersed in Korea. It was initially identified by means of AhnLab ASD infrastructure’s suspicious ransomware habits block record. In October, it was also reported to AhnLab as a suspicious file by a Korean corporation. DAGON is generally distributed through phishing mails or as an attachment to emails, but mainly because it is a ransomware-as-a-company, the distribution route and goal can differ according to the risk actor.

New VoidCrypt variant

PCrisk located a new VoidCrypt variant that appends the .DRCRM extension and drops a ransom note named Examine.txt.

New Anthraxbulletproof variant

PCrisk discovered a new ‘Anthraxbulletproof ‘ ransomware dependent on Chaos that appends the .Anthraxbulletproof extension and drops a ransom notice named go through_it.txt.

November 17th 2022

Earlier unidentified ARCrypter ransomware expands around the world

A formerly unknown ‘ARCrypter’ ransomware that compromised critical businesses in Latin The us is now increasing its assaults globally.

FBI: Hive ransomware extorted $100M from above 1,300 victims

The Federal Bureau of Investigation (FBI) reported right now that the notorious Hive ransomware gang has effectively extorted around $100 million from over a thousand businesses considering the fact that June 2021.

DEV-0569 finds new means to produce Royal ransomware, numerous payloads

Current action from the danger actor that Microsoft tracks as DEV-0569, identified to distribute a variety of payloads, has led to the deployment of the Royal ransomware, which initially emerged in September 2022 and is becoming distributed by multiple menace actors. Noticed DEV-0569 attacks show a pattern of continuous innovation, with frequent incorporation of new discovery tactics, defense evasion, and different article-compromise payloads, together with escalating ransomware facilitation.

November 18th 2022

New Satana ransomware variant

PCrisk discovered a new SATANA ransomware variant that appends the .Intercourse3 extension and drops a ransom notice named !satana!.txt.

Which is it for this week! Hope anyone has a wonderful weekend!