D2
Администратор
- Регистрация
- 19 Фев 2025
- Сообщения
- 4,380
- Реакции
- 0
While the beginning of this week was fairly quiet, it definitely ended with a bang as news came out of the largest ransom demand yet.
It was revealed at the end of the week that computer maker Acer suffered a REvil ransomware attack where the threat actors are demanding a massive $50,000,000 ransom.
REvil also made this news this week with the addition of a new -smode argument that causes Windows to reboot into Safe Mode with Networking to perform the encryption. REvil's 'Unknown' also conducted an interview with TheRecord.
Finally, we saw an FBI warning about PYSA and new variants of ransomware families released.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @struppigel, @LawrenceAbrams, @Seifreed, @DanielGallagher, @VK_Intel, @fwosar, @malwrhunterteam, @FourOctets, @demonslay335, @BleepinComputer, @serghei, @jorntvdw, @Ionut_Ilascu, @PolarToffee, @Amigo_A_, @GrujaRS, @ddd1ms, @campuscodi, @ValeryMarchive, @3xp0rtblog, @Kangxiaopao, and @fbgwls245.
A member of the cybercriminal community has discovered and disclosed a bug in the LockBit ransomware that could have been used for free decryptions.
It was revealed at the end of the week that computer maker Acer suffered a REvil ransomware attack where the threat actors are demanding a massive $50,000,000 ransom.
REvil also made this news this week with the addition of a new -smode argument that causes Windows to reboot into Safe Mode with Networking to perform the encryption. REvil's 'Unknown' also conducted an interview with TheRecord.
Finally, we saw an FBI warning about PYSA and new variants of ransomware families released.
Contributors and those who provided new ransomware information and stories this week include: @malwareforme, @struppigel, @LawrenceAbrams, @Seifreed, @DanielGallagher, @VK_Intel, @fwosar, @malwrhunterteam, @FourOctets, @demonslay335, @BleepinComputer, @serghei, @jorntvdw, @Ionut_Ilascu, @PolarToffee, @Amigo_A_, @GrujaRS, @ddd1ms, @campuscodi, @ValeryMarchive, @3xp0rtblog, @Kangxiaopao, and @fbgwls245.
March 13th 2021
New RunExeMemory ransomware variant
GrujaRSA found a new variant of the RunExeMemory that appends the .z8sj2c extension and drops a ransom note named Read me, if you want to recover your files.txt.March 16th 2021
FBI warns of escalating Pysa ransomware attacks on education orgs
The Federal Bureau of Investigation (FBI) Cyber Division has warned system administrators and cybersecurity professionals of increased Pysa ransomware activity targeting educational institutions.An interview with REvil’s Unknown
Unknown talked to Recorded Future expert threat intelligence analyst Dmitry Smilyanets recently about using ransomware as a weapon, staying out of politics, experimenting with new tactics, and much more. The interview was conducted in Russian and translated to English with the help of a professional translator, and has been edited for clarity.New Liz Dharma ransomware variant
Jakub Kroustek found a new Dharma Ransomware variant that appends the .liz extension.New Rapid ransomware variant
dnwls0719 found a new Rapid ransomware variant that appends the .lock extension.New Xorist ransomware variant
xiaopao found a new variant of the SFile ransomware that appends the .sandboxtest extension.March 17th 2021
Missed opportunity: Bug in LockBit ransomware allowed free decryptions
A member of the cybercriminal community has discovered and disclosed a bug in the LockBit ransomware that could have been used for free decryptions.
New Hakbit ransomware variant
xiaopao found a new variant of the SFile ransomware that appends the .PROM extension.New SFile ransomware variant
xiaopao found a new variant of the SFile ransomware that appends the .zuadr extension and drops a ransom note named RESTORE_FILES_INFO.hta and RESTORE_FILES_INFO.txt.March 18th 2021
New PewPew Ransomware variant
Amigo-A found a new PewPew Ransomware variant that calls itself 'Artemis' and appends the .optimus extension to encrypted files.New Stop ransomware variant
dnwls0719 found a new STOP Djvu ransomware variant that appends the .enfp and drops a ransom note named _readme.txt.