This week’s big news is the arrests of two ransomware operators in Ukraine responsible for hundreds of attacks targeting organizations worldwide.
The US is also proposing new bills and initiatives to force companies to disclose ransom payments and government contractors to disclose breaches.
Under the new Civil Cyber-Fraud Initiative, the US DOJ will allow government contractors to be sued if they don’t report a breach or fail to meet required cybersecurity standards.
A new ‘Ransom Disclosure Act’ bill has been introduced to require any ransomware victims to report ransom payments within 48 hours.
Finally, some of the ransomware attacks revealed this week include SandHills Global, Weir Group, and we finally have confirmation that Cox Media Group was attacked in June.
Contributors and those who provided new ransomware information and stories this week include: @struppigel, @Seifreed, @FourOctets, @malwareforme, @billtoulas, @demonslay335, @fwosar, @VK_Intel, @PolarToffee, @serghei, @Ionut_Ilascu, @malwrhunterteam, @LawrenceAbrams, @BleepinComputer, @DanielGallagher, @jorntvdw, @kaspersky, @threatresearch, @thepacketrat, @vikas891, @fbgwls245, and @Mandiant.
October 2nd 2021
Sandhills online machinery markets shut down by ransomware attack
Industry publication giant Sandhills Global has suffered a ransomware attack, causing hosted websites to become inaccessible and disrupting their business operations.
October 3rd 2021
dnwls0719 found a new STOP ransomware variant that appends the .tisc extension.
October 4th 2021
Ransomware operators behind hundreds of attacks arrested in Ukraine
Europol has announced the arrest of two men in Ukraine, said to be members of a prolific ransomware operation that extorted victims with ransom demands ranging between €5 to €70 million.
New Atom Silo ransomware targets vulnerable Confluence servers
Atom Silo, a newly spotted ransomware group, is targeting a recently patched and actively exploited Confluence Server and Data Center vulnerability to deploy their ransomware payloads.
October 5th 2021
Ransomware gang encrypts VMware ESXi servers with Python script
Operators of an unknown ransomware gang are using a Python script to encrypt virtual machines hosted on VMware ESXi servers.
October 6th 2021
U.S. govt to sue contractors who hide breach incidents
Under the new Civil Cyber-Fraud Initiative that the U.S. Department of Justice announced today, government contractors are accountable in a civil court if they don’t report a breach or fail to meet required cybersecurity standards.
Ransom Disclosure Act would give victims 48 hours to report payments
Victims of ransomware attacks in the United States may soon have to report any payments to hackers within 48 hours, according to a new legislation proposal titled the ‘Ransom Disclosure Act’.
xXToffeeXx found a “BabyDuck” ransomware that uses the .babyduck extension and drops a ransom note named #README.babyduck. No this is not a joke.
October 7th 2021
FIN12 hits healthcare with quick and focused ransomware attacks
It can take less than two days for the FIN12 gang to execute on the target network a file-encrypting payload – most of the time Ryuk ransomware.
October 8th 2021
Engineering giant Weir Group hit by ransomware attack
Scottish multinational engineering firm Weir Group has disclosed an “attempted ransomware attack” that led to “significant temporary disruption” in September.
Russian orgs heavily targeted by smaller tier ransomware gangs
Even though American and European companies enjoy the lion’s share of ransomware attacks launched from Russian ground, companies in the country aren’t spared from having to deal with file encryption and double-extortion troubles of their own.
Cox Media Group confirms ransomware attack that took down broadcasts
American media conglomerate Cox Media Group (CMG) confirmed that it was hit by a ransomware attack that took down live TV and radio broadcast streams in June 2021.