Ukraine links members of Gamaredon hacker group to Russian FSB
Samsung Galaxy S21 hacked on second day of Pwn2Own Austin
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware
US targets DarkSide ransomware, rebrands with $10 million reward
OneDrive reaches end of support on Windows 7, 8 in January
This 3-course bundle helps you master PivotTables in Microsoft Excel
The Week in Ransomware – November 5th 2021 – Placing bounties
Windows 11 KB5008295 OOB update fixes certificate issue breaking apps
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Search Redirect
Remove the Search Redirect
Remove the Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
Shadow figure
Law enforcement continues to keep up the pressure on ransomware operations with infrastructure hacks and million-dollar rewards, leading to the shut down of criminal operations.
Due to this increased pressure by law enforcement, the BlackMatter (DarkSide) ransomware gang announced to affiliates that they were shutting down this week after members were missing.
BleepingComputer later discovered that BlackMatter began moving existing victims to LockBit ransomware’s infrastructure to continue extortion demands.
To keep pressure on the DarkSide gang and warn that rebranding to a new operation won’t stop law enforcement, the US Department of State announced a $10 million reward for identifying or locating key leaders in the organization. In addition, the US government is also offering $5 million for the arrest of any individuals participating in future attacks using DarkSide variants.
The FBI also issued advisories this week warning that HelloKitty has added DDoS attacks to their arsenal, that ransomware gangs commonly conduct attacks “during time-sensitive financial events,” and that gangs are targeting tribal-owned businesses, including casinos.
Ransomware attacks we saw this week were against the UK Labour Party and the Newfoundland and Labrador health systems.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @malwareforme, @LawrenceAbrams, @BleepinComputer, @fwosar, @DanielGallagher, @Ionut_Ilascu, @struppigel, @jorntvdw, @VK_Intel, @billtoulas, @malwrhunterteam, @FourOctets, @demonslay335, @PolarToffee, @Seifreed, @CofenseLabs, @TalosSecurity, @vxunderground, @pancak3lullz, @Fortinet@GelosSnake, @nakashimae, @DDaltonBennett, @fbgwls245, @pcrisk, and @Amigo_A_.
The Chaos Ransomware gang encrypts gamers’ Windows devices through fake Minecraft alt lists promoted on gaming forums.
The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry partners that the HelloKitty ransomware gang (aka FiveHands) has added distributed denial-of-service (DDoS) attacks to their arsenal of extortion tactics.
The BlackShadow hacking group attacked the Israeli hosting provider Cyberserve to steal client databases and disrupt the company’s services.
The Canadian province of Newfoundland and Labrador has suffered a cyberattack that has led to severe disruption to healthcare providers and hospitals.
dnwls0719 found a new Dharma ransomware variant that append the .MS extension to encrypted files.
PCrisk found new STOP ransomware variants that append the .cool and .palq extensions to encrypted files.
The Federal Bureau of Investigation (FBI) warns that ransomware gangs are targeting companies involved in “time-sensitive financial events” such as corporate mergers and acquisitions to make it easier to extort their victims.
The BlackMatter ransomware is allegedly shutting down its operation due to pressure from the authorities and recent law enforcement operations.
The U.K. Labour Party notified members that some of their information was impacted in a data breach after a ransomware attack hit a supplier managing the party’s data.
With the BlackMatter ransomware operation shutting down, existing affiliates are moving their victims to the competing LockBit ransomware site for continued extortion.
A major overseas ransomware group shut down last month after a pair of operations by U.S. Cyber Command and a foreign government targeting the criminals’ servers left its leaders too frightened of identification and arrest to stay in business, according to several U.S. officials familiar with the matter.
Amigo-A found a new Polaris ransomware that is targeting Linux and dropping ransom notes named WARNING.txt.
A new threat actor is hacking Microsoft Exchange servers and breaching corporate networks using the ProxyShell vulnerability to deploy the Babuk Ransomware.
A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.
The US government is targeting the DarkSide ransomware and its rebrands with up to a $10,000,000 reward for information leading to the identification or arrest of members of the operation.
Details about the tools and tactics used by a ransomware affiliate group, now tracked as Lockean, have emerged today in a report from France’s Computer Emergency Response Team (CERT).
PCrisk found a new Dharma ransomware variant that append the .WORM extension to encrypted files.
PCrisk found new STOP ransomware variants that append the .stax and .irkf extensions to encrypted files.
dnwls0719 found a new Thanos ransomware variant that appends the .stepik extension.
The Week in Ransomware – October 22nd 2021 – Striking back
BlackMatter ransomware claims to be shutting down due to police pressure
The Week in Ransomware – October 29th 2021 – Making arrests
BlackMatter ransomware victims quietly helped using secret decryptor
The Week in Ransomware – September 17th 2021 – REvil decrypted
Not a member yet? Register Now
Popular ‘coa’ NPM library hijacked to steal user passwords
Samsung Galaxy S21 hacked on second day of Pwn2Own Austin
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

State-backed hackers increasingly use RTF injection for phishing

FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangsEwDoor botnet targets…

Windows 10 App Installer abused in BazarLoader malware attacks

HPE says hackers breached Aruba Central using stolen access keyFBI warns of…

CISA orders federal agencies to fix hundreds of exploited security flaws

CISA orders federal agencies to fix hundreds of exploited security flawsUS sanctions…

Log4j attackers switch to injecting Monero miners via RMI

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flawsNew ransomware now…