The Week in Ransomware - March 5th 2021 - Targeting service providers March 5, 2021 https://www.bleepingcomputer.com/ne...e-march-5th-2021-targeting-service-providers/
The Week in Ransomware - March 12th 2021 - Encrypting Exchange servers March 12, 2021 https://www.bleepingcomputer.com/ne...-march-12th-2021-encrypting-exchange-servers/
Ransomware statistics for 2020: Year in summary https://blog.emsisoft.com/en/38259/ransomware-statistics-for-2020-year-in-summary/
The Week in Ransomware - March 19th 2021 - Highest ransom ever! March 19, 2021 https://www.bleepingcomputer.com/ne...nsomware-march-19th-2021-highest-ransom-ever/
This article is worth a "full read." If your PC suddenly reboots to Safe mode and you're presented with the Win logon screen; assuming you have that configured, immediately power down your PC.
They say REvil is also known as Sodinokibi, which typically starts as a phishing email. If the recipient clicks on the link, it downloads the malicious-and-hard-for-antivirus-to-detect zip file, then the user needs to double-click the file to launch the attack. So assuming the user needs to screw up twice, which is not out of the realm of possibility, then some other protection in the form of system hardening such as HIPS, SRP, or maybe OSArmor, to name a few possibilities could come to the rescue. The obfuscated javascript file is proof antivirus can't be depended on 100%.
FBI exposes weakness in Mamba ransomware, DiskCryptor. https://www.bleepingcomputer.com/news/security/fbi-exposes-weakness-in-mamba-ransomware-diskcryptor/
The Week in Ransomware - March 26th 2021 - Attacks increase https://www.bleepingcomputer.com/ne...-ransomware-march-26th-2021-attacks-increase/
"Ziggy Ransomware Gang Offers Refunds to Victims The Ziggy ransomware gang announced in early February they were getting out of the cybercrime business. Now they say they’re ready to refund their victims’ money. Anyone who paid a ransom to Ziggy just needs to shoot them an email with proof of payment calculated in Bitcoin and the computer ID. After that, the money will be returned to the Bitcoin wallet in about two weeks... Apparently, Ziggy was scared straight in early February after law-enforcement takedowns of fellow purveyors of malware like Emotet and the NetWalker ransomware; and added that they were feeling guilty..." https://threatpost.com/ziggy-ransomware-gang-offers-refund-to-victims/165124/
"Hacked companies are paying off ransomware gangs, the criminals are reinvesting the profits in making bigger and bolder attacks, and there's no end in sight... Gangs, many located in Russia, and using their loot to invest in AI and other tools to be more effective... Whether the payments come via insurers or from the companies themselves, they are funding advancements for the gangs. 'They're investing in the development of automation tools' ... using machine learning to find and exploit holes in organizations' defenses. It used to take gangs weeks to seize organizations' data and demand a ransom, the analyst said. Now it can be done in hours..." https://www.businessinsider.com/ran...-coalition-deep-instinct-vicious-cycle-2021-4
Windows XP makes ransomware gangs work harder for their money. https://www.bleepingcomputer.com/ne...ransomware-gangs-work-harder-for-their-money/
REvil ransomware now changes password to auto-login in Safe Mode https://www.bleepingcomputer.com/ne...-changes-password-to-auto-login-in-safe-mode/
The Week in Ransomware - April 9th 2021 - Massive ransom demands https://www.bleepingcomputer.com/ne...omware-april-9th-2021-massive-ransom-demands/
Dutch supermarkets run out of cheese after ransomware attack https://www.bleepingcomputer.com/ne...ts-run-out-of-cheese-after-ransomware-attack/
PSA: Severe bug in Babuk ransomware decryptor leads to data loss https://blog.emsisoft.com/en/38378/psa-severe-bug-in-babuk-ransomware-decryptor-leads-to-data-loss/
"Ransomware Gang Strikes The NBA Houston Rockets Screenshots...indicate that the attackers claim to have stolen 500 gigabytes of data during the breach... The ransomware used in the attack, Babuk, is not considered to be especially sophisticated. It is, however, still quite dangerous. Babuk has been unleashed against a variety of targets in the healthcare sector, as well as manufacturers and logistics companies... Files stolen during the attack appear to include player contracts, non-disclosure agreements, personnel information and other financial data. In the ransom note left behind, the attackers note that the data 'could lead to legal problems and cause concern for customers' if published..." https://www.forbes.com/sites/leemat...-strikes-the-houston-rockets/?sh=3853fb6b74ba
The Week in Ransomware - April 16th 2021 - The Houston Rockets April 16, 2021 https://www.bleepingcomputer.com/ne...nsomware-april-16th-2021-the-houston-rockets/
Ryuk ransomware operation updates hacking techniques April 17, 2021 https://www.bleepingcomputer.com/news/security/ryuk-ransomware-operation-updates-hacking-techniques/
Discord Nitro gift codes now demanded as ransomware payments April 18, 2021 https://www.bleepingcomputer.com/ne...ft-codes-now-demanded-as-ransomware-payments/
"Ransomware targeted by the new Department of Justice Task Force The Department of Justice has formed a task force to curb the proliferation of ransomware cyberattacks, targeting the entire digital ecosystem that supports popular blackmail schemes to make them less profitable... According to the Memorandum of Understanding, the Task Force will identify ransomware as a priority to increase training, allocate more resources to problems, improve intelligence sharing across departments, and 'connect criminals with the nation-state.' This memo covers the criminal ecosystem surrounding ransomware, including prosecution, interruption of ongoing attacks, and suppression of services that support attacks, such as online forums promoting ransomware sales and hosting services that promote ransomware campaigns... The Task Force consists of the Department of Justice’s Criminal, National Security, Civil Affairs, Federal Bureau of Investigation, and the US Public Prosecutor’s Office..." https://texasnewstoday.com/ransomware-targeted-by-the-new-department-of-justice-task-force/235303/
Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices https://www.bleepingcomputer.com/ne...are-attack-uses-7zip-to-encrypt-qnap-devices/
Stanford student finds glitch in ransomware payment system to save victims $27,000 https://www.cyberscoop.com/jack-cable-qlocker-ransomware-recovery/
