Ransomware and Recent Variants

Blackbyte ransomware hits San Francisco 49ers ahead of Super Bowl

"The NFL's San Francisco 49ers team is recovering from a cyberattack by the BlackByte ransomware gang who claims to have stolen data from the American football organization.

While the 49ers did not confirm whether hackers successfully deployed the ransomware, they said they are still in the process of recovering systems, indicating that devices were likely encrypted..."

https://www.bleepingcomputer.com/ne...sco-49ers-hit-by-blackbyte-ransomware-attack/

 

The Week in Ransomware - February 18th 2022 - Mergers & Acquisitions

https://www.bleepingcomputer.com/ne...-february-18th-2022-mergers-and-acquisitions/

 

Ransomware extortion doesn't stop after paying the ransom

https://www.bleepingcomputer.com/ne...xtortion-doesnt-stop-after-paying-the-ransom/

 

Master Key for Hive Ransomware Retrieved Using a Flaw in its Encryption Algorithm

https://thehackernews.com/2022/02/master-key-for-hive-ransomware.html

 

"Two ransomware gangs hacked the same target at the same time: Here's what happened next...

A healthcare provider fell victim to two simultaneous cyber attacks by two separate ransomware gangs using different techniques to exploit unpatched security vulnerabilities in Microsoft Exchange Server at the same time, which even led to the second ransomware attack encrypting the ransom note left by the first..."

https://www.zdnet.com/article/two-r...et-at-the-same-time-heres-what-happened-next/

 

Conti Ransomware Decryptor, TrickBot Source Code Leaked

https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/

 

Free HermeticRansom Ransomware Decryptor Released

https://threatpost.com/free-hermeticransom-ransomware-decryptor-released/178762/

 

The Week in Ransomware - March 18th 2022 - Targeting the auto industry

https://www.bleepingcomputer.com/ne...-march-18th-2022-targeting-the-auto-industry/

 

"Russian-based ransomware group Conti has its source code leaked

A Ukrainian security researcher just shared the source code of an infamous Russian-based ransomware group..."

https://www.windowscentral.com/russian-based-ransomware-group-conti-has-source-code-leaked

"Hacker leaked a new version of Conti ransomware source code on Twitter..."

https://securityaffairs.co/wordpres...cker-leaked-conti-ransomware-source-code.html

 

Ransomware tries to deletes files and render the system unusable.

https://www.zdnet.com/article/every...-wipe-windows-pcs-if-its-victims-dont-pay-up/

 

"Instead of attackers using the threat of leaking a victim's files to pressure them into paying, LokiLock's customers threaten to overwrite a victim's Windows Master Boot Record (MBR), which wipes all files and renders the machine unusable."
I like to think that restoring an image would still work, wouldn't it?

 

I really can't say, but it might, and I hope

 

Ten notorious ransomware strains put to the encryption speed test

https://www.bleepingcomputer.com/ne...are-strains-put-to-the-encryption-speed-test/

 

I was wondering, what file formats ransomware does not encrypt? Like .sys, .log or? Lets say that I backup some files and put the mentioned extensions instead, it would not touch it?

 

Hello @TairikuOkami

Although that could be an interesting technique to try, it seems that not exactly file formats, but some languages may have some immunity.

Perhaps you too may have recalled reading that some ransomware groups, (DarkSide et al) with close ties to the Russian Federation, will not attack some (Windows®) victim systems detected to use the Russian & Ukrainian languages. One trouble being that several dozens of languages are used between the Russian Federation and Ukraine.

Attribution: https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/

HTH

 

New ransomware demands victims to donate to poor

https://www.independent.co.uk/tech/ransomware-goodwill-cyber-security-cloudsec-b2085089.html

 

Ransomware group ups pressure on victims with new extortion tactic

https://blog.emsisoft.com/en/41331/ransomware-group-pressure-victim-with-new-tactic/