The Week in Ransomware – January 7th 2022
With the holidays these past two weeks, there have been only a few known ransomware attacks and little research released.
At the end of December, a new enterprise-targeting ransomware operation called Night Sky was launched, but it is not very active so far.
We also saw an increase in Qlocker and eCh0raix campaigns targeting QNAP NAS devices, leading to QNAP releasing a security advisory.
The most noteworthy information that came out today is a new FBI flash alert warning that FIN7 hackers were sending malicious USB drives to defense firms that deployed REvil and BlackMatter ransomware.
Now that the holidays are over, we can expect to see more attacks by threat actors and research related to new TTPs.
Contributors and those who provided new ransomware information and stories this week include: @PolarToffee, @LawrenceAbrams, @VK_Intel, @FourOctets, @jorntvdw, @serghei, @Ionut_Ilascu, @DanielGallagher, @struppigel, @malwrhunterteam, @billtoulas, @malwareforme, @demonslay335, @fwosar, @BleepinComputer, @Seifreed, @BrettCallow, @pancak3lullz, @fbgwls245, @brfreed, @campuscodi, and @Amigo_A_,
January 1st 2022
dnwls0719 found a new Golang ransomware variant that appends the .xyz extension.
January 2nd 2022
Jakub Kroustek found a new STOP ransomware variant that appends the .loov extension.
Jakub Kroustek found a new STOP ransomware variant that appends the .dehd extension.
The Lapsus$ ransomware gang has hacked and is currently extorting Impresa, the largest media conglomerate in Portugal and the owner of SIC and Expresso, the country’s largest TV channel and weekly newspaper, respectively.
January 4th, 2022
Government buildings in Bernalillo County, New Mexico, were closed to the public Wednesday in response to what appears to be the first ransomware attack this year against a local government in the United States.
January 6th 2022
FinalSite ransomware attack shuts down thousands of school websites
FinalSite, a leading school website services provider, has suffered a ransomware attack disrupting access to websites for thousands of schools worldwide.
Night Sky is the latest ransomware targeting corporate networks
It’s a new year, and with it comes a new ransomware to keep an eye on called ‘Night Sky’ that targets corporate networks and steals data in double-extortion attacks.
January 7th 2022
FBI: Hackers target US defense firms with malicious USB packages
The Federal Bureau of Investigation (FBI) warned US companies in a recently updated flash alert that the financially motivated FIN7 cybercriminal group is targeting the US defense industry with packages containing malicious USB devices to deploy ransomware.
QNAP warns of ransomware targeting Internet-exposed NAS devices
QNAP has warned customers today to secure Internet-exposed network-attached storage (NAS) devices immediately from ongoing ransomware and brute-force attacks.
Amigo-A spotted a new Problem Ransomware variant that appends the .problem extension and drops a ransom note named readme.txt.