Let’s travel together.

The Week in Ransomware – June 24th 2022

The Conti ransomware gang has finally ended their charade and turned off their Tor data leak and negotiation sites, effectively shutting down the operation.

Since May, a lone Conti member has been posting data from older victims to make the gang appear alive, but in reality, Conti shut down last month.

The members are now long spread out in smaller cells among different operations, making it more challenging to target the crime syndicate.

Other news this week is a surge in eCh0raix ransomware attacks on QNAP devices, a report on a Mitel zero-day used in a ransomware attack, Chinese hackers are deploying ransomware as decoys, and a report on a Conti hacking spree that took place at the end of last year.

There were also quite a few attacks this week, or updated information on them, including those on Yodel, Nichirin, Fast Shop, and Artear.

Contributors and those who provided new ransomware information and stories this week include: @serghei, @jorntvdw, @struppigel, @Seifreed, @PolarToffee, @malwareforme, @VK_Intel, @BleepinComputer, @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @DanielGallagher, @fwosar, @FourOctets, @billtoulas, @demonslay335, @CrowdStrike, @felipepayao, @y_advintel, @AdvIntel, @Secureworks, @GroupIB, @GossiTheDog, @juanbrodersen, @PogoWasRight, @pcrisk, @BrettCallow, and @Amigo_A_.

June 18th 2022

QNAP NAS devices targeted by surge of eCh0raix ransomware attacks

This week, ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices again, according to user reports and sample submissions on the ID Ransomware platform.

June 20th 2022

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .hkgt, .efvc, and .eijy extensions.

June 21st 2022

Yodel parcel company confirms cyberattack is disrupting delivery

Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online.

Brooks County pays off hacker with tax dollars after ransomware attack

A recent ransomware attack on Brooks County’s Justice of the Peace and district courts, and finance department, cost it more than $37,000.

June 22nd 2022

New HardItem ransomware

PCrisk found the new HardItem ransomware that appends the .harditem extension and drops a ransom note named RESTORE_FILES_INFO.txt.

June 23rd 2022

Automotive hose maker Nichirin hit by ransomware attack

Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline.

Chinese hackers use ransomware as decoy for cyber espionage

Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities.

Conti ransomware hacking spree breaches over 40 orgs in a month

The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month.

Hive claims the attack on Artear

After the cyberattack suffered on June 1 by Artear , the company that owns Canal 13, TN and other Grupo Clarín television channels, it was found out who managed to access the systems. It is about Hive , a gang of cybercriminals that operates with ransomware , a program that encrypts third-party files to ask for money in exchange for their ransom.

June 24th 2022

Conti ransomware finally shuts down data leak, negotiation sites

The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.

Fast Shop Brazilian retailer discloses “extortion” cyberattack

Fast Shop, one of Brazil’s largest retailers, has suffered an ‘extortion’ cyberattack that led to network disruption and the temporary closure of its online store.

Mitel zero-day used by hackers in suspected ransomware attack

Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack.

Pennsylvania HIM services provider hit with ransomware

Hive threat actors have allegedly hit Diskriter, a Pennsylvania-headquartered firm that provides health information management services, revenue cycle management solutions, transcription services, and staffing. Diskriter’s clients include a number of state and municipal governments as well as medical facilities.

New Kanalia ransomware

Amigo-A found a new Kanalia Ransomware targeting users in Russia and appending the .XJJ extension.

That’s it for this week! Hope everyone has a nice weekend!

Comments are closed.