The Week in Ransomware – June 24th 2022
The Conti ransomware gang has finally ended their charade and turned off their Tor data leak and negotiation sites, effectively shutting down the operation.
Since May, a lone Conti member has been posting data from older victims to make the gang appear alive, but in reality, Conti shut down last month.
The members are now long spread out in smaller cells among different operations, making it more challenging to target the crime syndicate.
Other news this week is a surge in eCh0raix ransomware attacks on QNAP devices, a report on a Mitel zero-day used in a ransomware attack, Chinese hackers are deploying ransomware as decoys, and a report on a Conti hacking spree that took place at the end of last year.
There were also quite a few attacks this week, or updated information on them, including those on Yodel, Nichirin, Fast Shop, and Artear.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @jorntvdw, @struppigel, @Seifreed, @PolarToffee, @malwareforme, @VK_Intel, @BleepinComputer, @malwrhunterteam, @Ionut_Ilascu, @LawrenceAbrams, @DanielGallagher, @fwosar, @FourOctets, @billtoulas, @demonslay335, @CrowdStrike, @felipepayao, @y_advintel, @AdvIntel, @Secureworks, @GroupIB, @GossiTheDog, @juanbrodersen, @PogoWasRight, @pcrisk, @BrettCallow, and @Amigo_A_.
June 18th 2022
QNAP NAS devices targeted by surge of eCh0raix ransomware attacks
This week, ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices again, according to user reports and sample submissions on the ID Ransomware platform.
June 20th 2022
PCrisk found new STOP ransomware variants that append the .hkgt, .efvc, and .eijy extensions.
June 21st 2022
Yodel parcel company confirms cyberattack is disrupting delivery
Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online.
A recent ransomware attack on Brooks County’s Justice of the Peace and district courts, and finance department, cost it more than $37,000.
June 22nd 2022
PCrisk found the new HardItem ransomware that appends the .harditem extension and drops a ransom note named RESTORE_FILES_INFO.txt.
June 23rd 2022
Automotive hose maker Nichirin hit by ransomware attack
Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline.
Chinese hackers use ransomware as decoy for cyber espionage
Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities.
Conti ransomware hacking spree breaches over 40 orgs in a month
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month.
After the cyberattack suffered on June 1 by Artear , the company that owns Canal 13, TN and other Grupo Clarín television channels, it was found out who managed to access the systems. It is about Hive , a gang of cybercriminals that operates with ransomware , a program that encrypts third-party files to ask for money in exchange for their ransom.
June 24th 2022
Conti ransomware finally shuts down data leak, negotiation sites
The Conti ransomware operation has finally shut down its last public-facing infrastructure, consisting of two Tor servers used to leak data and negotiate with victims, closing the final chapter of the notorious cybercrime brand.
Fast Shop Brazilian retailer discloses “extortion” cyberattack
Fast Shop, one of Brazil’s largest retailers, has suffered an ‘extortion’ cyberattack that led to network disruption and the temporary closure of its online store.
Mitel zero-day used by hackers in suspected ransomware attack
Hackers used a zero-day exploit on Linux-based Mitel MiVoice VOIP appliances for initial access in what is believed to be the beginning of a ransomware attack.
Hive threat actors have allegedly hit Diskriter, a Pennsylvania-headquartered firm that provides health information management services, revenue cycle management solutions, transcription services, and staffing. Diskriter’s clients include a number of state and municipal governments as well as medical facilities.
Amigo-A found a new Kanalia Ransomware targeting users in Russia and appending the .XJJ extension.