July 10

The Week in Ransomware – July 9th 2021 – A problematic attack



This week’s news concentrates on the after-effects of REvil’s ransomware attack on MSPs and clients utilizing zero-day vulnerabilities in Kaseya VSA. Fortunately is that it has actually not been as disruptive as we at first feared.

As REvil performed their attack from another location, they never ever had access to the victims’ networks and hence might not erase backups or take information.

With the absence of this utilize, victims are bring back from backups instead of paying the ransom.

Unfortunately, this attack was close to being avoided as Kaseya worked on spots for the zero-day vulnerabilities simply as the attacks began.

Due to continuous ransomware attacks on United States interests, President Biden has actually as soon as versus alerted President Putin that Russia requires to jail the ransomware gangs running from Russia or the United States will act rather.

A brand-new ransomware payment tracking website called Ransomwhere was released today.

Factors and those who supplied brand-new ransomware details and stories today consist of: @VK_Intel, @malwrhunterteam, @serghei, @struppigel, @FourOctets, @DanielGallagher, @Ionut_Ilascu, @fwosar, @demonslay335, @malwareforme, @BleepinComputer, @Seifreed, @jorntvdw, @LawrenceAbrams, @PolarToffee, @LabsSentinel, @coveware, @billseagull, @Malwarebytes, @_johnhammond, @DIVDcsirt, @ 0xDUDE, @jackhcable, and @pcrisk.

July 4th 2021

Kaseya was repairing zero-day simply as REvil ransomware sprung their attack

The zero-day vulnerability utilized to breach on-premise Kaseya VSA servers remained in the procedure of being repaired, simply as the REvil ransomware gang utilized it to carry out an enormous Friday attack.

REvil is increasing ransoms for Kaseya ransomware attack victims

The REvil ransomware gang is increasing the ransom needs for victims secured throughout Friday’s Kaseya ransomware attack.

New AvosLocker RaaS

Toffee saw a brand-new RaaS called AvosLocker being promoted on a hacker online forum. Adds the . avos extension to encrypted files and drops the GET_YOUR_FILES_BACK. txt ransom note.

July 5th 2021

REvil ransomware asks $70 million to decrypt all Kaseya attack victims

REvil ransomware has actually set a cost for decrypting all systems locked throughout the Kaseya supply-chain attack. The gang desires $70 million in Bitcoin for the tool that enables all afflicted organizations to recuperate their files.

CISA, FBI share assistance for victims of Kaseya ransomware attack

CISA and the Federal Bureau of Investigation (FBI) have actually shared assistance for handled company (MSPs) and their consumers affected by the REvil supply-chain ransomware attack that struck the systems of Kaseya’s cloud-based MSP platform.

New STOP Djvu ransomware variations

PCrisk discovered brand-new STOP ransomware variations that add the . zqqw and . pooe extensions.

July 6th 2021

United States cautions of action versus ransomware gangs if Russia declines

White House Press Secretary Jen Psaki states that the United States will do something about it versus cybercriminal groups from Russia if the Russian federal government declines to do so.

Kaseya: Roughly 1,500 companies struck by REvil ransomware attack

Kaseya states the REvil supply-chain ransomware attack breached the systems of approximately 60 of its direct clients utilizing the business’s VSA on-premises item.

Ransomware stats for 2021: Q2 report

The 2nd quarter of 2021 marked the most significant ransomware attack on U.S. facilities to date. On May 7, The Colonial Pipeline Company, which runs the biggest pipeline system for refined oil items in the United States, was contaminated with DarkSide ransomware. The attack led to a six-day shutdown that was just dealt with when Colonial Pipeline paid the $4.4 million ransom– a choice that CEO Joseph Blount referred to as “the best thing to do for our nation.”

July 7th 2021

Phony Kaseya VSA security upgrade backdoors networks with Cobalt Strike

Hazard stars are attempting to take advantage of the continuous Kaseya ransomware attack crisis by targeting prospective victims in a spam project pressing Cobalt Strike payloads camouflaged as Kaseya VSA security updates.

New STOP Djvu ransomware version

PCrisk discovered a brand-new STOP ransomware version that adds the . zzla extension.

July 8th 2021

Conti Unpacked|Comprehending Ransomware Development As a Response to Detection

Not yet 2 years of ages and currently in its seventh version, Ransomware as a Service alternative Conti has actually shown to be a nimble and proficient malware hazard, efficient in both self-governing and directed operation and with unrivaled file encryption speed. Since June 2021, Conti’s special function set has actually assisted its affiliates obtain a number of million dollars from over 400 companies.

Morgan Stanley reports information breach after supplier Accellion hack

Financial investment banking company Morgan Stanley has actually reported an information breach after assaulters took individual details coming from its clients by hacking into the Accellion FTA server of a third-party supplier.

‘Barely able to maintain’: America’s cyberwarriors are spread out thin by attacks

Charles Carmakal has an issue: Ransomware has actually ended up being so respected that he has excessive service.

REvil victims are declining to pay after problematic Kaseya ransomware attack

The REvil ransomware gang’s attack on MSPs and their clients recently outwardly must have achieved success, yet modifications in their normal methods and treatments have actually caused couple of ransom payments.

New Ransomwarewhere website released

Jack Cable released a ransom payment tracking website called Ransomwarewhere.

New ransomware hunt

Michael Gillespie is trying to find a brand-new ransomware that adds the extension . nohope and drops a ransom note called NOHOPE_README. txt.

July 9th 2021

Kaseya alerts of phishing project pressing phony security updates

Kaseya has actually cautioned consumers that a continuous phishing project tries to breach their networks by spamming e-mails bundling destructive accessories and ingrained links impersonating genuine VSA security updates.

Insurance coverage huge CNA reports information breach after ransomware attack

CNA Financial Corporation, a leading US-based insurer, is alerting clients of an information breach following a Phoenix CryptoLocker ransomware attack that struck its systems in March.

That’s it for today! Hope everybody has a good weekend!




You may also like

Subscribe to our newsletter now!