The Week in Ransomware – April 15th 2022

Beware american cyberattacks

While countries worldwide have been the frequent target of ransomware attacks, Russia and CIS countries have been avoided by threat actors.

The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities.

We also learned of the relatively unknown OldGremlin ransomware group, primarily targeting Russian organizations.

This week’s other interesting news was reporting on the Karakurt data extortion group, which was revealed to be another arm of the Conti Ransomware crime syndicate.

The Karakurt group handles data extortion tasks for the Conti operation when they are blocked from deploying their ransomware.

Sophos also published a concerning report stating that the LockBit operation lurked in a government network for five months before deploying their ransomware.

Finally, we learned of ransomware attacks on the wind turbine giant Nordex and luxury fashion brand Ermenegildo Zegna.

Contributors and those who provided new ransomware information and stories this week include: @FourOctets, @DanielGallagher, @fwosar, @malwareforme, @serghei, @billtoulas, @LawrenceAbrams, @jorntvdw, @BleepinComputer, @demonslay335, @PolarToffee, @VK_Intel, @malwrhunterteam, @Ionut_Ilascu, @struppigel, @Seifreed, @infinitumITlabs,@AWNetworks, @moltke, @GroupIB_GIB, @SophosLabs, @ZeroLogon, @pcrisk, and @Amigo_A_.

April 9th 2022

Hackers use Conti’s leaked ransomware to attack Russian companies

A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.

April 11th 2022

Luxury fashion house Zegna confirms August ransomware attack

The Italian luxury fashion house Ermenegildo Zegna has confirmed an August 2021 ransomware attack that resulted in an extensive IT systems outage.

New blockZ Ransomware

PCrisk found a new ransomware that appends the .blockZ extension to encrypted files and drops a ransom note named How To Restore Your Files.txt.

New Democracy Whisperers ransomware

PCrisk found a new ransomware named Democracy Whisperers that append the .democ extension and drops a ransom note named Restore Files.txt. Ransomware is based on leaked Babuk source code.