The Week in Ransomware - April 15th 2022

Beware american cyberattacks

While countries worldwide have been the frequent target of ransomware attacks, Russia and CIS countries have been avoided by threat actors.

The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities.

We also learned of the relatively unknown OldGremlin ransomware group, primarily targeting Russian organizations.

This week’s other interesting news was reporting on the Karakurt data extortion group, which was revealed to be another arm of the Conti Ransomware crime syndicate.

The Karakurt group handles data extortion tasks for the Conti operation when they are blocked from deploying their ransomware.

Sophos also published a concerning report stating that the LockBit operation lurked in a government network for five months before deploying their ransomware.

Finally, we learned of ransomware attacks on the wind turbine giant Nordex and luxury fashion brand Ermenegildo Zegna.

Contributors and those who provided new ransomware information and stories this week include: @FourOctets, @DanielGallagher, @fwosar, @malwareforme, @serghei, @billtoulas, @LawrenceAbrams, @jorntvdw, @BleepinComputer, @demonslay335, @PolarToffee, @VK_Intel, @malwrhunterteam, @Ionut_Ilascu, @struppigel, @Seifreed, @infinitumITlabs,@AWNetworks, @moltke, @GroupIB_GIB, @SophosLabs, @ZeroLogon, @pcrisk, and @Amigo_A_.

April 9th 2022

Hackers use Conti’s leaked ransomware to attack Russian companies

A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.

The Week in Ransomware – April 15th 2022

April 9th 2022

Hackers use Conti’s leaked ransomware to attack Russian companies

April 11th 2022

Luxury fashion house Zegna confirms August ransomware attack

New blockZ Ransomware

New Democracy Whisperers ransomware

New…