The Week in Ransomware – February 26th 2021

/in


Ransomware

The number of attacks had slowed down after the winter holidays, but after the past two weeks, it’s evident that the ransomware attacks are back at full speed.

Over the past two weeks, we had some significant attacks, including attacks on Discount Car and Truck Rentals, an alleged attack on Kia Motors/Hyundai, UL, TietoEVRY, Ecuador’s Ministry of Finance, and its largest bank, Banco Pichincha.

A recent ransomware attack at Automatic Funds Transfer Services (AFTS) also led to a series of data breach notifications from US cities that used them as a payment processor.

Finally, Mandiant reported that recent Accellion FTA breaches had been conducted by hackers affiliated with the Clop ransomware operation.

In a win for law enforcement, an operation between the USA, France, and Ukraine has led to numerous Egregor members’ arrests, practically shutting down the ransomware operation.

On the technical side, we learned that Ryuk now has worm-like functionality allowing it to spread to other Windows devices.

Contributors and those who provided new ransomware information and stories this week include: @jorntvdw, @PolarToffee, @DanielGallagher, @LawrenceAbrams, @demonslay335, @VK_Intel, @BleepinComputer, @Ionut_Ilascu, @malwareforme, @fwosar, @Seifreed, @struppigel, @serghei, @malwrhunterteam, @FourOctets, @chum1ng0, @cyb5r3Gene, @Mandiant, @CISecurity, @JakubKroustek, @coveware, @fbgwls245, @c3rb3ru5d3d53c, @Amigo_A_, @petrovic082, @siri_urz, and @1ZRR4H.

February 13th 2021

CD Projekt’s stolen source code allegedly sold by ransomware gang

A ransomware gang who says they stole unencrypted source code for the company’s most popular games and then encrypted CD Projekt’s servers claims to have sold the data.

Leading Canadian rental car company hit by DarkSide ransomware

Canadian Discount Car and Truck Rentals has been hit with a DarkSide ransomware attack where the hackers claim to have stolen 120GB of data.

Tortoise ransomware decryptor released

Cerberus released a decryptor for the Tortoise Ransomware.

February 14th 2021

Egregor ransomware affiliates arrested by Ukrainian, French police

A joint operation between French and Ukrainian law enforcement has reportedly led to the arrests…

Source…