While last week was full of arrests and law enforcement actions, this week has been much quieter, with mostly new research released.
Today, US regulators also ordered banks to report cyber attacks within 36 hours if they impact their operations, the ability to deliver banking products and services, or the US financial sector’s stability.
Finally, a Tor negotiation site for the Conti ransomware gang was taken down, likely due to the release of its IP address in the PRODAFT report.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @fwosar, @struppigel, @FourOctets, @malwrhunterteam, @billtoulas, @Seifreed, @Ionut_Ilascu, @serghei, @jorntvdw, @PolarToffee, @demonslay335, @VK_Intel, @LawrenceAbrams, @malwareforme, @BleepinComputer, @intel_bo7, @_aftrdrk, @thepacketrat, @SophosLabs, @FlashpointIntel, @sucurisecurity, @Intel471Inc, @_CPResearch_, @BrettCallow, @emsisoft, @PRODAFT, @joetidy, @RepMaloney, @siri_urz, @fbgwls245, @pcrisk, @Amigo_A_, and @AdvIntel.
November 13th 2021
dnwls0719 found a new ransomware that appends the .dst extension and expects users to use IRC over Tor to negotiate.
November 14th 2021
The US Department of Education and Department of Homeland Security (DHS) were urged this week to more aggressively strengthen cybersecurity protections at K-12 schools across the nation to keep up with a massive wave of attacks.
Amigo-A found a new ransomware in our forums called RansomNow that drops the HELP – README TO UNLOCK FILES.txt ransom note and does not append a new extension.
November 15th 2021
A new hacker group named Moses Staff has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated as they do not make any ransom payment demands.