The Week in Ransomware – November 19th 2021


While last week was full of arrests and law enforcement actions, this week has been much quieter, with mostly new research released.

Security firms released reports on the types of cryptomixers used by ransomware gangs, a detailed report on Conti, and how Russian ransomware gangs are starting to work with Chinese hackers.

Today, US regulators also ordered banks to report cyber attacks within 36 hours if they impact their operations, the ability to deliver banking products and services, or the US financial sector’s stability.

Finally, a Tor negotiation site for the Conti ransomware gang was taken down, likely due to the release of its IP address in the PRODAFT report.

Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @fwosar, @struppigel, @FourOctets, @malwrhunterteam@billtoulas, @Seifreed, @Ionut_Ilascu, @serghei, @jorntvdw, @PolarToffee, @demonslay335, @VK_Intel, @LawrenceAbrams, @malwareforme, @BleepinComputer, @intel_bo7, @_aftrdrk, @thepacketrat, @SophosLabs, @FlashpointIntel, @sucurisecurity, @Intel471Inc, @_CPResearch_, @BrettCallow, @emsisoft, @PRODAFT, @joetidy, @RepMaloney, @siri_urz, @fbgwls245, @pcrisk, @Amigo_A_, and @AdvIntel.

November 13th 2021

Ransomware uses IRC for negotiations

dnwls0719 found a new ransomware that appends the .dst extension and expects users to use IRC over Tor to negotiate.

Ransomware using IRC

November 14th 2021

US Education Dept urged to boost K-12 schools’ ransomware defenses

The US Department of Education and Department of Homeland Security (DHS) were urged this week to more aggressively strengthen cybersecurity protections at K-12 schools across the nation to keep up with a massive wave of attacks.

New RansomNow ransomware

Amigo-A found a new ransomware in our forums called RansomNow that drops the HELP – README TO UNLOCK FILES.txt ransom note and does not append a new extension.

November 15th 2021

Moses Staff hackers wreak havoc on Israeli orgs with ransomless encryptions

A new hacker group named Moses Staff has recently claimed responsibility for numerous attacks against Israeli entities, which appear politically motivated as they do not make any ransom payment demands.

New STOP Ransomware…