Whereas ransomware assaults decreased after the LockBit and BlackCat disruptions, they’ve as soon as once more began to ramp up with different operations filling the void.
A comparatively new operation referred to as RansomHub gained media consideration this week after a BlackCat affiliate used the newer operation’s knowledge leak website to extort Change HealthCare as soon as once more.
Change HealthCare allegedly already paid a ransom, which was stolen from an affiliate in an exit rip-off by the BlackCat/ALPHV ransomware operation. Nevertheless, the affiliate behind the assault claims to have saved the stolen knowledge and is now extorting the corporate once more by means of RansomHub.
Up to now, the Change Healthcare assault has value UnitedHealth Group $872 million, with losses anticipated to proceed.
One other disruptive assault we discovered extra about this week is the Daixin operation claiming the cyberattack on Omni Accommodations. This assault brought about the lodge chain to close down its IT techniques, impacting reservations and requiring lodge workers to let visitors into their rooms.
Different assaults focused chipmaker Nexpira, the United Nations Improvement Programme (UNDP), Octapharma Plasma, and the Atlantic States Marine Fisheries Fee (ASMFC).
There have been different cyberattacks this week, such because the one on Frontier Communications, however they haven’t been confirmed to be ransomware.
In different information, the U.S. Justice Division charged a Moldovan nationwide for operating a large-scale botnet that contaminated hundreds of computer systems and deployed ransomware.
Final however not least, the FBI reported that the Akira ransomware operation had earned $42 million from 250+ victims, and HelloKitty returned, rebranding as HelloGookie.
Contributors and people who supplied new ransomware data and tales this week embody: @billtoulas, @BleepinComputer, @Ionut_Ilascu, @serghei, @fwosar, @LawrenceAbrams, @malwrhunterteam, @demonslay335, @Seifreed, @pcrisk, @SophosXOps, @jgreigj, @JessicaHrdcstle, @3xp0rtblog, @AShukuhi, and @vxunderground.
April fifteenth 2024
Daixin ransomware gang claims assault on Omni Accommodations
The Daixin Crew ransomware gang claimed a current cyberattack on Omni Accommodations & Resorts and is now threatening to publish clients’ delicate data if a ransom just isn’t paid.
Chipmaker Nexperia confirms breach after ransomware gang leaks knowledge
Dutch chipmaker Nexperia confirmed late final week that hackers breached its community in March 2024 after a ransomware gang leaked samples of allegedly stolen knowledge.
Ransomware gang begins leaking alleged stolen Change Healthcare knowledge
The RansomHub extortion gang has begun leaking what they declare is company and affected person knowledge stolen from United Well being subsidiary Change Healthcare in what has been a protracted and convoluted extortion course of for the corporate.
New ransomware variant
PCrisk discovered a brand new ransomware variant that provides the .FBIRAS extension and drops a ransom be aware named Readme.txt.
April sixteenth 2024
UnitedHealth: Change Healthcare cyberattack brought about $872 million loss
UnitedHealth Group reported an $872 million impression on its Q1 earnings as a result of ransomware assault disrupting the U.S. healthcare system since February.
Atlantic fisheries physique confirms cyber incident after 8Base ransomware gang claims breach
A fisheries administration group for the East Coast is coping with a cyber incident following claims by a ransomware gang that it stole knowledge.
New Deadly Lock ransomware
PCrisk discovered a ransomware that appends the .LethalLock extension and drops a ransom be aware named SOLUTION_NOTE.txt.
New ransomware variant
PCrisk discovered a ransomware that appends the .Senator extension and drops a ransom be aware named SENATOR ENCRYPTED.txt.
New Chaos ransomware variant
PCrisk discovered a brand new Chaos ransomware variant that appends the .DumbStackz extension and drops a ransom be aware named read_it.txt.
New MedusaLocker ransomware variant
PCrisk discovered a brand new MedusaLocker ransomware variant that appends the .restore extension and drops a ransom be aware named How_to_back_files.html.
April seventeenth 2024
Moldovan charged for working botnet used to push ransomware
The U.S. Justice Division charged Moldovan nationwide Alexander Lefterov, the proprietor and operator of a large-scale botnet that contaminated hundreds of computer systems throughout america.
‘Junk gun’ ransomware: Peashooters can nonetheless pack a punch
A Sophos X-Ops investigation finds {that a} wave of crude, low-cost ransomware might spell bother for small companies and people – but in addition present insights into menace actor profession improvement and the broader menace panorama
April 18th 2024
FBI: Akira ransomware raked in $42 million from 250+ victims
In keeping with a joint advisory from the FBI, CISA, Europol’s European Cybercrime Centre (EC3), and the Netherlands’ Nationwide Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom funds.
Ransomware feared as IT ‘points’ pressure Octapharma Plasma to shut 150+ facilities
Octapharma Plasma has blamed IT “network issues” for the continuing closure of its 150-plus facilities throughout the US. It is feared a ransomware an infection often is the root explanation for the medical agency’s ailment.
April nineteenth 2024
United Nations company investigates ransomware assault, knowledge theft
?The United Nations Improvement Programme (UNDP) is investigating a cyberattack after menace actors breached its IT techniques to steal human sources knowledge.
HelloKitty ransomware rebrands, releases CD Projekt and Cisco knowledge
An operator of the HelloKitty ransomware operation introduced they modified the title to ‘HelloGookie,’ releasing passwords for beforehand leaked CD Projekt supply code, Cisco community data, and decryption keys from previous assaults.
New MedusaLocker ransomware variant
PCrisk discovered a brand new MedusaLocker ransomware variant that appends the .virus3 extension and drops a ransom be aware named How_to_back_files.html.
