The Week in Ransomware – April 14th 2023 – A Focus on Stolen Data


It has been mostly a quiet week regarding ransomware, with only a few bits of info released on older attacks and some reports released on existing organizations.

This week, theft of customer data remains the focus, with Yum! Brands sending data breach notifications for a ransomware attack in January.

Capita also remains silent on a Black Basta ransomware attack that occurred earlier this month, staying silent as to whether customer data was stolen, even as the ransomware gang attempts to extort them.

Other news this week revolves around research released about particular operations, including:

  • DarkAngels ransomware launched a data leak site.
  • Vice Society now uses a custom PowerShell script for data exfiltration.
  • A technical analysis of Trigona, which BleepingComputer first reported on in 2022.
  • Information on the new Kadavro Vector Ransomware.

Finally, we saw LockBit messing around with cybersecurity companies, claiming to have breached DarkTrace. However, the company said this is untrue and that systems were compromised.

Contributors and those who provided new ransomware information and stories this week include @LawrenceAbrams, @demonslay335, @malwareforme, @malwrhunterteam, @fwosar, @BleepinComputer, @Seifreed, @struppigel, @billtoulas, @Ionut_Ilascu, @serghei, @McAfee, @Fortinet, @Threatlabz, @pcrisk, and @GossiTheDog.

April 9th 2023

Black Basta ransomware group extorts Capita with stolen customer data, Capita fumble response.

In terms of Black Basta and Capita, they list Capita as currently being held to extortion – and provide evidence of exfiltrated data. This includes primary and secondary school job applications, a Capita nuclear document, Capita documents marked Confidential, passport scans, security vetting for customers and architecture diagrams.

April 10th 2023

KFC, Pizza Hut owner discloses data breach after ransomware attack

Yum! Brands, the brand owner of the KFC, Pizza Hut, and Taco Bell fast food chains, is now sending data breach notification letters to an undisclosed number of individuals whose personal information was stolen in a January 13 ransomware attack.

DarkAngels ransomware launches data leak site

Zscaler discovered that DarkAngels ransomware (AKA RansomHouse) launched a data leak site.

April 11th 2023

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .kiop extension.

April 14th 2023

Darktrace: Investigation found no evidence of LockBit breach

Cybersecurity firm Darktrace says it found no evidence that the LockBit ransomware gang breached its network after the group added an entry to their dark web leak platform, implying that they stole data from the company’s systems.

Vice Society ransomware uses new PowerShell data theft tool in attacks

The Vice Society ransomware gang is deploying a new, rather sophisticated PowerShell script to automate data theft from compromised networks.

Technical Analysis of Trigona Ransomware

Zscaler ThreatLabz has been tracking the Trigona ransomware family, which dates back to June 2022. There has been public reporting that some of the group’s tactics, techniques, and procedures (TTPs) have overlapped with BlackCat/ALPHV ransomware.

Ransomware Roundup – Kadavro Vector Ransomware

FortiGuard Labs recently came across a ransomware named “Kadavro Vector”, a NoCry ransomware variant that encrypts files on compromised machines and demands a ransom in Monero (XMR) cryptocurrency for file decryption.

That’s it for this week! Hope everyone has a nice weekend!





Source link