The Week in Ransomware – June 30th 2023


A case of mistaken identity and further MOVEit Transfer data breaches continue dominated the ransomware news cycle this week.

This week, the New York City Department of Education disclosed that the data of 45,000 students was exposed, and Siemens Energy confirmed a breach too.

In other news, an affiliate group of the LockBit ransomware operation claimed to have targeted Taiwan Semiconductor Manufacturing Company (TSMC), one of the largest semiconductor manufacturers in the world.

However, after threatening to leak data, credentials, and flaws in their network if a $70 million ransom demand was not paid, TSMC denied the hacking claims and said the ransomware gang breached a third-party vendor.

A new report by VMware’s Carbon Black team sheds light on the 8Base ransomware operation, illustrating how they use the Phobos ransomware in attacks.

Finally, we had some bad and good news about the Akira ransomware operation.

The bad news is that they have created a Linux encryptor to target VMware ESXi servers. The good news is that Avast published a decryptor allowing victims to recover files encrypted by the ransomware operation.

Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @fwosar, @demonslay335, @billtoulas, @Seifreed, @LawrenceAbrams, @malwrhunterteam, @struppigel, @serghei, @rivitna2, @Avast, @AuCyble, @VMware, @pcrisk, @BushidoToken, and @BrettCallow.

June 26th 2023

Hackers steal data of 45,000 New York City students in MOVEit breach

The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .thgz, .tgpo, and .tgvv extensions.

New Tuga ransomware

PCrisk found a new ransomware that appends the .TUGA extension and drops a ransom note named README.txt.

June 27th 2023

Siemens Energy confirms data breach after MOVEit data-theft attack

Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.

New Anti-US ransomware

PCrisk found a new ransomware that appends the .anti-us extension and drops a ransom note named read-it.

June 28th 2023

Linux version of Akira ransomware targets VMware ESXi servers

The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide

8Base ransomware gang escalates double extortion attacks in June

A 8Base ransomware gang is targeting organizations worldwide in double-extortion attacks, with a steady stream of new victims since the beginning of June.

New Havoc ransomware

PCrisk found a new ransomware that appends the .havoc extension and drops a ransom note named resq_Recovery.txt.

June 29th 2023

New Resq100 ransomware

PCrisk found a new ransomware that appends the .resq100 extension and drops a ransom note named FILES ENCRYPTED.txt.

June 30th 2023

TSMC denies LockBit hack as ransomware gang demands $70 million

Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.

Free Akira ransomware decryptor helps recover your files

Cybersecurity firm Avast has released a free decryptor for the Akira ransomware that can help victims recover their data without paying the crooks any money.

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .aghz, .agpo, and .agvv extensions.

Top 5 Highest ransom demands

Will Thomas (aka BushidoToken) gave a rundown on the 5 highest ransom demands.

That’s it for this week! Hope everyone has a nice weekend!





Source link