At the moment, the Russian authorities introduced that they arrested fourteen members of the REvil ransomware gang on behalf of US authorities.
Whereas the ransomware gang members are solely being charged with “unlawful circulation of technique of cost,” the arrests are the primary public motion by Russia to stem the actions of ransomware gangs working throughout the nation.
Moreover, Russia states that they took this motion on behalf of US legislation enforcement, who they’ve traditionally been reluctant to assist in felony cybercrime investigations.
Nevertheless, some risk actors imagine that that is simply Russia attempting to appease the USA and that future legislation enforcement cooperation won’t be frequent.
Ukrainian police additionally arrested members of a ransomware operation who encrypted at the very least fifty corporations within the USA and Europe. Nevertheless, the identify of the ransomware gang has not been disclosed.
Different information this week is the discovering of a Linux encryptor for the AvosLocker ransomware operation that targets VMware ESXi, the Night time Sky ransomware operation utilizing Log4j assaults, TellYouThePass returns as a multi-platform Golang risk, and that Magniber ransomware utilizing signed APPX recordsdata to contaminate victims.
Contributors and people who supplied new ransomware data and tales this week embody: @fwosar, @BleepinComputer, @DanielGallagher, @PolarToffee, @malwrhunterteam, @demonslay335, @billtoulas, @jorntvdw, @serghei, @VK_Intel, @malwareforme, @struppigel, @LawrenceAbrams, @FourOctets, @Ionut_Ilascu, @Seifreed, @ahnlab, @CrowdStrike, @MsftSecIntel, @ChristiaanBeek, @fbgwls245, @Amigo_A_,@JakubKroustek, and @pcrisk.
January eighth 2022
dnwls0719 discovered the brand new Wasp Ransomware that appends the .0.locked extension to encrypted recordsdata.
January tenth 2022
AvosLocker is the newest ransomware gang that has added help for encrypting Linux methods to its current malware variants, particularly concentrating on VMware ESXi digital machines.
FinalSite introduced at the moment the findings of a six-day investigation into final week’s ransomware assault, stating it discovered no proof colleges’ knowledge accessed or stolen by hackers.
Jakub Kroustek discovered a brand new STOP ransomware variant that appends the .nqhd extension.
January eleventh 2022
The Night time Sky ransomware gang has began to take advantage of the vital CVE-2021-44228 vulnerability within the Log4j logging library, also referred to as Log4Shell, to achieve entry to VMware Horizon methods.
January twelfth 2022
The Magniber ransomware has been noticed utilizing Home windows software bundle recordsdata (.APPX) signed with legitimate certificates to drop malware pretending to be Chrome and Edge net browser updates.
TellYouThePass ransomware has re-emerged as a Golang-compiled malware, making it simpler to focus on extra working methods, macOS and Linux, specifically.
A cyberattack in opposition to Albuquerque Public Colleges prompted the state’s largest district to cancel all lessons districtwide on Thursday and probably Friday.
PCrisk discovered a brand new STOP ransomware variant that appends the .zaqi extension to encrypted recordsdata.
January thirteenth 2022
Ukrainian cops have arrested a ransomware affiliate group accountable for attacking at the very least 50 corporations within the U.S. and Europe.
January 14th 2022
The Federal Safety Service (FSB) of the Russian Federation says that they shut down the REvil ransomware gang after U.S. authorities reported on the chief.
That is it for this week! Hope everybody has a pleasant weekend!