Lock

This week has quite a bit of ransomware news, including arrests, a new and sophisticated ransomware, and an attack bringing down 300 supermarkets in England.

This week’s biggest story is a law enforcement operation conducted by the FBI and Ontario Provincial Police (OPP) that arrested a Candian ransomware affiliate allegedly involved in hundreds of attacks.

We also learned about the new ALPHV (aka BlackCat) ransomware that appears to be one of the most sophisticated ransomware families we have seen this year.

Finally, this week’s largest known ransomware attack was on James Hall and Co, which affected point-of-sale systems and led to the temporary closing of over 300 Spar supermarkets in England. This week’s other known attack is on Nordic Choice Hotels by the Conti ransomware gang.

Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @FourOctets, @PolarToffee, @fwosar, @jorntvdw, @malwrhunterteam, @malwareforme, @LawrenceAbrams, @serghei, @Seifreed, @demonslay335, @billtoulas@Ax_Sharma@BleepinComputer, @VK_Intel, @DanielGallagher, @struppigel, @Boanbird@GDATA@pancak3lullz@fbgwls245@pcrisk, and @Amigo_A_, and @ValeryMarchive.

December 5th 2021

New BigLock Ransomware variant

dnwls0719 found a new BigLock variant that appends the .t1000 xtension.

December 6th 2021

Hundreds of SPAR stores shut down, switch to cash after cyberattack

Approximately 330 SPAR shops in northern England face severe operational problems following a weekend cyberattack, forcing many stores to close or switch to cash-only payments.

New Dharma Ransomware variants

PCrisk found two new Darhma variants that append the .Deeep and .DC extensions.

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .hgsh extension.

December 7th 2021

Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet

Nordic Choice Hotels has now confirmed a cyber attack on its systems from the Conti ransomware group.

New Cerber ransomware targets Confluence and GitLab servers

Cerber ransomware is back, as a new ransomware family adopts the old name and targets Atlassian Confluence and GitLab servers using remote code execution vulnerabilities.

STOP Ransomware vaccine released to block encryption

German security software company G DATA has released a vaccine that will block STOP Ransomware from encrypting victims’ files after infection.

Alleged ransomware affiliate arrested for healthcare attacks

A 31-year old Canadian national has been charged in connection to ransomware attacks against organizations in the United States and Canada, a federal indictment unsealed today shows.

December 8th 2021

New VoidCrypt ransomware variant

dnwls0719 found a new VoidCrypt variant that appends the .wixawm extension.

December 9th 2021

ALPHV BlackCat – This year’s most sophisticated ransomware

The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.

ALPHV encrypting a computer

December 10th 2021

Volvo Cars discloses security breach leading to R&D data theft

Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers.

Ransomware: How the LockBit 2.0 franchise artificially inflates its numbers

Some backers of the LockBit 2.0 ransomware franchise claim victims they did not attack but to whom belong or are returning data stolen in another attack.

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .mljx extension.

New Phobos Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .pHv1 extension.

New Dharma Ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .Xqxqx extension.

That’s it for this week! Hope everyone has a nice weekend!

Source: www.bleepingcomputer.com