This week has quite a bit of ransomware news, including arrests, a new and sophisticated ransomware, and an attack bringing down 300 supermarkets in England.
This week’s biggest story is a law enforcement operation conducted by the FBI and Ontario Provincial Police (OPP) that arrested a Candian ransomware affiliate allegedly involved in hundreds of attacks.
We also learned about the new ALPHV (aka BlackCat) ransomware that appears to be one of the most sophisticated ransomware families we have seen this year.
Finally, this week’s largest known ransomware attack was on James Hall and Co, which affected point-of-sale systems and led to the temporary closing of over 300 Spar supermarkets in England. This week’s other known attack is on Nordic Choice Hotels by the Conti ransomware gang.
Contributors and those who provided new ransomware information and stories this week include: @Ionut_Ilascu, @FourOctets, @PolarToffee, @fwosar, @jorntvdw, @malwrhunterteam, @malwareforme, @LawrenceAbrams, @serghei, @Seifreed, @demonslay335, @billtoulas, @Ax_Sharma, @BleepinComputer, @VK_Intel, @DanielGallagher, @struppigel, @Boanbird, @GDATA, @pancak3lullz, @fbgwls245, @pcrisk, and @Amigo_A_, and @ValeryMarchive.
December 5th 2021
New BigLock Ransomware variant
dnwls0719 found a new BigLock variant that appends the .t1000 xtension.
December 6th 2021
Hundreds of SPAR stores shut down, switch to cash after cyberattack
Approximately 330 SPAR shops in northern England face severe operational problems following a weekend cyberattack, forcing many stores to close or switch to cash-only payments.
New Dharma Ransomware variants
PCrisk found two new Darhma variants that append the .Deeep and .DC extensions.
New STOP Ransomware variant
PCrisk found a new STOP ransomware variant that appends the .hgsh extension.
December 7th 2021
Nordic Choice Hotels hit by Conti ransomware, no ransom demand yet
Nordic Choice Hotels has now confirmed a cyber attack on its systems from the Conti ransomware group.
New Cerber ransomware targets Confluence and GitLab servers
Cerber ransomware is back, as a new ransomware family adopts the old name and targets Atlassian Confluence and GitLab servers using remote code execution vulnerabilities.
STOP Ransomware vaccine released to block encryption
German security software company G DATA has released a vaccine that will block STOP Ransomware from encrypting victims’ files after infection.
Alleged ransomware affiliate arrested for healthcare attacks
A 31-year old Canadian national has been charged in connection to ransomware attacks against organizations in the United States and Canada, a federal indictment unsealed today shows.
December 8th 2021
New VoidCrypt ransomware variant
dnwls0719 found a new VoidCrypt variant that appends the .wixawm extension.
December 9th 2021
ALPHV BlackCat – This year’s most sophisticated ransomware
The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments.
December 10th 2021
Volvo Cars discloses security breach leading to R&D data theft
Swedish carmaker Volvo Cars has disclosed that unknown attackers have stolen research and development information after hacking some of its servers.
Ransomware: How the LockBit 2.0 franchise artificially inflates its numbers
Some backers of the LockBit 2.0 ransomware franchise claim victims they did not attack but to whom belong or are returning data stolen in another attack.
New STOP Ransomware variant
PCrisk found a new STOP ransomware variant that appends the .mljx extension.
New Phobos Ransomware variant
PCrisk found a new STOP ransomware variant that appends the .pHv1 extension.
New Dharma Ransomware variant
PCrisk found a new Dharma ransomware variant that appends the .Xqxqx extension.
That’s it for this week! Hope everyone has a nice weekend!
Source: www.bleepingcomputer.com