Sign on a fence that says ransomware ahead

For the most part, it has been a quiet week on the ransomware front, with a few new reports, product developments, and attacks revealed.

Mandiant revealed this week that an Iranian threat actor is behind ransomware attacks on the Albanian government, likely in retaliation for an upcoming Iranian opposition groups’ conference.

Microsoft also announced this week that new Windows 11 builds in the Beta Channel had improved Microsoft Defender for Endpoint ransomware attack blocking capabilities.

This week we also saw an interesting research paper and Twitter thread on cyber insurance policies that are worthwhile reads.

Finally, we learned about ransomware attacks this week, including ones on Spanish National Research Council (CSIC)Semikron getting hit by LV ransomware, the German Chambers of Industry and Commerce, and Creos Luxembourg.

Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @malwrhunterteam, @DanielGallagher, @FourOctets, @struppigel, @VK_Intel, @Ionut_Ilascu, @demonslay335, @BleepinComputer, @Seifreed, @PolarToffee, @malwareforme, @jorntvdw, @fwosar, @LawrenceAbrams, @serghei@secuninja@pcrisk@siri_urz@Dschwarcz, @Balgan, and @Mandiant.

August 1st 2022

BlackCat ransomware claims attack on European gas pipeline

The ALPHV ransomware gang, aka BlackCat, claimed responsibility for a cyberattack against Creos Luxembourg S.A. last week, a natural gas pipeline and electricity network operator in the central European country.

New Phobos ransomware variant

PCrisk found a new Phobos ransomware variant that appends the .FILE extension and drops a ransom note named info.hta and info.txt.

New Hydrox ransomware

PCrisk found a new Phobos ransomware variant that appends the .hydrox extension and drops a ransom note named Hydrox Ransomware.txt.

New Chaos ransomware variant

PCrisk found a new Chaos-based ‘Root’ ransomware that appends the .Root extension and drops a ransom note named read_it.txt.

New Payt Ransomware

PCrisk found the new Payt ransomware that appends the .Payt extension and drops a ransom note named ReadthisforDecode.txt.

August 2nd 2022

Semiconductor manufacturer Semikron hit by LV ransomware attack

German power electronics manufacturer Semikron has disclosed that it was hit by a ransomware attack that partially encrypted the company’s network.

Microsoft Defender now better at blocking ransomware on Windows 11

Microsoft has released new Windows 11 builds to the Beta Channel with improved Microsoft Defender for Endpoint ransomware attack blocking capabilities.

How Privilege Undermines Cybersecurity

In recent years, cyberattacks have cost firms countless billions of dollars, undermined consumer privacy, distorted world geopolitics, and even resulted in death and bodily harm. Rapidly accelerating cyberattacks have not, however, been bad news for many lawyers. To the contrary, lawyers that specialize in coordinating all elements of victims’ incident response efforts are increasingly in demand. Lawyers’ dominant role in cyber-incident response is driven predominantly by their purported capacity to ensure that information produced during the breach-response process remains confidential, particularly in any subsequent lawsuit. 

August 3rd 2022

Spanish research agency still recovering after ransomware attack

The Spanish National Research Council (CSIC) last month was hit by a ransomware attack that is now attributed to Russian hackers.

A must read Twitter thread on cyber insurance

New MedusaLocker ransomware variant

PCrisk found a new STOP ransomware variant that appends the .Readnet7 extension and drops a ransom note named HOW_TO_RECOVER_DATA.html.

New HiCrypt ransomware

S!Ri found a new ransomware that appends the .hicrypt extension to encrypted files.

August 4th 2022

German Chambers of Industry and Commerce hit by ‘massive’ cyberattack

The Association of German Chambers of Industry and Commerce (DIHK) was forced to shut down all of its IT systems and switch off digital services, telephones, and email servers, in response to a cyberattack.

Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations

Mandiant identified the ROADSWEEP ransomware family and a Telegram persona which targeted the Albanian government in a politically motivated disruptive operation ahead of an Iranian opposition organization’s conference in late July 2022.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .vvyu extension.

That’s it for this week! Hope everyone has a nice weekend!

Source: www.bleepingcomputer.com