Ransomware last week – ransom payments are falling
Last week, 30 January- 5 February 2021, was an evidence of falling in the ransom payments, while the scammers’ activity of destroying data permanently increased. Also, there is good news that that many a ransomware decryption was released this week, allowing users to recover their files.
Here are date-wise activities on the ransomware this week 30 January – 5 February, 2021:
January 30, 2021
This day was observed with a UK Research and Innovation ransomware attack, impacting two of its services, one of which is offering to subscribers and the platform for peer review of various parts within the agency.
February 1, 2021
On this date, we had the Coveware Quarterly Ransomware report that describes the ransomware incident response trends during Q4 of 2020. According to it, the trust of the stolen data will be deleted are now eroding. People were now giving into the cyber extortion when they are able to recover the files using backups. Thus, there is a large decline in the average ransom amounts paid
February 2, 2021
This date has been registered some new malware presence in the wild. Two new STOP variants name plam ransomware and cosd ransomware from STOP ransomware family was discovered by Michael Gillespie.
New VashSorena variant that appends .lucifer extension and drops HELP_DECRYPT_YOUR_FILES.txt and HELP_DECRYPT_YOUR_FILES.html ransom notes, founded by MalwareHunterTeam that day.
MalwareHunterTeam also found two other ransomware, namely, DERZKO ransomware and MILIHPEN. Both belong to Netfilm ransomware family. DERZKO ransomware appends
.DERZKO and displays DERZKO-HELP.txt ransom note. And, MILIHPEN adds .MILIHPEN extension to encrypted files and drops MILIHPEN-INSTRUCT.txt ransom demanding message.
Aside the new ransomware viruses’ release, we saw BabyK authors launched a new data leak site used to publish victims’ stolen data for double extortion purposes.
3 February, 2021
With this date, the decryptor for Fonix Ransomware (XONIF) is available for users. The victims of this virus can use the decryption tool released by kaspersky for free and recover their encrypted files.
We have a couple of bad news also on this date, one of which is that the ransomware now targets attacks by adding challenge of double extortion. Organization require attentive from such coercive tactics to avoid potential disruptions, financial loss and reputation damage.
Another one is the ransomware attack on trucking company Forward air. According to the official, the incident costs it $7.5 in its Q4 financial results.
4 February, 2021
Xiaopao discovered HDLocker ransomware virus that is using _HD string to encrypt files. The discoverer also discovered another ransomware, a variant of Xorist ransomware that encodes files using .omfl extension.
However, the news of the day was the Blockchain analysis that shows connections between four of 2020’s biggest ransomware strains. The cybersecurity researchers stated that many RaaS affiliated are carring out attacks by switching the most prominent ransomware strains, namely Maze, Egregor, SunCrypt, and Doppelpaymer.
5 February, 2021
Two major electric utilities companies, Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), from Brazil belonging reported this date that they suffered ransomware attack over the past week.