Ransomware news- (in week February 7th 2021 – 12th 2021)
This week, we saw shut down of yet another ransomware, named Ziggy ransomware. The victims received the decryption keys and successfully got their files back. The shut was because of increase concern of law enforcement actions after the arrest in Netwaller ransomware.
Also, we evidenced the major attack on Cyberpunk 2077 game, developed by CD Projekt Red. Hellokitty ransomware authors attack on various networks of the game developer. As per what the threat actors claim, the attack leads into stolen of alleged source code for the Witcher 3 and Cyberpunk 2077 games.
Here are the major happening in the ransomware this week:
February 7th, 2021
Shut down of ZIggy ransomware operation
The malicious authors decided to shut their operation and released the decryption keys for the victims on this date. This was the result of their concern about the recent law enforcement activity and guilt for encrypting victims.
Albany ransomware attack
The news come around the wild that the city police department lost all digital copies of its 2018 affair files because of 2019 ransomware attack on their servers.
New released ransomware
- DarkWorld – Xiaopao is the discoverer of this ransomware. The virus appends the files with .dark extension and drops ransom note within import.txt file.
- Tortoise ransomware – Danus is the discoverer behind this threat. The Tortoise virus appends .tortoise extension, but it does not appear to perform the files encryption.
February 8th, 2021
New DaddyCrypt JCrypt variant
Xiaopao discovered a enw JCrypt ransomware. This new virus appends .daddycrypt extension and drops a ransom note within _RECOVER__FILES__.daddycrypt.txt.
February 9th, 2021
New released ransomware
- New Dharma ransomware variants – Jakub Kroustek discovered new ransomware variants from Dharma ransomware group. The malware append .wcg, .con30, and .text extensions to encrypted files.
- New Matrix variant- Xiaopao discovered a new Matrix ransomware variant that appends .TRU8 extension.
Ransomware attack on CD Projekt Red
Hellokitty attacked on the network of the CD PROJECT RED, the video game development studio behind Cyberpunk 2077 and the Witcher trilogy.
February 10th, 2021
Insurance Sector Company hits by ransomware RansomExx
The malware targeted French health insurance Company, Mutuelle Nationale des Hospiltaliers. The attack disrupted their operations.
Hackers auction the stolen data on CD Project Red attack
The threat actors behind HelloKitty allegedly auctioned the source code for CD Projekt Red games, including Witcher 3, Thronebreaker, and Cyberpunk 2077 that they stole in the attack by their ransomware.
New ransomware released
New Dharma ransomware variants – Jakub Kraustek discovered new Dharma ransomware variants that append .word, and .LOTUS extensions to encrypted files.
New STOP DJVU variant – Ygkz ransomware is the new DJVU ransomware variant appears in the wild. The credit for this malware discovery goes to Michael Gillespie.
New Android ransomware- This malware is discovered by MalwareHunterTeam. At current, this malware is targeting people form kazakistan.
February 11th, 2021
Avaddon authors fix bugs on their ransomware allowing free file decryption
The authors behind Avaddon ransomware now fixed their bugs in the ransomware that allows its victims to recover the files without negotiating with them for the ransom fee. The flaw came into light by a security researcher who soon created a decryptor by exploiting it.
February 12th, 2021
Cyber attack on Seraing
The city of Seraing had reported last week that its services were temporarily inaccessible to the public. “Indeed, since the computer network of the city of Seraing was the victim of a malicious attack!”
Cyber-attack on a Trigano company
The company manufactures caravans, motorhomes, camping furniture and mobile homes. The ransomware attack took place on it on Tuesday, 9th February. Due to this, it lost the access to computer.
