Ransomware news – January 24 to January 29, 2021
In this week, law enforcement successfully conducted two important operations, one of which is the takendown of Emotet Trojan, followed by the seizing of Tor sites and second one is the arrest of an affiliate of a very active Netwalker ransomware.
Another interesting happening of this week is the using of DDoS attacks by Avaddon authors to force victims to pay the ransom. And, the harassing activity from DeroHE ransomware to IOBiT forums also continued in this week as well.
Here are the major happenings in the ransomware this week date wise
January 24, 2021
DDoS attacks by Avaddon ransomware to force victims to pay ransom
The ransomware gang is now running DDoS attacks to force victims to contact them and negotiate for the victim.
CobraLocker ransomware in the wild
GrujaRS discovered this ransomware threat. The malware puts ransom demands in readme.txt file.
January 25, 2021
IOBiT are repeatedly taunts by ransomware
Ransomware authors once again in this week were observed to taunt the Windows Software developer iOBit by hacking its forums to display ransom demanding message
Attacks on a leading crane and lifting manufacturer
Palfinger, the leading crane and lifting manufacturer is targeted in an ongoing cyber attack. As a result, their IT systems and business operations get affected by this.
Affiliate model of Nemty ransomware
It’s a year before when there was the end of the operations of the Nemty ransomware. Some internal details of their operations in the period when it was active are presented in order to document the business models and actors behind this ransomware.
New JohnBorn Ransomware
The ransomware was discovered by Amigo-A. The founder observed this ransomware virus appends .johnborn@cock_li extension and drops a ransom note named RecoveryInstructions.txt.
A new variant of Xorist ransomware
Xiaopao discovered a variant of Xorist ransomware that appends .@LyDarkr and .ZoToN extensions.
January 26, 2021
Ransomware attack on a Dairy Farm
Dairy Farm Group, the operator of massive pan-Asian retail chain, was attacked by REvil ransomware. The attackers demanded them a sum of $30 million ransom.
New Xorist ransomware variant
This ransomware appends .CryptPethya extension. The malware was discovered by Xiaopao.
New Xorist variant
Xiaopao discovered Xorist variants that append .zaplat.za klic 2021 and .EnCryp13d extensions.
January 27, 2021
End of Emotet Trojan
Law enforcement has started distributing module for Emotet Trojan that will uninstall the malware from the infected device on April 25th, 2021.
Netwalker affiliate websites seized
Law enforcement from US and Bulgaria seized the dark websites from the said ransomware operations.
Charges on Netwalker ransomware affiliates
The U.S justice Department announced the indictment of Canadian national for allegedly involving in this file-encrypting operation.
New Namaste Ransomware
The ransomware was discovered by Petrovic. It appends ._enc extension to the encrypted files.
New Egalyty ransomware
Rakesh Krishnan discovered this ransomware. This Ransomware-as a-service is based after Ranion.
January 28, 2021
New POLA STOP ransomware variant
POLA ransomware was discovered by Amigo-A. The malware appends .pola extension and drops _readme.txt file to put ransom demands.
Release of orgs from Darkside they wont attack
The DarkSide ransomware in a press release on this date states they will no longer attackers certain organizations that include funeral services (morgues, crematoria, funeral g homes) and medicine (only hospitals, any palliative care organization, nursing homes) and the companies that develop and participate in the distribution of COVID-19 vaccine in large extent.
January 29, 2021
Vovalex ransomware
This ransomware is being distributed through fake pirated software that impersonates popular windows utilities such as CCleaner.
New Paradise ransomware variant
The ransomware is discovered by Xiaopao. The malware encodes the files and renames them with .Cukiesi extension.
New WormLocker ransomware variant
Again, Xiaopao is the discoverer behind this virus. The malware does not append any extension to the encrypted files.
New Dharma Ransomware variant
NOV ransomware is newly Dharma Ransomware variant discovered by Ravi. The malware appends the filenames with .NOV extension.