Ransomware news – January 24 to January 29, 2021

In this week, law enforcement successfully conducted two important operations, one of which is the takendown of Emotet Trojan, followed by the seizing of Tor sites and second one is the arrest of an affiliate of a very active Netwalker ransomware.

Another interesting happening of this week is the using of DDoS attacks by Avaddon authors to force victims to pay the ransom. And, the harassing activity from DeroHE ransomware to IOBiT forums also continued in this week as well.

Here are the major happenings in the ransomware this week date wise

January 24, 2021

DDoS attacks by Avaddon ransomware to force victims to pay ransom

The ransomware gang is now running DDoS attacks to force victims to contact them and negotiate for the victim.

CobraLocker ransomware in the wild

GrujaRS discovered this ransomware threat. The malware puts ransom demands in readme.txt file.

January 25, 2021

IOBiT are repeatedly taunts by ransomware

Ransomware authors once again in this week were observed to taunt the Windows Software developer iOBit by hacking its forums to display ransom demanding message

Attacks on a leading crane and lifting manufacturer

Palfinger, the leading crane and lifting manufacturer is targeted in an ongoing cyber attack. As a result, their IT systems and business operations get affected by this.

Affiliate model of Nemty ransomware

It’s a year before when there was the end of the operations of the Nemty ransomware. Some internal details of their operations in the period when it was active are presented in order to document the business models and actors behind this ransomware.

New JohnBorn Ransomware

The ransomware was discovered by Amigo-A. The founder observed this ransomware virus appends .johnborn@cock_li extension and drops a ransom note named RecoveryInstructions.txt.

A new variant of Xorist ransomware

Xiaopao discovered a variant of Xorist ransomware that appends .@LyDarkr and .ZoToN extensions.

January 26, 2021

Ransomware attack on a Dairy Farm

Dairy Farm Group, the operator of massive pan-Asian retail chain, was attacked by REvil ransomware. The attackers demanded them a sum of $30 million ransom.

New Xorist ransomware variant

This ransomware appends .CryptPethya extension. The malware was discovered by Xiaopao.

New Xorist variant

Xiaopao discovered Xorist variants that append .zaplat.za klic 2021 and .EnCryp13d extensions.

January 27, 2021

End of Emotet Trojan

Law enforcement has started distributing module for Emotet Trojan that will uninstall the malware from the infected device on April 25^th, 2021.

Netwalker affiliate websites seized

Law enforcement from US and Bulgaria seized the dark websites from the said ransomware operations.

Charges on Netwalker ransomware affiliates

The U.S justice Department announced the indictment of Canadian national for allegedly involving in this file-encrypting operation.

New Namaste Ransomware

The ransomware was discovered by Petrovic. It appends ._enc extension to the encrypted files.

New Egalyty ransomware

Rakesh Krishnan discovered this ransomware. This Ransomware-as a-service is based after Ranion.

January 28, 2021

New POLA STOP ransomware variant

POLA ransomware was discovered by Amigo-A. The malware appends .pola extension and drops _readme.txt file to put ransom demands.

Release of orgs from Darkside they wont attack

The DarkSide ransomware in a press release on this date states they will no longer attackers certain organizations that include funeral services (morgues, crematoria, funeral g homes) and medicine (only hospitals, any palliative care organization, nursing homes) and the companies that develop and participate in the distribution of COVID-19 vaccine in large extent.