Ransomware this week (12th March, 2021)

Past two weeks evidence the dominance of the cyber-security news about Microsoft Exchange Server ProxyLogon vulnerabilities.

Gilliespie, cyber security researcher, noted that these vulnerabilities were exploited by DearCry ransomware developers to target the Microsoft Exchange Servers.

 If you are using Microsoft Exchange server, you should take OWA or the patch the server. In addition to this, perform an offline backup of the server so as to avoid being encrypted, if compromised.

Other big news of the week is the REvil ransomware operators planning on DooS victims and calling the business partners belong to them to force vicitms into paying the demanded sum.

And, there are several new ransomware attacks against organizations including Molson Coors and the Spanish government.

6^th March 2021

REvil gangs to call victim’s business partners to pay ransom

The ransomware operation announced this week. The threat actors are using DDoS attacks and voice calls to journalists and victims’ business partners to generate ransom fee.

Jessy ransomware in the wild

 The malware is discovered by Jakub Kroustek. This discovery adds yet another variant of Dharma ransomware. It appends .Jessy extension to the filenames of the encrypted files.

7^th March 2021

New ROG Dharma virus

The credit of this discovery goes to Jakub Kroustek. This Dharma variant appends .ROG extension to the encrypted files.

8^th March 2021

New Sarbloh ransomware showing support to Indian farmer’s protest

 A new Sarbloh ransomware encrypts stored files and soon drops a ransom note. The ransom message shows support for the protest of Indian farmers.

Cyber attack at Flagstar Bank

The US bank and mortgage lender suffered a data breach, results in their customers and employees’ data exposure. It was discovered that CLOP ransomware developers hacked their Accelion file transfer server in January.

New Martix ransomware variant

Dnwls0719 discovered a new Matrix ransomware variant that appends .JDPR extension. It shows ransom note in JDPR_README.rtf.

9^th March 2021

 Arrest of a South Korean for phishing attacks

The attacker is suspected to be a member of GandCrab Ransomware, using Phishing emails to infect victims.

Bad Gopher ransomware in the wild

S!Ri discovered this ransomware. The malware appends the filenames of the encrypted files using .gopher extension.

10^th March 2021

Ransomware attack on 700 Spanish government labor agency officers

SEPE systems belong to the Spanish government agency for labor were taken down after attacked by Ryuk ransomware. The attack hit more than 700 agency offices of Spain.

New STOP ransomware variant

Michael Gillespie a DJVU/STOP variant that encrypts stored files using .reig and .tirp extensions to encrypt files.

Darkside ransomware 2.0

Hackers on Russian-speaking hacker forum announced about this release. 3xport was the first to observe this.

11^th March 2021

Cyber attack on Molson Coors

Molson Coors, beverage company, has suffered a cyber attack as a result of which there is significant distruption to their business operations.

A new ransomware infiltrates through Microsoft Exchange Servers’ ProxyLogon vulnerabilities exploit

DearCry is the ransomware. After hacking into Microsoft Exchange Servers using the recently disclosed ProxyLogon vulnerabilities, the threat actors belong ensure the virus installation.

Michael Gillespie was the first to observe this the newly DearCry ransomware was targeting the exchange servers.

New Dharma ransomware variants

Jakub Kroustek discovered new Dharma ransomware variants that append .biden, .eofyd and .duk extensions.

12^th March 2021

New Dharma ransomware variant

Jakub Kroustek found new Dharma ransomware variants that append .LAO and .Pirat extensions.