This week in ransomware- 1st March – 5th March 2021

 The weekend witnesses the ransomware attacks targeting online services and MSPs. The attacks not only caused only encrypt to the victim but also the outage for their customers.

Attack on PrismHR, the famous HR and payroll platform and the large US MSP, Compucom, both got the hit from the ransomware that lead to the significant outrages.

Clop ransomware was seen to continuing their activity to publish the stolen data from the breached FTA devices, initiated in December.

Also, we have a report of the massive Ryuk attack to the Universal Health Services of September 2020 where the cyber-attacks had a cost around $67 million.

We have few more ransomware release reports as well in the past week, seeing various ransomware are releasing their new variant in the wild.

March 1st 2021

Hackers practicing black hat SEO to push Ransomware and Trojan through Google

Gootkit information stealer or otherwise called Gootloader virus has been found to be pushing a wide variety of malware through hacked WordPress sites and malicious SEO techniques for Google results.

Ryuk ransomware attack on Universal Health services

The UHS official said the Ryuk ransomware attack on September 2020 impacted an estimated total of $67 million to them.

Ransomware attack on NSW Transport Agency

The transport system belongs to Australian state of New South Wales suffered this attack after a vulnerability exploit by CLOP ransomware.

New dharma ransomware

Jakub Kroustek discovered two new Dharma ransomware variants, namely ORAL and URS ransomware, using .oral and .urs file extension respectively.

New DJVU ransomware variant

The ransomware named Ribd is the recent DJVU ransomware discovered by Michael Gillespie. It encrypts the files and appends .ribd extension to them.

2nd March 2021

Ransomware attack led Payroll giant PrismHR outrage

The payroll company suffered massive outrage by a ransomware attack from conversations with the customers.

Corona Locker Aurora ransomware variant

A new ransomware named Corona Locker has been discovered by Xiaopao. The malware belongs to Aurora ransomware family. It appends the encrypted files using .systems32x extension.

New Makop ransomware variant

Petrovic discovered this new variant. It encrypts the files and appends them with .vassago extension.

3rd March

Discovered a new RansomTrojanLock virus

S!ri discovered this virus. It appends the filenames of the encrypted files with .RansomTrojanLock extension.

Fancy Bear ransomware

S!ri found a new ransomware, targeting Russian belonging users. it encodes systems’ files and demands $3, 000 USD for their discharge.

New Help You Ransomware

Xiaopao discovered this new ransomware. It appends .IQ_IQ extension. The ransom message is displayed within HOW_TO_RECOVER_FILES.txt file.

Emsisoft updates the Aurora ransomware decryption tool

Emsisoft’s Aurora decryptor has now been updated to support the .systems32x extension.

4th March 2021

Ransomware attack on CompuCom

DarkSide ransomware hits this US based managed service provider in the past week, leading their service outrage and customers disconnection from the network.

Ransomware businesses are growing day by day

Group IB reveals this upon an analysis that ransomware attacks more than doubled the last year and increased in both scale and sophistication.

New JesusCrypt Ransomware

MalwareHunterTeam discovered this threat. The malware is at its development stage.

5th March 2021

A new ransomware hog asks users to join Discord server for data releases

Hog encrypts users’ device only to ask users join their Discord server.