This week in ransomware- 1st March – 5th March 2021
The weekend witnesses the ransomware attacks targeting online services and MSPs. The attacks not only caused only encrypt to the victim but also the outage for their customers.
Attack on PrismHR, the famous HR and payroll platform and the large US MSP, Compucom, both got the hit from the ransomware that lead to the significant outrages.
Clop ransomware was seen to continuing their activity to publish the stolen data from the breached FTA devices, initiated in December.
Also, we have a report of the massive Ryuk attack to the Universal Health Services of September 2020 where the cyber-attacks had a cost around $67 million.
We have few more ransomware release reports as well in the past week, seeing various ransomware are releasing their new variant in the wild.
March 1st 2021
Hackers practicing black hat SEO to push Ransomware and Trojan through Google
Gootkit information stealer or otherwise called Gootloader virus has been found to be pushing a wide variety of malware through hacked WordPress sites and malicious SEO techniques for Google results.
Ryuk ransomware attack on Universal Health services
The UHS official said the Ryuk ransomware attack on September 2020 impacted an estimated total of $67 million to them.
Ransomware attack on NSW Transport Agency
The transport system belongs to Australian state of New South Wales suffered this attack after a vulnerability exploit by CLOP ransomware.
New dharma ransomware
Jakub Kroustek discovered two new Dharma ransomware variants, namely ORAL and URS ransomware, using .oral and .urs file extension respectively.
New DJVU ransomware variant
The ransomware named Ribd is the recent DJVU ransomware discovered by Michael Gillespie. It encrypts the files and appends .ribd extension to them.
2nd March 2021
Ransomware attack led Payroll giant PrismHR outrage
The payroll company suffered massive outrage by a ransomware attack from conversations with the customers.
Corona Locker Aurora ransomware variant
A new ransomware named Corona Locker has been discovered by Xiaopao. The malware belongs to Aurora ransomware family. It appends the encrypted files using .systems32x extension.
New Makop ransomware variant
Petrovic discovered this new variant. It encrypts the files and appends them with .vassago extension.
3rd March
Discovered a new RansomTrojanLock virus
S!ri discovered this virus. It appends the filenames of the encrypted files with .RansomTrojanLock extension.
Fancy Bear ransomware
S!ri found a new ransomware, targeting Russian belonging users. it encodes systems’ files and demands $3, 000 USD for their discharge.
New Help You Ransomware
Xiaopao discovered this new ransomware. It appends .IQ_IQ extension. The ransom message is displayed within HOW_TO_RECOVER_FILES.txt file.
Emsisoft updates the Aurora ransomware decryption tool
Emsisoft’s Aurora decryptor has now been updated to support the .systems32x extension.
4th March 2021
Ransomware attack on CompuCom
DarkSide ransomware hits this US based managed service provider in the past week, leading their service outrage and customers disconnection from the network.
Ransomware businesses are growing day by day
Group IB reveals this upon an analysis that ransomware attacks more than doubled the last year and increased in both scale and sophistication.
New JesusCrypt Ransomware
MalwareHunterTeam discovered this threat. The malware is at its development stage.
5th March 2021
A new ransomware hog asks users to join Discord server for data releases
Hog encrypts users’ device only to ask users join their Discord server.
