Whereas ransomware assaults decreased after the LockBit and BlackCat disruptions, they’ve as soon as once more began to ramp up with different operations filling the void.
A comparatively new operation known as RansomHub gained media consideration this week after a BlackCat affiliate used the newer operation’s knowledge leak website to extort Change HealthCare as soon as once more.
Change HealthCare allegedly already paid a ransom, which was stolen from an affiliate in an exit rip-off by the BlackCat/ALPHV ransomware operation. Nevertheless, the affiliate behind the assault claims to have saved the stolen knowledge and is now extorting the corporate once more via RansomHub.
Thus far, the Change Healthcare assault has price UnitedHealth Group $872 million, with losses anticipated to proceed.
One other disruptive assault we discovered extra about this week is the Daixin operation claiming the cyberattack on Omni Accommodations. This assault prompted the resort chain to close down its IT programs, impacting reservations and requiring resort employees to let visitors into their rooms.
Different assaults focused chipmaker Nexpira, the United Nations Growth Programme (UNDP), Octapharma Plasma, and the Atlantic States Marine Fisheries Fee (ASMFC).
There have been different cyberattacks this week, such because the one on Frontier Communications, however they haven’t been confirmed to be ransomware.
In different information, the U.S. Justice Division charged a Moldovan nationwide for operating a large-scale botnet that contaminated 1000’s of computer systems and deployed ransomware.
Final however not least, the FBI reported that the Akira ransomware operation had earned $42 million from 250+ victims, and HelloKitty returned, rebranding as HelloGookie.
Contributors and people who supplied new ransomware info and tales this week embody: @billtoulas, @BleepinComputer, @Ionut_Ilascu, @serghei, @fwosar, @LawrenceAbrams, @malwrhunterteam, @demonslay335, @Seifreed, @pcrisk, @SophosXOps, @jgreigj, @JessicaHrdcstle, @3xp0rtblog, @AShukuhi, and @vxunderground.
April fifteenth 2024
Daixin ransomware gang claims assault on Omni Accommodations
The Daixin Workforce ransomware gang claimed a latest cyberattack on Omni Accommodations & Resorts and is now threatening to publish prospects’ delicate info if a ransom shouldn’t be paid.
Chipmaker Nexperia confirms breach after ransomware gang leaks knowledge
Dutch chipmaker Nexperia confirmed late final week that hackers breached its community in March 2024 after a ransomware gang leaked samples of allegedly stolen knowledge.
Ransomware gang begins leaking alleged stolen Change Healthcare knowledge
The RansomHub extortion gang has begun leaking what they declare is company and affected person knowledge stolen from United Well being subsidiary Change Healthcare in what has been a protracted and convoluted extortion course of for the corporate.
New ransomware variant
PCrisk discovered a brand new ransomware variant that provides the .FBIRAS extension and drops a ransom observe named Readme.txt.
April sixteenth 2024
UnitedHealth: Change Healthcare cyberattack prompted $872 million loss
UnitedHealth Group reported an $872 million affect on its Q1 earnings because of the ransomware assault disrupting the U.S. healthcare system since February.
Atlantic fisheries physique confirms cyber incident after 8Base ransomware gang claims breach
A fisheries administration group for the East Coast is coping with a cyber incident following claims by a ransomware gang that it stole knowledge.
New Deadly Lock ransomware
PCrisk discovered a ransomware that appends the .LethalLock extension and drops a ransom observe named SOLUTION_NOTE.txt.
New ransomware variant
PCrisk discovered a ransomware that appends the .Senator extension and drops a ransom observe named SENATOR ENCRYPTED.txt.
New Chaos ransomware variant
PCrisk discovered a brand new Chaos ransomware variant that appends the .DumbStackz extension and drops a ransom observe named read_it.txt.
New MedusaLocker ransomware variant
PCrisk discovered a brand new MedusaLocker ransomware variant that appends the .restore extension and drops a ransom observe named How_to_back_files.html.
April seventeenth 2024
Moldovan charged for working botnet used to push ransomware
The U.S. Justice Division charged Moldovan nationwide Alexander Lefterov, the proprietor and operator of a large-scale botnet that contaminated 1000’s of computer systems throughout the US.
‘Junk gun’ ransomware: Peashooters can nonetheless pack a punch
A Sophos X-Ops investigation finds {that a} wave of crude, low cost ransomware may spell bother for small companies and people – but in addition present insights into risk actor profession improvement and the broader risk panorama
April 18th 2024
FBI: Akira ransomware raked in $42 million from 250+ victims
In keeping with a joint advisory from the FBI, CISA, Europol’s European Cybercrime Centre (EC3), and the Netherlands’ Nationwide Cyber Safety Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom funds.
Ransomware feared as IT ‘points’ pressure Octapharma Plasma to shut 150+ facilities
Octapharma Plasma has blamed IT “community points” for the continuing closure of its 150-plus facilities throughout the US. It is feared a ransomware an infection could be the root reason for the medical agency’s ailment.
April nineteenth 2024
United Nations company investigates ransomware assault, knowledge theft
?The United Nations Growth Programme (UNDP) is investigating a cyberattack after risk actors breached its IT programs to steal human assets knowledge.
HelloKitty ransomware rebrands, releases CD Projekt and Cisco knowledge
An operator of the HelloKitty ransomware operation introduced they modified the identify to ‘HelloGookie,’ releasing passwords for beforehand leaked CD Projekt supply code, Cisco community info, and decryption keys from outdated assaults.
New MedusaLocker ransomware variant
PCrisk discovered a brand new MedusaLocker ransomware variant that appends the .virus3 extension and drops a ransom observe named How_to_back_files.html.
That is it for this week! Hope everybody has a pleasant weekend!