Ransomware attacks may have decreased slightly because of Russia’s invasion of Ukraine and associated sanctions. But ransomware is still a threat to organisations all around the world. Hackers continue to cause serious harm to global businesses.
Costa Rica declared a state of emergency in April after a major IT system outage caused by the Conti Ransomware attack. The ransomware attack began with the country’s Finance Ministry and quickly spread to other departments. This includes the National Weather Institute and the Ministry of Science, Technology, and Telecommunications.
Conti ransomware has been highly active recently, and it is most known for a $100 million attack on the Irish Healthcare System last year. Officials in the United Kingdom are concerned about a threat posed by Russian cybercriminals to the country’s National Health Service (NHS). Following the arrest of an accused pro-Putin cybercriminal in London, members of the cyber gang “Killnet” have threatened to attack all NHS ventilators. The US government is now offering a reward of up to $10 million for information leading to the identity and/or location of Conti ransomware gang.
The latest REvil ransomware samples were also evaluated by SecureWorks, confirming prior allegations that the ransomware group is back in some way. The Conti gang has denied being engaged in the current operation, according to a technical study released this week.
7th of May 2022
The US Government is offering a reward of up to $10 million for information that leads to the identification and location of the famous Conti ransomware gang’s leadership.
New Kekpop ransomware
Petrovic found a new ransomware variant with the.kekpop extension and a ReadMe.html ransom note.
9th of May 2022
President Rodrigo Chaves of Costa Rica has declared a national emergency because of cyber-attacks by the Conti ransomware organisation on several government agencies.
REvil Improvement Provides Confidence About GOLD SOUTHFIELD Reemergence
GOLD SOUTHFIELD risk group’s infrastructure restoring exercise in April 2022. SecureWorks® Counter Risk Unit (CTU) experts assessed REvil ransomware samples published to the VirusTotal site. Since October 20, 2021, the infrastructure had been closed. The fact that the developer has access to REvil’s supply code means that the risk group has resurfaced, which increases the likelihood that the risk group has revived. The discovery of many samples with various changes and the unavailability of an official updated version implies that REvil is still in development.
Lincoln College to close after 157 years due ransomware attack
Lincoln College, a liberal arts college in rural Illinois, has announced its closure. After a financial damage from the COVID-19 epidemic and a recent ransomware attack, the organisation is celebrating its 157th anniversary.
PCrisk identified TitanCrypt, a new form of Jcrypt that appends the.titancrypt extension and leaves a ransom note entitled RECOVER FILES.titancrypt.txt.
10th of May 2022
PCrisk detected a unique new Xoris version with the name added. WanaCray2023+ has released a ransom notice titled HOW TO DECRYPT FILES.txt.
Hackers targeted an Oregon election-related site hosting company
There was a ransomware attack on a web hosting provider a week before Oregon’s primary election. The secretary of state’s office is working to preserve of its online system where campaign financial data are published.
11th of May 2022
New ransomware trends in 2022
Ransomware isn’t any less active this year than it was last, hackers continue to threaten global businesses and old malware versions resurface as new ones emerge. Keeping an eye on and analysing these patterns not only provides us with threat intelligence to fight cybercriminals today, but it also allows us to predict future trends and better prepare for them.
BlueSky is a unique new ransomware activity discovered by Dreamer.
12th of May 2022
Has Russia given its cybercriminals in Latin America freedom?
There have been allegations about Conti’s ties to Federal Security Service (FSB). Costa Rica and Peru have been targeted heavily by cybercriminals, with Latin America being particularly hard hit. The invasion of Ukraine has been condemned by fifteen countries throughout the region.
New STOP ransomware versions with the .kruu, .ifla, and .byya extensions have been detected by PCrisk.
13th of May 2022
TxLocker ransomware with the.txlck suffix has been found by Amigo-A, and it drops a ransom note titled f1x instructions.txt.
Has your organisation started to increase cyber security measures yet? Start your two-week free trial today.