Whereas ransomware assaults decreased after the LockBit and BlackCat disruptions, they’ve as soon as once more began to ramp up with different operations filling the void.
A comparatively new operation referred to as RansomHub gained media consideration this week after a BlackCat affiliate used the newer operation’s information leak web site to extort Change HealthCare as soon as once more.
Change HealthCare allegedly already paid a ransom, which was stolen from an affiliate in an exit rip-off by the BlackCat/ALPHV ransomware operation. Nevertheless, the affiliate behind the assault claims to have saved the stolen information and is now extorting the corporate once more via RansomHub.
Thus far, the Change Healthcare assault has value UnitedHealth Group $872 million, with losses anticipated to proceed.
One other disruptive assault we discovered extra about this week is the Daixin operation claiming the cyberattack on Omni Inns. This assault brought about the resort chain to close down its IT methods, impacting reservations and requiring resort employees to let company into their rooms.
Different assaults focused chipmaker Nexpira, the United Nations Improvement Programme (UNDP), Octapharma Plasma, and the Atlantic States Marine Fisheries Fee (ASMFC).
There have been different cyberattacks this week, such because the one on Frontier Communications, however they haven’t been confirmed to be ransomware.
In different information, the U.S. Justice Division charged a Moldovan nationwide for operating a large-scale botnet that contaminated hundreds of computer systems and deployed ransomware.
Final however not least, the FBI reported that the Akira ransomware operation had earned $42 million from 250+ victims, and HelloKitty returned, rebranding as HelloGookie.
Contributors and those that offered new ransomware info and tales this week embrace: @billtoulas, @BleepinComputer, @Ionut_Ilascu, @serghei, @fwosar, @LawrenceAbrams, @malwrhunterteam, @demonslay335, @Seifreed, @pcrisk, @SophosXOps, @jgreigj, @JessicaHrdcstle, @3xp0rtblog, @AShukuhi, and @vxunderground.
April fifteenth 2024
Daixin ransomware gang claims assault on Omni Inns
The Daixin Crew ransomware gang claimed a current cyberattack on Omni Inns & Resorts and is now threatening to publish prospects’ delicate info if a ransom isn’t paid.
Chipmaker Nexperia confirms breach after ransomware gang leaks information
Dutch chipmaker Nexperia confirmed late final week that hackers breached its community in March 2024 after a ransomware gang leaked samples of allegedly stolen information.
Ransomware gang begins leaking alleged stolen Change Healthcare information
The RansomHub extortion gang has begun leaking what they declare is company and affected person information stolen from United Well being subsidiary Change Healthcare in what has been a protracted and convoluted extortion course of for the corporate.
New ransomware variant
PCrisk discovered a brand new ransomware variant that provides the .FBIRAS extension and drops a ransom observe named Readme.txt.
April sixteenth 2024
UnitedHealth: Change Healthcare cyberattack brought about $872 million loss
UnitedHealth Group reported an $872 million impression on its Q1 earnings because of the ransomware assault disrupting the U.S. healthcare system since February.
Atlantic fisheries physique confirms cyber incident after 8Base ransomware gang claims breach
A fisheries administration group for the East Coast is coping with a cyber incident following claims by a ransomware gang that it stole information.
New Deadly Lock ransomware
PCrisk discovered a ransomware that appends the .LethalLock extension and drops a ransom observe named SOLUTION_NOTE.txt.
New ransomware variant
PCrisk discovered a ransomware that appends the .Senator extension and drops a ransom observe named SENATOR ENCRYPTED.txt.
New Chaos ransomware variant
PCrisk discovered a brand new Chaos ransomware variant that appends the .DumbStackz extension and drops a ransom observe named read_it.txt.
New MedusaLocker ransomware variant
PCrisk discovered a brand new MedusaLocker ransomware variant that appends the .restore extension and drops a ransom observe named How_to_back_files.html.
April seventeenth 2024
Moldovan charged for working botnet used to push ransomware
The U.S. Justice Division charged Moldovan nationwide Alexander Lefterov, the proprietor and operator of a large-scale botnet that contaminated hundreds of computer systems throughout america.
‘Junk gun’ ransomware: Peashooters can nonetheless pack a punch
A Sophos X-Ops investigation finds {that a} wave of crude, low-cost ransomware may spell hassle for small companies and people – but in addition present insights into menace actor profession improvement and the broader menace panorama
April 18th 2024
FBI: Akira ransomware raked in $42 million from 250+ victims
In keeping with a joint advisory from the FBI, CISA, Europol’s European Cybercrime Centre (EC3), and the Netherlands’ Nationwide Cyber Safety Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom funds.
Ransomware feared as IT ‘points’ power Octapharma Plasma to shut 150+ facilities
Octapharma Plasma has blamed IT “community points” for the continuing closure of its 150-plus facilities throughout the US. It is feared a ransomware an infection would be the root reason for the medical agency’s ailment.
April nineteenth 2024
United Nations company investigates ransomware assault, information theft
?The United Nations Improvement Programme (UNDP) is investigating a cyberattack after menace actors breached its IT methods to steal human sources information.
HelloKitty ransomware rebrands, releases CD Projekt and Cisco information
An operator of the HelloKitty ransomware operation introduced they modified the identify to ‘HelloGookie,’ releasing passwords for beforehand leaked CD Projekt supply code, Cisco community info, and decryption keys from previous assaults.
New MedusaLocker ransomware variant
PCrisk discovered a brand new MedusaLocker ransomware variant that appends the .virus3 extension and drops a ransom observe named How_to_back_files.html.
That is it for this week! Hope everybody has a pleasant weekend!