This week has been a busy ransomware week, with ransomware assaults having an enormous influence on organizations and the fallout of the MOVEit breaches to be disclosed.
BleepingComputer additionally solely broke the story that constructing and automation large Johnson Controls International suffered a Dark Angels ransomware assault, with the menace actors claiming to have stolen 27 TB of information from 25 file servers.
The cyberattack was reportedly launched in Asia workplaces, from which the menace actors unfold to the remainder of the company community. Throughout this time, the attackers declare to have stolen DWG recordsdata, engineering paperwork, databases, confidential paperwork, and consumer contracts.
Quickly after BleepingComputer broke the information, Johnson Controls submitted a FORM 8-Okay submitting with the SEC, confirming they suffered a cyberattack.
We additionally proceed to see the consequences of Clop’s massive MOVEit data-theft attackswith the Nationwide Scholar Clearinghouse warning of a data breach that impacted 890 schools and the BORN Ontario youngster registry breach impacting 3.4 million peopletogether with patients at the Hospital for Sick Children (SickKids).
Cybersecurity corporations, journalists, and legislation enforcement additionally launched fascinating reviews this week:
Contributors and those that offered new ransomware data and tales this week embrace @serghei, @Ionut_Ilascu, @BleepinComputer, @fwosar, @Seifreed, @demonslay335, @billtoulas, @LawrenceAbrams, @malwrhunterteam, @MalGamy12, @billseagull, @coveware, @GroupIB_TI, @briankrebs, @pcrisk, @FBI, @jgreigjand @DrWeb_antivirus.
September twenty third 2023
U.S. academic nonprofit Nationwide Scholar Clearinghouse (NSC) has disclosed an information breach affecting 890 faculties utilizing its companies throughout america.
September twenty fifth 2023
The Higher Outcomes Registry & Community (BORN), a healthcare group funded by the federal government of Ontario, has introduced that it’s among the many victims of Clop ransomware’s MOVEit hacking spree.
Technical writeup on Akira’s new PowerRanges variant, internally known as Megazord.
Megazord ransomware is a brand new variant of Akira ransomware. Akira ransomware appeared in March 2023, and a Linux model appeared in June. The encryption methodology is a mix of RSA + AES to encrypt recordsdata. Megazord ransomware is completely different from the earlier one in that it’s written in Rust language and makes use of a mix of curve25519 elliptic curve uneven encryption algorithm and sosemanuk symmetric encryption algorithm to encrypt. The suffix of the encrypted file is .powerranges, and additionally it is included in every folder. Drop a ransomware doc.
PC risk discovered new STOP ransomware variants that append the .azhi, .azqtand .azop extensions.
PCrisk discovered a brand new Phobos ransomware variant that appends the .deep extension.
September twenty sixth 2023
The Hospital for Sick Kids, extra generally referred to as SickKids, is amongst healthcare suppliers that had been impacted by the latest breach at BORN Ontario.
Safety researchers have recognized infrastructure belonging to a menace actor now tracked as ShadowSyndicate, who seemingly deployed seven completely different ransomware households in assaults over the previous 12 months.
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
PCrisk discovered a brand new ransomware named Evening Crow that appends the .NIGHT_CROW and drops a ransom word named NIGHT_CROW_RECOVERY.txt.
A logistics and coaching agency focused by a “significant” cyber assault has entered administration.
September twenty seventh 2023
Johnson Controls Worldwide has suffered what’s described as an enormous ransomware assault that encrypted most of the firm gadgets, together with VMware ESXi servers, impacting the corporate’s and its subsidiaries’ operations.
The sufferer shaming web site operated by the Snatch ransomware group is leaking knowledge about its true on-line location and inside operations, in addition to the Web addresses of its guests, KrebsOnSecurity has discovered. The leaked knowledge recommend that Snatch is one in all a number of ransomware teams utilizing paid adverts on Google.com to trick individuals into putting in malware disguised as fashionable free software program, akin to Microsoft Groups, Adobe Reader, Mozilla Thunderbird, and Discord.
PCrisk discovered a brand new Dharma variant that appends the .DOOK extension.
PCrisk discovered a brand new Xorist variant that appends the .Bought extension.
PC risk discovered new STOP ransomware variants that append the .mzhi, .mzopand .mzqt extensions.
September twenty eighth 2023
The FBI has warned a couple of new pattern in ransomware assaults the place a number of strains are deployed on victims’ networks to encrypt methods in beneath two days.
PCrisk discovered a brand new Medusa variant that appends the .medusa24 extension.
September Twenty ninth 2023
One of many largest healthcare methods in Michigan confirmed that it’s coping with a ransomware assault after a infamous hacker gang boasted in regards to the incident.
PCrisk discovered a brand new ransomware variant that appends the .ELCTRONIC and drops a ransom word named README ELECTRONIC.txt.
That’s it for this week! Hope everybody has a pleasant weekend!
Authentic Put up URL: https://www.bleepingcomputer.com/information/safety/the-week-in-ransomware-september-Twenty ninth-2023-dark-angels/
Date: 2023-09-29 23:46:07