This Cyber Weekly includes "Charitable" ransomware group, a new malware variant, serious cyber attacks, and more.
Thanks to all 1955 subscribers! If you like receiving the cyber news every week, be sure to show your support by liking the weekly posts. It helps a lot!
A new ransomware group called GoodWill forces victims to perform good deeds and post them on social media. Like any ransomware group, the threat is 100% real. They encrypt your data. However, there is a twist. The way to unlock the encrypted files is to perform charitable deeds like donate clothing or feed hungry children. The group seems to be based out of India and although seems to be a “positive” spin on cyber attacks, experts are suggesting the public announcement of the deed are meant to bring shame to the victims. (pcgamer)
My thoughts: Whether or not this is out of kindness, it’s strange. Extortion should never be used to get what you want. So regardless of what this group thinks they are doing, it’s not good and it’s not kind.
The Chaos ransomware-builder was known for creating destructor malware that overwrote files and made them unrecoverable -- but the new Yashma version finally generates binaries that can encrypt files of all sizes. Chaos targets more than 100 default file extensions for encryption and also has a list of files it avoids targeting, including .DLL, .EXE, .LNK, and .INI – presumably to prevent crashing a victim’s device by locking up system files. In each folder affected by the malware, it drops the ransom note as “read_it.txt.”
According to researchers at BlackBerry, who say that Chaos is on track to become a significant threat to businesses of every size. Be sure to read more about this one! (DARKReading)
My thoughts: Chaos/Yashma’s flexibility and its widespread availability makes it very dangerous going forward and a cause for concern. Every business Is a target further proving that Ransomware and Malware continue to evolve and are as malicious and impactful as ever. Stay safe out there.
The BlackCat/ALPHV ransomware group is claiming responsibility of the Regina Public School cyberattack. The school staff does not have access to internet-based systems such as email and other education tools. Considering it is the end of the year, the grading system, remote school and attendance is also not available.
The hackers claim to have stolen and made copies of 500 gigabytes of data, including tax reports and health information like passports and social insurance numbers.
The school immediately shut down its systems, but has to decide whether or not it will pay the ransom. Other options include rebuilding the entire network from their backups. This is something the City of Saint John did in 2020 instead of paying a ransom of up to $20 million worth of Bitcoin. (CBC)
My thoughts: Foundations, charities, educational institutions will continue to be attacked because of their vulnerability. Hackers know they can cause chaos for these institutions with vital roles in society. Hackers are ruthless.
It’s a busy week for Blackcat/ALPHV ransomware group as they also hit Carinthia, Austria with encrypting their files. Well, that’s what they say. The state representative further said that there is currently no evidence that BlackCat actually managed to steal any data from the state's systems. Because of this, the state seems adamant on not meeting the ransomware demands. (bleepingcomputer)
My thoughts: That’s one of the largest ransoms we’ve seen in a long time. Are ransomware gangs increasing their demands?
We’ve talked about Lockbit 2.0 and Conti being the most notable ransomware groups as they accounted for about 150 cyber attacks in April. Now, CLoP Ransomware Group increased its activity from 1 to 21 in April. They are known for targeting industrial and tech companies. (bleepingcomputer)
My thoughts: Eventually, every ransomware group will have specific industries they target with their own unique signature attack. We’re slowly starting to see Conti and Lockbit 2.0 targeting government institutions as well as critical infrastructure. I wouldn’t be surprised if more groups emerge that have specific industries they target. The only positive note is that those industries can better protect themselves for specific attacks. Otherwise, we’re all just waiting to be a victim.
It’s unclear who targeted this New Jersey county, but they seem to be getting things up and running pretty quickly even if their email and IT systems were affected.
“The Somerset County hack is only the latest ransomware incident to hamper local government services in the US, which often struggle with resources to counter hacks. It marks the 22nd US state or local government to be hit by ransomware in 2022.”
My thoughts: We can start taking bets at which government entity will be hit. If they are not being proactive, it’s on them.
Access monthly conversations with IT & Tech Leaders about the hottest cyber security topics in the industry.