The Week in Ransomware - October 7th 2022 - A 20 year sentence

The Week in Ransomware - October 7th 2022 - A 20 year sentence​

• October 7, 2022
• 06:14 PM ET
• 0

It was a very quiet week regarding ransomware news, with the most significant news being the sentencing of a Netwalker affiliate to 20-years in prison.
A Florida court this week sentenced former Netwalker ransomware affiliate Sebastien Vachon-Desjardins to twenty years in prison and demanded he forfeits $21.5 million for an attack on a Tampa business and other companies worldwide.
We also had reports released this week that linked the Cheerscrypt ransomware to a Chinese hacking group and showed how the BlackByte ransomware operation uses 'Bring Your Own Vulnerable Driver' (BYOVD) attacks to terminate security software.
Motherboard also released a report based on FOIA requests, showing how US schools have responded to ransomware attacks on their networks.
Finally, the Vice Society began leaking data belonging to students, parents, and employees of the Los Angeles Unified school district, and Ferrari denies RansomEXX attacked them.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @malwrhunterteam, @demonslay335, @malwareforme, @Seifreed, @billtoulas, @jorntvdw, @serghei, @fwosar, @FourOctets, @BleepinComputer, @struppigel, @Ionut_Ilascu, @VK_Intel, @LawrenceAbrams, @PolarToffee, @Avast, @Sophos, @sygnia_labs, @BrettCallow, @pcrisk, @jgreigj, @lorenzofb, and @elhackernet.

October 2nd 2022​

Ransomware gang leaks data stolen from LAUSD school system​

The Vice Society Ransomware gang published data and documents Sunday morning that were stolen from the Los Angeles Unified School District during a cyberattack earlier this month.

October 3rd 2022​

New STOP ransomware variants​

PCrisk found new STOP ransomware variants that append the .adlg and .adww extensions.

How Ransomware Is Causing Chaos in American Schools​

May 19, 2021 was supposed to be just another day at the end of the school year at Sierra College, a community college in Rocklin, California. Instead, hackers hit the school with ransomware, throwing it into chaos.

October 4th 2022​

Ransomware hunters: the self-taught tech geniuses fighting cybercrime​

Hackers are increasingly taking users’ data hostage and demanding huge sums for its release. They have targeted individuals, businesses, vital infrastructure and even hospitals. Authorities have been slow to respond – but there is help out there

Decrypted: MafiaWare666 Ransomware​

MafiaWare666 is a ransomware strain written in C# which doesn’t contain any obfuscation or anti-analysis techniques. It encrypts files using the AES encryption. We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. New or previously unknown samples may encrypt files differently, so they may not be decryptable without further analysis.

Cheerscrypt ransomware linked to a Chinese hacking group​

The Cheerscrypt ransomware has been linked to a Chinese hacking group named 'Emperor Dragonfly,' known to frequently switch between ransomware families to evade attribution.

Netwalker ransomware affiliate sentenced to 20 years in prison​

Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.

New RedKrypt Ransomware​

PCrisk found a new RedKrypt Ransomware that appends the .p.redkrypt extension and drops a ransom note named RedKrypt-Notes-README.txt.

Ferrari denies data breach and ransomware attack following gang’s online claims​

Luxury car maker Ferrari is denying that it was hit with a ransomware attack after a gang added the company to its list of victims this week.

Cyber attack on health provider Pinnacle a 'wake up call'​

A top doctor is calling a cyber attack on a major primary health provider that has compromised the details of potentially thousands of patient details a “wake up call to the sector”.

October 5th 2022​

BlackByte ransomware abuses legit driver to disable security products​

The BlackByte ransomware gang is using a new technique that researchers are calling "Bring Your Own Driver," which enables bypassing protections by disabling more than 1,000 drivers used by various security solutions.

October 7th 2022​

Ransomware cyberattack affects 13 hospitals and outpatient clinics in Catalonia​

The Consorci Sanitari Integral (CSI) has suffered a ransomware computer attack (for the second time in two years) that affects all its healthcare centers in Barcelona and Baix Llobregat. Health activity and patient care are maintained in what does not require computer services , with consultations practically only for emergencies, since health workers do not have access to patient information or procedures through computers .

New STOP ransomware variants​

PCrisk found new STOP ransomware variants that append the .towz and .tohj extensions.

That's it for this week! Hope everyone has a nice weekend!​