Nov 13, 2021
87 Views
0 0

The Week in Ransomware – November 12th 2021 – Targeting REvil

Written by

AMD fixes dozens of Windows 10 graphics driver security bugs
Void Balaur hackers-for-hire sell stolen mailboxes and private data
Russian ‘King of Fraud’ sentenced to 10 years for Methbot scheme
Windows 10 App Installer abused in BazarLoader malware attacks
The Week in Ransomware – November 12th 2021 – Targeting REvil
Microsoft Intune bug forces Samsung devices into non-compliant state
QBot returns for a new wave of infections using Squirrelwaffle
FTC shares ransomware defense tips for small US businesses
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
Ransomware
This week, law enforcement struck a massive blow against the REvil ransomware operation, with multiple arrests announced and the seizure of cryptocurrency.
On Monday, the US Department of Justice, Europol, and Interpol announced arrests of REvil affiliates and members in Kuwait and Romania. The FBI also announced the arrest of the REvil affiliate behind the July Kaseya attack that encrypted over 1,500 organizations.
In addition, the US announced that $6 million in ransom payments was seized from the REvil ransomware operation.
After REvil shut down in October, it was expected that the group would rebrand as a new operation shortly. However, with the recent news of the arrests and that the FBI hijacked their server, it is possible that they may call it quits as other cybercriminals will likely not want want to work with them again.
This week, the other big news is a massive attack on the European electronics retailer MediaMarkt by the Hive Ransomware operation.
Other news this week is the Clop gang using the Serv-U vulnerability to breach networks and a new US bill laying out ransomware response steps for financial organizations.
Contributors and those who provided new ransomware information and stories this week include: @serghei, @FourOctets, @BleepinComputer, @struppigel, @billtoulas, @fwosar, @malwrhunterteam, @jorntvdw, @Ionut_Ilascu, @LawrenceAbrams, @Seifreed, @VK_Intel, @malwareforme, @demonslay335, @DanielGallagher, @PolarToffee, @douglasmun, @John_Fokker, @tsrc_team, @cybereason, @NCCGroupInfosec, @kpoulsen, @bobmcmillan, @pcrisk, and @Amigo_A_.
A thirty-month international law enforcement operation codenamed ‘Operation Cyclone’ targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine.
Electronics retail giant MediaMarkt has suffered a ransomware attack causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany.
Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates on November 4, both of them allegedly responsible for infecting thousands of victims.
The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner.
The US Treasury Department announced today sanctions against the Chatex cryptocurrency exchange for helping ransomware gangs evade sanctions and facilitating ransom transactions.
The U.S. is offering up to $10 million for identifying or locating leaders in the REvil (Sodinokibi) ransomware operation, including $5 million leading to the arrest of affiliates.
The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices.
A threat actor tracked as Shatak (TA551) recently partnered with the ITG23 gang (aka TrickBot and Wizard Spider) to deploy Conti ransomware on targeted systems.
PCrisk found a new STOP ransomware variant that appends the .qdla extension.
The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices.
New legislation introduced this week by US lawmakers aims to set ransomware attack response “rules of road” for US financial institutions.
Amigo-A found a new ransomware that appends the .BlackCocaine extension and drops the HOW_TO_RECOVER_FILES.BlackCocaine.txt ransom note.
A Moscow entrepreneur was detained during a vacation abroad this month and is now facing extradition to the U.S. on charges that he helped a notorious Russian ransomware group launder payments.
PCrisk found a new STOP ransomware variant that appends the .qmak extension.
US seizes $6 million from REvil ransomware, arrest Kaseya hacker
The Week in Ransomware – November 5th 2021 – Placing bounties
The Week in Ransomware – October 29th 2021 – Making arrests
The Week in Ransomware – October 22nd 2021 – Striking back
The Week in Ransomware – October 15th 2021 – Disrupting ransoms
Not a member yet? Register Now
Costco discloses data breach after finding credit card skimmer
Microsoft: New security updates trigger Windows Server auth issues
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source

Article Categories:
Cybersecurity News

Comments are closed.