web analytics

The Week in Ransomware – January 12th 2024 – Targeting homeowners’ data – Source: www.bleepingcomputer.com

the-week-in-ransomware-–-january-12th-2024-–-targeting-homeowners’-data-–-source:-wwwbleepingcomputer.com
Rate this post

Source: www.bleepingcomputer.com – Author: Lawrence Abrams

US Neighborhood

Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.

This week, we learned that mortgage lender loanDepot suffered a cyberattack, which the company later confirmed was ransomware.

This comes on the heels of similar attacks against Mortgage giant Mr. Cooper, which led to the exposure of data for 14 million people, and attacks on title insurance companies, including First American Financial and Fidelity National Financial.

As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks.

Other attacks we learned about this week include the Toronto Zoo, a Black Hunt ransomware attack on Tigo Business, and LockBit claiming to be behind the attack on the Capital Health hospital network.

Finland is also warning of Akira ransomware increasingly targeting companies in the country and wiping backups.

Cybersecurity researchers are back from the holidays, sharing new research on a BlackBasta affiliate’s use of PikaBot, Microsoft SQL servers being targeted by the Mimic ransomware, and threat actors impersonating security researchers to offer victims a chance to hack back at ransomware gangs.

For some good news, a Dutch police operation with Cisco Talos led to the arrest of a ransomware operator and the retrieval of decryption keys. This key was added to Avast’s decryptor, allowing victims of the Tortilla ransomware (based on Babuk) to recover their files for free.

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @malwrhunterteam, @fwosar, @BleepinComputer, @serghei, @demonslay335, @Ionut_Ilascu, @Seifreed, @billtoulas, @AWNetworks, @Securonix, @TalosSecurity, @criptoboi, @pcrisk, @TrendMicro, and @Unit42_Intel.

January 7th 2024

Mortgage firm loanDepot cyberattack impacts IT systems, payment portal

U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans.

January 8th 2024

Capital Health attack claimed by LockBit ransomware, risk of data leak

The LockBit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow.

Toronto Zoo: Ransomware attack had no impact on animal wellbeing

Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations.

US mortgage lender loanDepot confirms ransomware attack

?Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption.

New Phobos ransomware variant

PCrisk found a new Phobos variant that appends the .jopanaxye extension and drops ransom notes named info.txt and info.hta.

New STOP Ransomware variants

PCrisk found new STOP ransomware variants that append the .cdwe and .cdaz extensions.

New Makops variant

PCrisk found a new Makops variant that appends the .SOG extension and drops a ransom note named +README-WARNING+.txt.

New Abyss ransomware

PCrisk found a new ransomware that appends the .abyss extension and drops a ransom note named WhatHappened.txt.

January 9th 2024

Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach

The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company’s business division.

Decryptor for Babuk ransomware variant released after hacker arrested

Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware’s operator.

Hackers target Microsoft SQL servers in Mimic ransomware attacks

A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims’ files with Mimic (N3ww4v3) ransomware.

Ransomware victims targeted by fake hack-back offers

Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data.

Black Basta-Affiliated Water Curupira’s Pikabot Spam Campaign

A threat actor we track under the Intrusion set Water Curupira (known to employ the Black Basta ransomware) has been actively using Pikabot. a loader malware with similarities to Qakbot, in spam campaigns throughout 2023.

New Phobos variant

PCrisk found a new Phobos variant that appends the .2700 extension and drops a ransom note named +README-WARNING+.txt.

New Abyss ransomware

PCrisk found a new ransomware that appends the .abyss extension and drops a ransom note named WhatHappened.txt.

January 10th 2024

Fidelity National Financial: Hackers stole data of 1.3 million people

Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers.

January 11th 2024

Finland warns of Akira ransomware wiping NAS and tape backup devices

The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.

Medusa Ransomware Turning Your Files into Stone

Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. Medusa threat actors use this site to disclose sensitive data from victims unwilling to comply with their ransom demands.

New Phobos variant

PCrisk found a new Phobos variant that appends the .mango extension and drops a ransom note named +README-WARNING+.txt.

New STOP Ransomware variants

PCrisk found new STOP ransomware variants that append the .cdtt and .cdpo extensions.

New Ping ransomware

PCrisk found a new ransomware that appends the .pings extension and drops a ransom note named FILE RECOVERY.txt.

January 12th 2024

New Dharma variant

PCrisk found a new Dharma ransomware variant that appends the .AeR extension and drops ransom notes named info.txt and info.hta.

New Xorist variant

PCrisk found a new Xorist variant that appends the .CoV extension and drops a ransom note named HOW TO DECRYPT FILES.txt.

That’s it for this week! Hope everyone has a nice weekend!

Original Post URL: https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-12th-2024-targeting-homeowners-data/

Category & Tags: Security – Security

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

NCSC
NCSC Cyber Security for Small Business “SMEs” Guide.
NCSC Cyber Security for Small...
RedHat
State of Kubernetes Security Report 2022 by RedHat
State of Kubernetes Security Report...
HADESS
Introduction to Doxing- OSINT methods for information gathering by HADESS
Introduction to Doxing- OSINT methods...
BUTTERWORTH-HEINEMANN
Security Operations Center Guidebook – A Practical Guide for a Successful SOC
Security Operations Center Guidebook –...
SANS
SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.
SANS Faculty Cybersecurity Free Tools...
SentinelOne
90 DAYS A CISO´s Journey to Impact define your role !!
90 DAYS A CISO´s Journey...
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response