web analytics

The Week in Ransomware – September 29th 2023 – Dark Angels – Source: www.bleepingcomputer.com

the-week-in-ransomware-–-september-29th-2023-–-dark-angels-–-source:-wwwbleepingcomputer.com
Rate this post

Source: www.bleepingcomputer.com – Author: Lawrence Abrams

A Dark Angel

This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed.

BleepingComputer also exclusively broke the story that building and automation giant Johnson Controls International suffered a Dark Angels ransomware attack, with the threat actors claiming to have stolen 27 TB of data from 25 file servers.

The cyberattack was reportedly launched in Asia offices, from which the threat actors spread to the rest of the corporate network. During this time, the attackers claim to have stolen DWG files, engineering documents, databases, confidential documents, and client contracts.

Soon after BleepingComputer broke the news, Johnson Controls submitted a FORM 8-K filing with the SEC, confirming they suffered a cyberattack.

We also continue to see the effects of Clop’s massive MOVEit data-theft attacks, with the National Student Clearinghouse warning of a data breach that impacted 890 schools and the BORN Ontario child registry breach impacting 3.4 million people, including patients at the Hospital for Sick Children (SickKids).

Cybersecurity firms, journalists, and law enforcement also released interesting reports this week:

Contributors and those who provided new ransomware information and stories this week include @serghei@Ionut_Ilascu@BleepinComputer@fwosar@Seifreed@demonslay335@billtoulas@LawrenceAbrams@malwrhunterteam@MalGamy12@billseagull@coveware@GroupIB_TI@briankrebs@pcrisk@FBI, @jgreigj, and @DrWeb_antivirus.

September 23rd 2023

National Student Clearinghouse data breach impacts 890 schools

U.S. educational nonprofit National Student Clearinghouse (NSC) has disclosed a data breach affecting 890 schools using its services across the United States.

September 25th 2023

BORN Ontario child registry data breach affects 3.4 million people

The Better Outcomes Registry & Network (BORN), a healthcare organization funded by the government of Ontario, has announced that it is among the victims of Clop ransomware’s MOVEit hacking spree.

Megazord: a ransomware written in RUST

Technical writeup on Akira’s new PowerRanges variant, internally called Megazord.

Megazord ransomware is a new variant of Akira ransomware. Akira ransomware appeared in March 2023, and a Linux version appeared in June. The encryption method is a combination of RSA + AES to encrypt files. Megazord ransomware is different from the previous one in that it is written in Rust language and uses a combination of curve25519 elliptic curve asymmetric encryption algorithm and sosemanuk symmetric encryption algorithm to encrypt. The suffix of the encrypted file is .powerranges, and it is also included in each folder. Drop a ransomware document.

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .azhi, .azqt, and .azop extensions.

New Phobos ransomware variant

PCrisk found a new Phobos ransomware variant that appends the .deep extension.

September 26th 2023

SickKids impacted by BORN Ontario data breach that hit 3.4 million

The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario.

ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers

Security researchers have identified infrastructure belonging to a threat actor now tracked as ShadowSyndicate, who likely deployed seven different ransomware families in attacks over the past year.

Hackers actively exploiting Openfire flaw to encrypt servers

Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.

New Night Crow ransomware

PCrisk found a new ransomware named Night Crow that appends the .NIGHT_CROW and drops a ransom note named NIGHT_CROW_RECOVERY.txt.

Kettering logistics firm enters administration with 730 jobs lost

A logistics and training firm targeted by a “significant” cyber attack has entered administration.

September 27th 2023

Building automation giant Johnson Controls hit by ransomware attack

Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations.

‘Snatch’ Ransom Group Exposes Visitor IP Addresses

The victim shaming site operated by the Snatch ransomware group is leaking data about its true online location and internal operations, as well as the Internet addresses of its visitors, KrebsOnSecurity has found. The leaked data suggest that Snatch is one of several ransomware groups using paid ads on Google.com to trick people into installing malware disguised as popular free software, such as Microsoft Teams, Adobe Reader, Mozilla Thunderbird, and Discord.

New Dharma variant

PCrisk found a new Dharma variant that appends the .DOOK extension.

New Xorist variant

PCrisk found a new Xorist variant that appends the .Got extension.

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .mzhi, .mzop, and .mzqt extensions.

September 28th 2023

FBI: Dual ransomware attack victims now get hit within 48 hours

The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims’ networks to encrypt systems in under two days.

New Medusa variant

PCrisk found a new Medusa variant that appends the .meduza24 extension.

September 29th 2023

Large Michigan healthcare provider confirms ransomware attack

One of the largest healthcare systems in Michigan confirmed that it is dealing with a ransomware attack after a notorious hacker gang boasted about the incident.

New Electronic Ransomware

PCrisk found a new ransomware variant that appends the .ELCTRONIC and drops a ransom note named README ELECTRONIC.txt.

That’s it for this week! Hope everyone has a nice weekend!

Original Post URL: https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-29th-2023-dark-angels/

Category & Tags: Security – Security

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post

SCYTHE
Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE
Better Cybersecurity Metrics – SOC...
OCCUPYTHEWEB
Linux Basics for Hackers by Occupytheweb
Linux Basics for Hackers by...
US Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools & Activities by American Deparment of Defense
DevSecOps Fundamentals Guidebook – Tools...
Think Big Blog
Top 10 TED Talks to Learn about Cyber Security
Top 10 TED Talks to...
Joas Antonio
Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio
Guide for Multi-Cloud Read Team...
CISO2CISO Notepad Series
The sqreen DevSecOps Security Checklist
The sqreen DevSecOps Security Checklist
Marcos Jaimovich
Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich
Why do we compare a...
Joas Antonio
Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio
Security Operations Center (SOC) –...
IZZMIER
Incident Response Playbooks & Workflows Ready for use in your SOC & Redteams
Incident Response Playbooks & Workflows...
LOGPOINT
396 Use Cases & Siem Rules Code ready for use for Mitre Attacks Events Detection in Your SOC by Logpoint
396 Use Cases & Siem...
Forrester - Allie Mellen
Adapt Or Die: XDR Is On A Collision Course With SIEM And SOAR – EDR Is Dead, Long Live XDR by Allie Mellen – Forrester
Adapt Or Die: XDR Is...
CYBER LEADERSHIP INTITUTE
CISO PLAYBOOK: FIRST 100 DAYS Setting the CISO up for success
CISO PLAYBOOK: FIRST 100 DAYS...

LASTEST PUBLISHED POSTS

National Security Agency
CSI Cloud Top10 Key Management
CSI Cloud Top10 Key Management
CSA Cloud Security Alliance
Defining the Zero TrustProtect Surface
Defining the Zero TrustProtect Surface
HANIM EKEN
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CONTAINER SECURITY INTERVIEW QUESTIONS ANSWERS
CNIL
PRACTICE GUIDE GDPR – SECURITY OF PERSONAL DATA Version 2024
PRACTICE GUIDE GDPR – SECURITY...
PWNED LABS
Cloud Security Engineer Roadmap
Cloud Security Engineer Roadmap
tutorialspoint.com
Cloud Computing Tutorial Simply Easy Learning
Cloud Computing Tutorial Simply Easy...
SMITHA SRIHARSHA
CISSP Preparation Notes
CISSP Preparation Notes
CISSP Mind Map: All Domains
CISSP Mind Map: All Domains
Lansweeper
CIS 18 CRITICAL SECURITY CONTROLS CHECKLIST
CIS 18 CRITICAL SECURITY CONTROLS...
Semaphore
CI-CD with Docker and Kubernetes
CI-CD with Docker and Kubernetes
EC-MSP
BUSINESS CONTINUITY PLAN & DISASTER RECOVERY PLAN TEMPLATE
BUSINESS CONTINUITY PLAN & DISASTER...
PWC
Building a risk-resilient organisation
Building a risk-resilient organisation

More Latest Published Posts

40 under 40
40 under 40 in CyberSecurity 2024
40 under 40 in CyberSecurity 2024
HADESS
40 Days in DeepDark Web About Crypto Scam
40 Days in DeepDark Web About Crypto Scam
Everbridge
8 Principles of Supply Chain Risk Management
8 Principles of Supply Chain Risk Management
CHAOSSEARCH
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
Threat Hunter’s Handbook – Using Log Analytics to Find and Neutralize Hidden Threats in Your Environment
ENDGAME
The Hunters Handbook Endgame’s Guide to Adversary Hunting
The Hunters Handbook Endgame’s Guide to Adversary Hunting
THE EU’S MOST THREATENING by EUROPOL
THE EU’S MOST THREATENING by EUROPOL
National Cyber Security Centre
Responding to a cyber incident – a guide for CEOs
Responding to a cyber incident – a guide for CEOs
IGNITE Technologies
CREDENTIAL DUMPING
CREDENTIAL DUMPING
HADESS
Pwning the Domain Lateral Movement
Pwning the Domain Lateral Movement
Jorgen Lanesskog
PING Basic IP Network Troubleshooting
PING Basic IP Network Troubleshooting
TELESOFT
Layer 7 Visibility What are the Benefits?
Layer 7 Visibility What are the Benefits?
TIGERA
Introduction to Kubernetes Networking and Security
Introduction to Kubernetes Networking and Security
Department of Defense's (DoD)
Defense Industrial Base Cybersecurity Strategy 2024
Defense Industrial Base Cybersecurity Strategy 2024
Dummies
Zero Trust Access for Dummies Fortinet
Zero Trust Access for Dummies Fortinet
Homeland Security
Zero Trust Implementation Strategy
Zero Trust Implementation Strategy
National Australia Bank Limited
Your Business and Cyber Security
Your Business and Cyber Security
CYFIRMA
Xeno RAT- A New Remote Access Trojan
Xeno RAT- A New Remote Access Trojan
IGNITE Technologies
Windows Persistence COM Hijacking MITRE T1546 015
Windows Persistence COM Hijacking MITRE T1546 015
IGNITE Technologies
Windows Exploitation Rundll32
Windows Exploitation Rundll32
IGNITE Technologies
Windows Exploitation Msbuild
Windows Exploitation Msbuild
HADESS
Web LLM Attacks
Web LLM Attacks
HADESS
Trended Protocols for Security Stuff
Trended Protocols for Security Stuff
Red Iberoamericana de Protección de Datos
Transferencia Internacional de Datos Personales – Guia de Implementación
Transferencia Internacional de Datos Personales – Guia de Implementación
CYFIRMA
TRACKING RANSOMWARE January 2024
TRACKING RANSOMWARE January 2024
https://www.linkedin.com/in/harunseker/
TOP Cyber Attacks Detected by SIEM Solutions
TOP Cyber Attacks Detected by SIEM Solutions
TRAVARSA
Top 100 Cyber Threats and Solutions 2024
Top 100 Cyber Threats and Solutions 2024
Top 50 Cybersecurity Threats
Top 50 Cybersecurity Threats
OWASP
Top 10 Considerations for Incident Response
Top 10 Considerations for Incident Response