It began as a sluggish ransomware information week however slowly picked up tempo with the Division of Justice saying indictments on TrickBot and Conti operations members.
On Thursday, the US introduced sanctions and three indictments in opposition to 9 Russian nationals who’re alleged members of the TrickBot and Conti ransomware operations for assaults on greater than 900 victims worldwide.
“The defendants charged in these three indictments throughout three totally different jurisdictions allegedly used their cyber data and capabilities to victimize folks and companies around the globe with out regard for the harm they prompted,” mentioned Performing Assistant Lawyer Normal Nicole M. Argentieri of the Justice Division’s Prison Division
The people had been allegedly concerned in all kinds of roles within the Conti ransomware operation, together with total managing of the cybercrime operation, crypting malware so it was undetectable, managing infrastructure, and growing malware, together with the TrickBot botnet.
In different information, Cisco confirmed that ransomware gangs are exploiting a zero-day in Cisco VPN home equipment after BleepingComputer’s, SentinelOnes, and Rapid7’s reporting on its abuse by the Akira ransomware operation.
Lastly, Ragnar Locker claimed an August assault on Israel’s Mayanei Hayeshua hospital, claiming to have stolen 1 TB of knowledge.
Contributors and people who supplied new ransomware data and tales this week embody: @BleepinComputer, @VK_Intel, @jorntvdw, @LawrenceAbrams, @PolarToffee, @FourOctets, @struppigel, @DanielGallagher, @malwareforme, @Ionut_Ilascu, @demonslay335, @billtoulas, @serghei, @fwosar, @malwrhunterteam, @Seifreed, @cloudsek, @SecurityAura, @SentinelOne, and @pcrisk.
September 4th 2023
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .rzkd and .rzml extensions.
New Chaos ransomware variant
PCrisk discovered a brand new Chaos ransomware variant that appends the .sub_to_crypto_nwo extension and drops a ransom notice named Home windows!System32.txt.
New Rival ransomware
PCrisk discovered a brand new ransomware named Rival that appends the .rival and drops a ransom notice named FILES ENCRYPTED.txt.
September sixth 2023
New STOP ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .rzew extension.
New Phobos ransomware variant
PCrisk discovered a brand new Phobos ransomware variant that appends the .sb4 extension.
September seventh 2023
US and UK sanction 11 TrickBot and Conti cybercrime gang members
The USA and the UK have sanctioned eleven Russian nationals related to the TrickBot and Conti ransomware cybercrime operations.
A number of International Nationals Charged in Reference to Trickbot Malware and Conti Ransomware Conspiracies
Three indictments in three totally different federal jurisdictions have been unsealed charging a number of Russian cybercrime actors concerned within the Trickbot malware and Conti ransomware schemes.
September eighth 2023
Cisco warns of VPN zero-day exploited by ransomware gangs
Cisco is warning of a CVE-2023-20269 zero-day vulnerability in its Cisco Adaptive Safety Equipment (ASA) and Cisco Firepower Risk Protection (FTD) that’s actively exploited by ransomware operations to achieve preliminary entry to company networks.
Ragnar Locker claims assault on Israel’s Mayanei Hayeshua hospital
The Ragnar Locker ransomware gang has claimed duty for an assault on Israel’s Mayanei Hayeshua hospital, threatening to leak 1 TB of knowledge allegedly stolen in the course of the cyberattack.
Understanding Knight Ransomware: Advisory, Evaluation
Cyclops, now renamed as Knight also referred to as Cyclops 2.0, debuted in Might 2023. The Cyclops group has efficiently developed ransomware that may infect all three main platforms: Home windows, Linux, macOS, ESXi and Android.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .hgml and .hgkd extensions.
That is it for this week! Hope everybody has a pleasant weekend!