This week’s huge information is the extortion assaults on the Caesars and MGM Las Vegas on line casino chains, with one having already paid the ransom and the opposite nonetheless dealing with operational disruptions.
Caesers was first quietly breached earlier this month, with the attackers stealing its loyalty program database. This database comprises driver’s license numbers and social safety for patrons, and to forestall the leak of the info, Caesers paid a ransom demand.
In line with a report by the Wall Avenue Journal, the menace actors demanded $30 million to not leak the info, however the On line casino negotiated it right down to a $15 million fee.
“We now have taken steps to make sure that the stolen knowledge is deleted by the unauthorized actor, though we can’t assure this end result,” Caesars stated in an SEC 8-Okay submitting printed after information of the assault leaked.
This week, MGM Resorts suffered a ransomware assault, inflicting huge disruptions in its casinos, similar to ATMs and bank card machines not working, visitors locked our of resort rooms, and slot machines not working.
It was later confirmed that this assault was performed by an affiliate for the BlackCat/ALPHV ransomware operation generally known as Scattered Spider.
In a prolonged assertion on the ransomware gang’s knowledge leak web site, the menace actors declare to have gained full entry to the corporate’s community and finally encrypted 100 VMware ESXi servers.
We additionally realized about ransomware assaults on the UK’s Better Manchester Police (GMP), the Auckland transport authority, and IT options supplier ORBCOMM.
Lastly, some fascinating analysis was launched this week:
Contributors and people who offered new ransomware info and tales this week embrace: @Seifreed, @malwareforme, @serghei, @malwrhunterteam, @BleepinComputer, @demonslay335, @Ionut_Ilascu, @LawrenceAbrams, @billtoulas, @vxunderground, @BroadcomSW, @MsftSecIntel, @AlvieriD, @WilliamTurton, @GeeksCyber, @pcrisk, and @Mandiant.
September eleventh 2023
MGM Resorts shuts down IT methods after cyberattack
MGM Resorts Worldwide disclosed at the moment that it’s coping with a cybersecurity difficulty that impacted a few of its methods, together with its fundamental web site, on-line reservations, and in-casino providers, like ATMs, slot machines, and bank card machines.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .hgfu and .hgew extensions.
September twelfth 2023
Ransomware entry dealer steals accounts through Microsoft Groups phishing
Microsoft says an preliminary entry dealer identified for working with ransomware teams has just lately switched to Microsoft Groups phishing assaults to breach company networks.
New AnonTsugumi ransomware
PCrisk discovered a ransomware referred to as AnonTsugumi that appends the .anontsugumi extension and drops a ransom notice named README.txt.
September thirteenth 2023
Hackers use new 3AM ransomware to avoid wasting failed LockBit assault
A brand new ransomware pressure referred to as 3AM has been uncovered after a menace actor used it in an assault that didn’t deploy LockBit ransomware on a goal community.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .ooza and .oopl extensions.
September 14th 2023
Manchester Law enforcement officials’ knowledge uncovered in ransomware assault
United Kingdom’s Better Manchester Police (GMP) stated earlier at the moment that a few of its workers’ private info was impacted by a ransomware assault that hit a third-party provider.
Caesars Leisure confirms ransom fee, buyer knowledge theft
Caesars Leisure, self-described as the biggest U.S. on line casino chain with essentially the most intensive loyalty program within the business, says it paid a ransom to keep away from the web leak of buyer knowledge stolen in a current cyberattack.
Auckland transport authority hit by suspected ransomware assault
The Auckland Transport (AT) transportation authority in New Zealand is coping with a widespread outage brought on by a cyber incident, impacting a variety of buyer providers.
MGM on line casino’s ESXi servers allegedly encrypted in ransomware assault
An affiliate of the BlackCat ransomware group, also referred to as APLHV, is behind the assault that disrupted MGM Resorts’ operations, forcing the corporate to close down IT methods.
Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety
UNC3944 is a financially motivated menace cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) to acquire credentials to realize and escalate entry to sufferer organizations. At the very least some UNC3944 menace actors seem to function in underground communities, similar to Telegram and underground boards, which they might leverage to amass instruments, providers, and/or different assist to enhance their operations.
September fifteenth 2023
ORBCOMM ransomware assault causes trucking fleet administration outage
Trucking and fleet administration options supplier ORBCOMM has confirmed {that a} ransomware assault is behind current service outages stopping trucking firms from managing their fleets.
An in depth evaluation of the Cash Message Ransomware
The menace actor group, Cash Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which comprises the providers and processes to cease a ransomware assault, may be discovered on the finish of the executable. The ransomware creates a mutex and deletes the Quantity Shadow Copies utilizing vssadmin.exe.
New Elibe ransomware
PCrisk discovered a ransomware variant that appends the .elibe extension and drops a ranom notice named FILES ENCRYPTED.txt.
New STOP ransomware variant
PCrisk discovered a STOP ransomware variant that appends the .oohu extension.
That is it for this week! Hope everybody has a pleasant weekend!
