FBI: Cuba ransomware breached 49 US critical infrastructure orgs
Researchers discover 14 new data-stealing web browser attacks
Microsoft Edge now bashes Google Chrome when you download it
Russian internet watchdog announces ban of six more VPN products
Malicious KMSPico installers steal your cryptocurrency wallets
Microsoft shares fix for broken Outlook search in Windows 11
Microsoft reverses Windows 11’s annoying default browser setting changes
This CompTIA cybersecurity training is only $9 in a Cyber Week deal
Qualys BrowserCheck
STOPDecrypter
AuroraDecrypter
FilesLockerDecrypter
AdwCleaner
ComboFix
RKill
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
eLearning
IT Certification Courses
Gear + Gadgets
Security
The Week in Ransomware - December 3rd 2021 - Seizing Bitcoin
For this week’s ‘Week in Ransomware’ article we have included the latest ransomware news over the past two weeks.
The biggest news over the past two weeks is the unsealing of a United States’ Complaint for Forfeiture detailing how the FBI seized 39.89138522 bitcoins from an Exodus wallet belonging to an REvil affiliate. Based on the email listed in the court document, it is believed that the affiliate is one known as ‘Lalartu.’
We also learned that the BlackByte ransomware gang exploits the Microsoft Exchange ProxyShell vulnerabilities to gain initial access to internal networks. Therefore, make sure to update your servers.
The FBI also disclosed that Cuba ransomware has attacked 49 US critical infrastructure orgs and received at least US $43.9 million in ransom payments.
Finally, some of the attacks we learned about over the past two weeks include Planned Parenthood Los AngelesSwire Pacific Offshore, and Correos Express.
Contributors and those who provided new ransomware information and stories this week include: @fwosar, @DanielGallagher, @BleepinComputer, @PolarToffee, @malwrhunterteam, @Ionut_Ilascu, @jorntvdw, @Seifreed, @FourOctets, @billtoulas, @struppigel, @demonslay335, @serghei, @VK_Intel, @malwareforme, @LawrenceAbrams, @redcanary, @John_Fokker, @Mandiant, @siri_urz, @teachemtechy, @fbgwls245, @pcrisk, @Kangxiaopao, @Amigo_A, and @ValeryMarchive.
Vestas Wind Systems, a leader in wind turbine manufacturing, has shut down its IT systems after suffering a cyberattack.
The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI warned critical infrastructure partners and public/private sector organizations not to let down their defenses against ransomware attacks during the holiday season.
PCrisk found a new Dharma ransomware variant that appends the .NEEH extension.
dnwls0719 found a new Thanos variant that appends the .xot5ik extension.
PCrisk found a new STOP ransomware variant that appends the .robm extension.
xiaopao found a new Av Ghost ransomware that appends the AvGhost extension and drops a ransom note named AvGhost.txt.
AV Ghost ransomware
Marine services giant Swire Pacific Offshore (SPO) has suffered a Clop ransomware attack that allowed threat actors to steal company data.
Zack Allen found a new ransomware called ‘Rook’ that is based on Babuk and appends the .rook extension to encrypted files.
Rook ransomware
PCrisk found a new STOP ransomware variant that appends the .rigj extension.
PCrisk found a new Phobos ransomware variant that appends the .XIII extension.
An affiliate of the recently discovered Yanluowang ransomware operation is focusing its attacks on U.S. organizations in the financial sector using BazarLoader malware in the reconnaissance stage.
The FBI seized $2.3 million in August from a well-known REvil and GandCrab ransomware affiliate, according to court documents seen by BleepingComputer.
Siri found a new Blue Locker that appends the .blue extension to encrypted files.
Blue Locker
The BlackByte ransomware gang is now breaching corporate networks by exploiting Microsoft Exchange servers using the ProxyShell vulnerabilities.
Planned Parenthood Los Angeles has disclosed a data breach after suffering a ransomware attack in October that exposed the personal information of approximately 400,000 patients.
The Spanish specialist in express parcel delivery Correos Express seems to be having difficulties in providing its services. A sample of Hive ransomware suggests a cyberattack that occurred around November 27.
PCrisk found a new STOP ransomware variant that appends the .moia extension.
Siri found a new ransomware calling itself ‘Hello’ that uses an interesting ransom note and appends the .hello extension.
Hello ransomware
The Federal Bureau of Investigation (FBI) has revealed that the Cuba ransomware gang has compromised the networks of at least 49 organizations from US critical infrastructure sectors.
DailyMail allegedly tracked down Yeveniy Polyanin, a member of the REvil ransomware group.
dnwls0719 found a new Makop ransomware variant that appends the .mkp extension.
PCrisk found a new STOP ransomware variant that appends the .yqal extension.
The Week in Ransomware – November 12th 2021 – Targeting REvil
Microsoft Exchange servers hacked to deploy BlackByte ransomware
FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs
The Week in Ransomware – November 5th 2021 – Placing bounties
The Week in Ransomware – October 29th 2021 – Making arrests
Not a member yet? Register Now
FBI: Cuba ransomware breached 49 US critical infrastructure orgs
Researchers discover 14 new data-stealing web browser attacks
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.

source