The Week in Ransomware – April 15th 2022 – Encrypting Russia

While countries worldwide have been the frequent target of ransomware attacks, Russia and CIS countries have been avoided by threat actors.

The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities.

We also learned of the relatively unknown OldGremlin ransomware group, primarily targeting Russian organizations.

This week’s other interesting news was reporting on the Karakurt data extortion group, which was revealed to be another arm of the Conti Ransomware crime syndicate.

The Karakurt group handles data extortion tasks for the Conti operation when they are blocked from deploying their ransomware.

Sophos also published a concerning report stating that the LockBit operation lurked in a government network for five months before deploying their ransomware.

Finally, we learned of ransomware attacks on the wind turbine giant Nordex and luxury fashion brand Ermenegildo Zegna.

Contributors and those who provided new ransomware information and stories this week include:

April 9th 2022

Hackers use Conti’s leaked ransomware to attack Russian companies

A hacking group used the Conti’s leaked ransomware source code to create their own ransomware to use in cyberattacks against Russian organizations.

April 11th 2022

Luxury fashion house Zegna confirms August ransomware attack

The Italian luxury fashion house Ermenegildo Zegna has confirmed an August 2021 ransomware attack that resulted in an extensive IT systems outage.

New blockZ Ransomware

PCrisk found a new ransomware that appends the .blockZ extension to encrypted files and drops a ransom note named How To Restore Your Files.txt.

New Democracy Whisperers ransomware

PCrisk found a new ransomware named Democracy Whisperers that append the .democ extension and drops a ransom note named Restore Files.txt. Ransomware is based on leaked Babuk source code.

New Snatch variant

PCrisk found a new Snatch variant that appends the .sdhvqq extension.

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .ghas.hajd.qall.qpss, extensions.

April 12th 2022

LockBit ransomware gang lurked in a U.S. gov network for months

A regional U.S. government agency compromised with LockBit ransomware had the threat actor in its network for at least five months before the payload was deployed, security researchers found.

New Makop variants

PCrisk found a new Makop variants that append the .phmqdw and .sessions extensions to encrypted files.

April 14th 2022

OldGremlin ransomware gang targets Russia with new malware

OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year.

Wind turbine firm Nordex hit by Conti ransomware attack

The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month.

April 15th 2022

Karakurt revealed as data extortion arm of Conti cybercrime syndicate

After breaching servers managed by the cybercriminals, security researchers found a connection between Conti ransomware and the recently emerged Karakurt data extortion group, showing that the two gangs are part of the same operation.

New MedusaLocker variant

PCrisk found a new MedusaLocker variant that appends the .stopfiles extension to encrypted files.

New Blaze ransomware

Amigo-A found the new Blaze ransomware that appends .blaze to encrypted files and drops a ransom note named How To Decrypt.txt.

That’s it for this week! Hope everyone has a nice weekend!

NOTE:: This article is copyright by  and we are using it for educational or Information purpose only

The Best Ransomware Protection