The Week in Ransomware – August 19th 2022 – Evolving extortion tactics

This week saw the return of the BlackByte ransomware operation, which launched a new data leak site using extortion tactics similar to LockBit 3.0.

This week’s attacks were on Argentina’s Judiciary of Córdoba, a UK water supplier (though Clop attributed to the wrong company), and LockBit claiming to be behind the attack on Entrust.

Finally, researchers found a new variant of the SOVA Android malware that includes a ransomware feature to encrypt mobile devices.

While Entrust has not responded to our queries about the attack, sources have told us that LockBit conducted the attack.

Contributors and those who provided new ransomware information and stories this week

August 13th 2022

SOVA malware adds ransomware feature to encrypt Android devices

The SOVA Android banking trojan continues to evolve with new features, code improvements, and the addition of a new ransomware feature that encrypts files on mobile devices.

August 15th 2022

Argentina’s Judiciary of Córdoba hit by PLAY ransomware attack

Argentina’s Judiciary of Córdoba has shut down its IT systems after suffering a ransomware attack, reportedly at the hands of the new ‘Play’ ransomware operation.

August 16th 2022

Hackers attack UK water supplier but extort wrong company

South Staffordshire Water, a company supplying 330 million liters of drinking water to 1.6m consumers daily, has issued a statement confirming IT disruption from a cyberattack.

New STOP ransomware variants

PCrisk found a bunch of new STOP ransomware variants that append the .qqlc.qqlo, and .qqmt extensions.

New VoidCrypt variants

PCRisk found new VoidCrypt variants that append the .dark and .Angry extensions and drops a ransom note named unlock-info.txt.

New VoidCrypt variants

PCRisk found a new Chaos ransomware variant that appends the .sex extension and drops a ransom note named read_it.txt.

August 17th 2022

BlackByte ransomware gang is back with new extortion tactics

The BlackByte ransomware is back with version 2.0 of their operation, including a new data leak site utilizing new extortion techniques borrowed from LockBit.

Videos from SANS Ransomware Summit

SANS has published the videos from their ransomware summit.

Alleged Russian Money Launderer Extradited from the Netherlands to U.S.

According to court documents, Dubnikov and his co-conspirators laundered the proceeds of ransomware attacks on individuals and organizations throughout the United States and abroad. Specifically, Dubnikov and his accomplices laundered ransom payments extracted from victims of Ryuk ransomware attacks.

August 18th 2022

LockBit claims ransomware attack on security giant Entrust

The LockBit ransomware gang has claimed responsibility for the June cyberattack on digital security giant Entrust.

August 19th 2022

Córdoba: chaos in the Justice after the ransomware attack

The ransomware attack suffered by the Judiciary of Córdoba last Friday left the Justice of that province in limbo. Since then, the systems team has been working amid the chaos to recover the sequestered information: password changes, USB port blockages, suspension of Exchange email and interruption of communications between users to prevent the spread of the virus.

New STOP ransomware variant

PCrisk found a new STOP ransomware variant that appends the .qqri extension.

That’s it for this week! Hope everyone has a nice weekend!

NOTE:: This article is copyright by and we are using it for educational or Information purpose only

The Best Ransomware Protection