The Week in Ransomware – October 7th 2022 – A 20 year sentence

It was a very quiet week regarding ransomware news, with the most significant news being the sentencing of a Netwalker affiliate to 20-years in prison.

A Florida court this week sentenced former Netwalker ransomware affiliate Sebastien Vachon-Desjardins to twenty years in prison and demanded he forfeits $21.5 million for an attack on a Tampa business and other companies worldwide.

We also had reports released this week that linked the Cheerscrypt ransomware to a Chinese hacking group and showed how the BlackByte ransomware operation uses ‘Bring Your Own Vulnerable Driver’ (BYOVD) attacks to terminate security software.Hackers exploiting unpatched RCE bug inZimbra Collaboration Suite

Motherboard also released a report based on FOIA requests, showing how US schools have responded to ransomware attacks on their networks.

Finally, the Vice Society began leaking data belonging to students, parents, and employees of the Los Angeles Unified school district, and Ferrari denies RansomEXX attacked them.

Contributors and those who provided new ransomware information and stories this week.

October 2nd 2022

Ransomware gang leaks data stolen from LAUSD school system

The Vice Society Ransomware gang published data and documents Sunday morning that were stolen from the Los Angeles Unified School District during a cyberattack earlier this month.

October 3rd 2022

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .adlg and .adww extensions.

How Ransomware Is Causing Chaos in American Schools

May 19, 2021 was supposed to be just another day at the end of the school year at Sierra College, a community college in Rocklin, California. Instead, hackers hit the school with ransomware, throwing it into chaos.

October 4th 2022

Ransomware hunters: the self-taught tech geniuses fighting cybercrime

Hackers are increasingly taking users’ data hostage and demanding huge sums for its release. They have targeted individuals, businesses, vital infrastructure and even hospitals. Authorities have been slow to respond – but there is help out there

Decrypted: MafiaWare666 Ransomware

MafiaWare666 is a ransomware strain written in C# which doesn’t contain any obfuscation or anti-analysis techniques. It encrypts files using the AES encryption. We discovered a vulnerability in the encryption schema that allows some of the variants to be decrypted without paying the ransom. New or previously unknown samples may encrypt files differently, so they may not be decryptable without further analysis.

Cheerscrypt ransomware linked to a Chinese hacking group

The Cheerscrypt ransomware has been linked to a Chinese hacking group named ‘Emperor Dragonfly,’ known to frequently switch between ransomware families to evade attribution.

Netwalker ransomware affiliate sentenced to 20 years in prison

Former Netwalker ransomware affiliate Sebastien Vachon-Desjardins has been sentenced to 20 years in prison and demanded to forfeit $21.5 million for his attacks on a Tampa company and other entities.

New RedKrypt Ransomware

PCrisk found a new RedKrypt Ransomware that appends the .p.redkrypt extension and drops a ransom note named RedKrypt-Notes-README.txt.

Ferrari denies data breach and ransomware attack following gang’s online claims

Luxury car maker Ferrari is denying that it was hit with a ransomware attack after a gang added the company to its list of victims this week.

Cyber attack on health provider Pinnacle a ‘wake up call’

A top doctor is calling a cyber attack on a major primary health provider that has compromised the details of potentially thousands of patient details a “wake up call to the sector”.

October 5th 2022

BlackByte ransomware abuses legit driver to disable security products

The BlackByte ransomware gang is using a new technique that researchers are calling “Bring Your Own Driver,” which enables bypassing protections by disabling more than 1,000 drivers used by various security solutions.

October 7th 2022

Ransomware cyberattack affects 13 hospitals and outpatient clinics in Catalonia

The Consorci Sanitari Integral (CSI) has suffered a ransomware computer attack (for the second time in two years) that affects all its healthcare centers in Barcelona and Baix Llobregat. Health activity and patient care are maintained in what does not require computer services , with consultations practically only for emergencies, since health workers do not have access to patient information or procedures through computers .

New STOP ransomware variants

PCrisk found new STOP ransomware variants that append the .towz and .tohj extensions.

That’s it for this week! Hope everyone has a nice weekend!

NOTE: This article is copyright by bleepingcomputer.com and we are using it for educational or Information purpose only

The Best Ransomware Protection