Ransomware gangs and strains come and go, and a few reemerge stronger than ever.
Take the BlackCat ransomware gang, for instance. It shuttered operations in March 2024 following an exit rip-off. Or LockBit, a ransomware gang that revived itself days after regulation enforcement took the group down.
Then there are variants that simply will not cease — constructing off their predecessors with stronger, extra resilient assault strategies. Additionally utilizing LockBit for example, it first emerged in 2019 and has only recently advanced into LockBit 5.0, “boasting sooner encryption, stronger evasion and a revamped associates program.”
This week’s featured articles cowl an previous and a brand new ransomware group, in addition to the reemergence of Petya in a possible new pressure.
KillSec ransomware assaults Brazilian healthcare supplier
On Sept. 8, the KillSec ransomware group attacked MedicSolution, a Brazilian healthcare software program supplier. It threatened to leak 34 GB of delicate information, together with greater than 94,000 recordsdata containing lab outcomes, X-rays and affected person information.
The breach originated from insecure AWS S3 buckets, with the window of publicity probably going again a number of months. MedicSolution gives cloud providers to quite a few medical practices, placing healthcare organizations in danger. Affected sufferers haven’t been notified that their information was compromised.
Learn the complete story by Kristina Beek on Darkish Studying.
Yurei ransomware group scored its first sufferer
On Sept. 5, newcomer ransomware group Yurei claimed its first double-extortion assault sufferer in MidCity Advertising and marketing, a meals manufacturing firm in Sri Lanka. Days later, further victims have been reported in India and Nigeria.
The probably Moroccan-based operators used a modified model of open supply Prince-Ransomware — written in Go, which makes it tougher to detect — to conduct the assaults. Utilizing open supply malware “considerably lowers the barrier to entry for cybercriminals,” cybersecurity vendor Verify Level Software program researchers wrote in a weblog put up.
The identical researchers additionally found a crucial flaw that would allow victims to get better their stolen and encrypted information.
Learn the complete story by Elizabeth Montalbano on Darkish Studying.
New malware HybridPetya threatens Safe Boot
Researchers at cybersecurity vendor ESET have found HybridPetya, a classy malware that mixes NotPetya’s damaging capabilities with Petya’s recoverable encryption.
Although not but deployed within the wild, it represents the fourth identified malware able to bypassing UEFI Safe Boot protections. HybridPetya can deploy malicious UEFI payloads on to the EFI System Partition and encrypt the Grasp File Desk, rendering methods inaccessible.
Not like NotPetya, HybridPetya allows operators to reconstruct decryption keys. This persistent menace stays even after OS reinstallation or wiping the exhausting drive.
Learn the complete story by Jai Vijayan on Darkish Studying.
Editor’s observe: An editor used AI instruments to help within the era of this information temporary. Our professional editors all the time evaluate and edit content material earlier than publishing.
Kyle Johnson is know-how editor for Informa TechTarget’s SearchSecurity web site.
