This week in ransomware – Friday, July 15, 2022

Will they call the following a single Frazier?

“Lilith” is the title of a single of the new types of ransomware identified in a latest report by safety business Cyble in a website entitled New Ransomware Groups on the Rise. Lilith was, for trivia buffs, in Judaic mythology the very first spouse of Adam who was supplanted by Eve and went on to become an evil spirit. The name is most likely extra acquainted to supporters of the 1990’s strike series “Frazier.

“Lilith is yet another in the loved ones of so termed “double extortion” versions – it 1st steals details, then encrypts it on the sufferer machine and demands a ransom for the decryption crucial. The ransom note is contained in a file identified as Restore_Your_Documents.txt. Victims are provided three days to negotiate the price tag for the decryption software program. If the ransom is not paid by this deadline, the cyber crooks threaten to start leaking the information.

Less creatively named, but similarly or even a lot more unsafe, is an additional ransomware variety named in the report. RedAlert or N13V encrypts virtual data files and virtual disks. It targets Home windows and Linux VMWare ESXi servers.

RedAlert is operated manually. The risk actors initial do a finish takeover of the system and then execute functions such as stopping all virtual equipment just before executing the attack, making sure that all information are encrypted.

RedAlert only accepts ransom payments in Monero, which will make it considerably exceptional amongst ransomware teams. In accordance to Wikipedia, “Monero is a decentralized cryptocurrency… with privateness-boosting systems that obfuscate transactions to attain anonymity and fungibility. Observers cannot decipher addresses investing Monero, transaction quantities, handle balances, or transaction histories.”

AlphV/BackCat – The cat will come back again with a vengeance

The BlackCat ransomware gang (aka AlphV) has resumed functions. Most recently it claimed it has breached Japanese gaming enterprise Bandai Namco and stolen corporate facts.

Bandai Namco publishes common movie games these types of as Elden Ring, Dark Souls, Pac-Man, Tekken, Gundam, Soulcalibur, and extra. The business has verified that they experienced suffered a cyberattack.

The AlphV/BlackCat ransomware group commenced operations in November 2021, and is extensively assumed to be a rebrand of the DarkSide/BlackMatter gang. DarkSide/BlackMatter received environment-vast focus when it attacked Colonial Pipelines.

Even though the assault on Colonial catapulted the gang to global fame, it also drew the full bodyweight of worldwide law enforcement. Subsequent that, the gang stayed peaceful for quick interval, only to resume daily life as AlphV/Black Cat.

It then rocketed back to all over again grow to be a person of the top ransomware threats globally, and by April the FBI printed a warning that BlackCat experienced breached about 60 entities globally.

Out with a bang – and a no cost decryptor

The menace actor powering ransomware AstraLocker announced this 7 days that they are shutting down and program to shift to cryptomining. As they had been exiting, the did offer a zip file with a cost-free decryptor for anybody compromised by their ransomware.

The group remaining with this quote, however tongue in cheek (or so we hope):

“It was pleasurable, and exciting items usually close someday. I’m closing the operation, decryptors are in zip information, clean up. I will appear back,” AstraLocker’s developer informed us. “I’m performed with ransomware for now. I’m going in cryptojaking lol.”