The Week in Ransomware - June 17th 2022 - Have I Been Ransomed?

Gandalf_The_Grey

Level 62
Thread author
Verified
Helper
Top poster
Content Creator
Well-known
Apr 24, 2016
5,108
Ransomware operations are constantly evolving their tactics to pressure victims to pay. For example, this week, we saw a new extortion tactic come into play with the creation of dedicated websites to extort victims with searchable data.

The new extortion tactic was introduced by the ALPHV gang, aka BlackCat, who created a searchable, clearweb site that contained the stolen data for employees and hotel guests for a particular victim.

Using this website, employees of the company could search for their names to see if their data was stolen, including Social Security Numbers, phone numbers, etc.

Other interesting news this week was learning that AvosLocker and Ceber2021 are using recent Atlassian Confluence exploits to gain initial access to corporate networks. We also learned that Hello XD ransomware is dropping a 'MicroBackdoor' on devices while encrypting.

Sadly, we also learned of some attacks this week, with RansomHouse extorting Africa's largest supermarket chain, Shoprite, and a California school district paying a 400k ransom to Quantum.