There’s plenty of news this week ranging from the US formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key.
This week, the US government officially attributed the ProxyLogon Microsoft Exchange attacks to China. Threat actors used this vulnerability to install a variety of malware, including the BlackKingdom ransomware.
In a surprise announcement, Kaseya has stated that they received the universal decryption key for their REvil ransomware attack on July 2. This key will allow all victims of the attack to recover their files for free.
It is unclear how they received this key yesterday as REvil disappeared about two weeks ago. The key is believed to have been obtained by the Russian government, who shared it with the United States.
Other news this week includes an attack on Ecaudor’s CNT, the CNA attack was caused by a fake browser update, and that HelloKitty is using a SonicWall vulnerability to breach networks.
Contributors and those who provided new information and stories about ransomware this week include: @Ionut_Ilascu, @DanielGallagher, @ demons335, @fwosar, @malwareforme, @malwrhunteeteam, @Sleepingcomputer, @PolarToffee, @Seifreed, @VK_Intel, @serghei, @jorntvdw, @struppigel, @LawrenceAbrams, @FourOctets, @LitMoose, @HeinrichsH, @CrowdStrike, @pcrisk, @ QVM36O, @campuscodi, @ chum1ng0, @JakubKroustek, Y @ fbgwls245.
July 17, 2021
Ecuador’s state telecommunications company CNT is affected by RansomEXX ransomware
Ecuador’s state-owned National Telecommunication Corporation (CNT) has suffered a ransomware attack that has disrupted business operations, the payment portal, and customer service.
HelloKitty ransomware targets vulnerable SonicWall devices
CISA warns of threat actors pointing to “a known, previously patched vulnerability” found in the SonicWall Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products with end-of-life firmware .
July 18, 2021
Compare clients targeted by scammers after ransomware attack
Comparis, the leading Swiss price comparison platform, has notified customers of a data breach following a ransomware attack that affected and destroyed their entire network last week.
Ransomware affects the law firm that advises Fortune 500 companies, Global 500
Campbell Conroy & O’Neil, PC (Campbell), an American law firm that advises dozens of Fortune 500 and Global 500 companies, has disclosed a data breach following a ransomware attack in February 2021.
July 19, 2021
The United States and its allies officially accuse China of attacks on Microsoft Exchange
The United States and its allies, including the European Union, the United Kingdom, and NATO, are officially blaming China for this year’s widespread Microsoft Exchange hacking campaign.
A ransomware incident at Cloudstar, a cloud hosting service and managed service provider for various industries, has disrupted the activities of hundreds of companies.
July 20, 2021
PCrisk found a new variant of Dharma ransomware that adds the .moqs extension to encrypted files.
QVM360 found a new ransomware that adds the .Postal Code extension.
Shahaf reports that Pionet, which is owned by Malam Tim, suffered a ransomware attack that paralyzed many of the company’s systems and the sites of more than a hundred of the company’s customers, including Assuta, Rambam, Hadassah, Budget Car Rental Company, Sonol. Fuel Company and Apple importer, Idigital. Idigital’s clients include Israel Electric Corporation and Israel Railways.
dnwls0719 found a new variant of Scarab that adds the .Imshifau extension.
July 21, 2021
PCrisk found new variants of Dharma ransomware that add the .my day other .grej extensions to encrypted files.
July 22, 2021
Ransomware gang breached CNA network via fake browser update
Leading US insurance company CNA Financial has provided a glimpse into how Phoenix CryptoLocker operators breached their network, stole data, and deployed ransomware payloads in a ransomware attack that hit their network in March 2021.
Kaseya Gets Universal Decryptor For REvil Ransomware Victims
Kaseya received a universal decryptor that allows victims of the REvil ransomware attack on July 2 to recover their files for free.
July 23, 2021
Jakub Kroustek New variants of Dharma ransomware were found that add the .mnc other .ZEUS extensions to encrypted files.
That’s it for this week! Hope everyone has a nice weekend!