The Week in Ransomware – June 30th 2023 – Mistaken Identity
A case of mistaken identity and further MOVEit Transfer data breaches continue dominated the ransomware news cycle this week.
This week, the New York City Department of Education disclosed that the data of 45,000 students was exposed, and Siemens Energy confirmed a breach too.
In other news, an affiliate group of the LockBit ransomware operation claimed to have targeted Taiwan Semiconductor Manufacturing Company (TSMC), one of the largest semiconductor manufacturers in the world.
However, after threatening to leak data, credentials, and flaws in their network if a $70 million ransom demand was not paid, TSMC denied the hacking claims and said the ransomware gang breached a third-party vendor.
A new report by VMware’s Carbon Black team sheds light on the 8Base ransomware operation, illustrating how they use the Phobos ransomware in attacks.
Finally, we had some bad and good news about the Akira ransomware operation.
The bad news is that they have created a Linux encryptor to target VMware ESXi servers. The good news is that Avast published a decryptor allowing victims to recover files encrypted by the ransomware operation.
Contributors and those who provided new ransomware information and stories this week include: @BleepinComputer, @fwosar, @demonslay335, @billtoulas, @Seifreed, @LawrenceAbrams, @malwrhunterteam, @struppigel, @serghei, @rivitna2, @Avast, @AuCyble, @VMware, @pcrisk, @BushidoToken, and @BrettCallow.
June 26th 2023
Hackers steal data of 45,000 New York City students in MOVEit breach
The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.
New STOP ransomware variants
PCrisk found new STOP ransomware variants that append the .thgz, .tgpo, and .tgvv extensions.
New Tuga ransomware
PCrisk found a new ransomware that appends the .TUGA extension and drops a ransom note named README.txt.
June 27th 2023
Siemens Energy confirms data breach after MOVEit data-theft attack
Siemens Energy has confirmed that data was stolen during the recent Clop ransomware data-theft attacks using a zero-day vulnerability in the MOVEit Transfer platform.
New Anti-US ransomware
PCrisk found a new ransomware that appends the .anti-us extension and drops a ransom note named read-it.
June 28th 2023
Linux version of Akira ransomware targets VMware ESXi servers
The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide
8Base ransomware gang escalates double extortion attacks in June
A 8Base ransomware gang is targeting organizations worldwide in double-extortion attacks, with a steady stream of new victims since the beginning of June.
New Havoc ransomware
PCrisk found a new ransomware that appends the .havoc extension and drops a ransom note named resq_Recovery.txt.
June 29th 2023
New Resq100 ransomware
PCrisk found a new ransomware that appends the .resq100 extension and drops a ransom note named FILES ENCRYPTED.txt.
June 30th 2023
TSMC denies LockBit hack as ransomware gang demands $70 million
Chipmaking giant TSMC (Taiwan Semiconductor Manufacturing Company) denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.
Free Akira ransomware decryptor helps recover your files
Cybersecurity firm Avast has released a free decryptor for the Akira ransomware that can help victims recover their data without paying the crooks any money.
New STOP ransomware variants
PCrisk found new STOP ransomware variants that append the .aghz, .agpo, and .agvv extensions.
Top 5 Highest ransom demands
Will Thomas (aka BushidoToken) gave a rundown on the 5 highest ransom demands.
That’s it for this week! Hope everyone has a nice weekend!
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.