The Week in Ransomware – December 24th 2021 – No rest for the weary

The holiday season is here, but there is no rest for our weary admins as ransomware gangs are still conducting attacks over the Christmas and New Years breaks.

This is especially true this year, with the rampant Log4j exploitation over the past few weeks leading to compromised networks that are ripe for ransomware deployment while the workforce is on vacation.

Network admins and security researchers are already reporting that BlackCat/ALPHV affiliates continue to attack the enterprise today as we move into the Christmas weekend, so it is vital to keep an eye on your networks and respond quickly to unusual behavior.

Good luck out there and wishing everyone a very happy and uneventful holiday season!

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @Ionut_Ilascu, @PolarToffee, @BleepinComputer, @struppigel, @Seifreed, @VK_Intel, @billtoulas, @serghei, @jorntvdw, @FourOctets, @malwareforme, @fwosar, @JakubKroustek, @DanielGallagher, @malwrhunterteam, @demonslay335, @ValeryMarchive, @ESETresearch, @LabsSentinel, @SophosLabs, @threatresearch, @NCCGroupplc, @pcrisk, @th3_protoCOL, @0daydorpher, and @siri_urz.

December 18th 2021

New Dharma Ransomware variant

Jakub Kroustek found a new Dharma ransomware variant that appends the .ver extension.

December 20th 2021

New STOP Ransomware variant

PCrisk found a new STOP ransomware variant that appends the .nnqp extension to encrypted files.

New Dharma Ransomware variant

PCrisk found a new Dharma ransomware variant that appends the .C1024 extension to encrypted files.

December 21st 2021

FreeBSD SFile ransomware encryptor

ESET discovered a new FreeBSD version of the SFile ransomware.

PYSA ransomware behind most double extortion attacks in November

Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors’ arsenal.

December 22nd 2021

New Dharma Ransomware variant

Jakub Kroustek found a new Dharma ransomware variant that appends the .RED extension.

New Phobos Ransomware variant

PCrisk found a new Phobos ransomware variant that appends the .health extension to encrypted files.

December 23rd 2021

AvosLocker ransomware reboots in Safe Mode to bypass security tools

In recent attacks, the AvosLocker ransomware gang has started focusing on disabling endpoint security solutions that stand in their way by rebooting compromised systems into Windows Safe Mode.

New Surtr ransomware

S!Ri found a new ransomware that appends the .surtr extension to encrypted files.

December 24th 2021

Rook ransomware is yet another spawn of the leaked Babuk code

A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make “a lot of money” by breaching corporate networks and encrypting devices.

Global IT services provider Inetum hit by ransomware attack

As first reported by Valéry Marchive, less than a week before the Christmas holiday, French IT services company Inetum Group was hit by a ransomware attack that had a limited impact on the business and its customers.

Noberus/ALPHV/BlackCat attacking during Christmas

It’s not uncommon for ransomware gangs to take a bit of time off during the holidays. However, looks like BlackCat affiliates are continuing to work through the holidays.

That’s it for this week! Hope everyone has a nice weekend!