You are currently viewing The Week in Ransomware – September fifteenth 2023

The Week in Ransomware – September fifteenth 2023

Hackers gambling

This week’s huge information is the extortion assaults on the Caesars and MGM Las Vegas on line casino chains, with one having already paid the ransom and the opposite nonetheless dealing with operational disruptions.

Caesers was first quietly breached earlier this month, with the attackers stealing its loyalty program database. This database incorporates driver’s license numbers and social safety for purchasers, and to stop the leak of the info, Caesers paid a ransom demand.

In keeping with a report by the Wall Avenue Journal, the risk actors demanded $30 million to not leak the info, however the On line casino negotiated it right down to a $15 million cost.

“Now we have taken steps to make sure that the stolen information is deleted by the unauthorized actor, though we can not assure this end result,” Caesars mentioned in an SEC 8-Ok submitting revealed after information of the assault leaked.

This week, MGM Resorts suffered a ransomware assault, inflicting large disruptions in its casinos, corresponding to ATMs and bank card machines not working, friends locked our of lodge rooms, and slot machines not working.

It was later confirmed that this assault was carried out by an affiliate for the BlackCat/ALPHV ransomware operation often known as Scattered Spider.

In a prolonged assertion on the ransomware gang’s information leak web site, the risk actors declare to have gained full entry to the corporate’s community and finally encrypted 100 VMware ESXi servers.

We additionally discovered about ransomware assaults on the UK’s Better Manchester Police (GMP), the Auckland transport authority, and IT options supplier ORBCOMM.

Lastly, some attention-grabbing analysis was launched this week:

Contributors and people who supplied new ransomware data and tales this week embrace: @Seifreed, @malwareforme, @serghei, @malwrhunterteam, @BleepinComputer, @demonslay335, @Ionut_Ilascu, @LawrenceAbrams, @billtoulas, @vxunderground, @BroadcomSW, @MsftSecIntel, @AlvieriD, @WilliamTurton, @GeeksCyber, @pcrisk, and @Mandiant.

September eleventh 2023

MGM Resorts shuts down IT programs after cyberattack

MGM Resorts Worldwide disclosed at the moment that it’s coping with a cybersecurity concern that impacted a few of its programs, together with its most important web site, on-line reservations, and in-casino providers, like ATMs, slot machines, and bank card machines.

New STOP ransomware variants

PCrisk discovered new STOP ransomware variants that append the .hgfu and .hgew extensions.

September twelfth 2023

Ransomware entry dealer steals accounts by way of Microsoft Groups phishing

Microsoft says an preliminary entry dealer recognized for working with ransomware teams has not too long ago switched to Microsoft Groups phishing assaults to breach company networks.

New AnonTsugumi ransomware

PCrisk discovered a ransomware referred to as AnonTsugumi that appends the .anontsugumi extension and drops a ransom observe named README.txt.

September thirteenth 2023

Hackers use new 3AM ransomware to avoid wasting failed LockBit assault

A brand new ransomware pressure referred to as 3AM has been uncovered after a risk actor used it in an assault that didn’t deploy LockBit ransomware on a goal community.

New STOP ransomware variants

PCrisk discovered new STOP ransomware variants that append the .ooza and .oopl extensions.

September 14th 2023

Manchester Law enforcement officials’ information uncovered in ransomware assault

United Kingdom’s Better Manchester Police (GMP) mentioned earlier at the moment that a few of its staff’ private data was impacted by a ransomware assault that hit a third-party provider.

Caesars Leisure confirms ransom cost, buyer information theft

Caesars Leisure, self-described as the biggest U.S. on line casino chain with essentially the most intensive loyalty program within the business, says it paid a ransom to keep away from the net leak of buyer information stolen in a latest cyberattack.

Auckland transport authority hit by suspected ransomware assault

The Auckland Transport (AT) transportation authority in New Zealand is coping with a widespread outage attributable to a cyber incident, impacting a variety of buyer providers.

MGM on line casino’s ESXi servers allegedly encrypted in ransomware assault

An affiliate of the BlackCat ransomware group, often known as APLHV, is behind the assault that disrupted MGM Resorts’ operations, forcing the corporate to close down IT programs.

Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety

UNC3944 is a financially motivated risk cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) to acquire credentials to achieve and escalate entry to sufferer organizations. Not less than some UNC3944 risk actors seem to function in underground communities, corresponding to Telegram and underground boards, which they might leverage to accumulate instruments, providers, and/or different assist to reinforce their operations.

September fifteenth 2023

ORBCOMM ransomware assault causes trucking fleet administration outage

Trucking and fleet administration options supplier ORBCOMM has confirmed {that a} ransomware assault is behind latest service outages stopping trucking corporations from managing their fleets.

An in depth evaluation of the Cash Message Ransomware

The risk actor group, Cash Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which incorporates the providers and processes to cease a ransomware assault, might be discovered on the finish of the executable. The ransomware creates a mutex and deletes the Quantity Shadow Copies utilizing vssadmin.exe.

New Elibe ransomware

PCrisk discovered a ransomware variant that appends the .elibe extension and drops a ranom observe named FILES ENCRYPTED.txt.

New STOP ransomware variant

PCrisk discovered a STOP ransomware variant that appends the .oohu extension.

That is it for this week! Hope everybody has a pleasant weekend!

Leave a Reply