September 24, 2021

Disruptions to major European call center provider- Covisian after Conti Ransomware attack

On Saturday 18th of September 2021, GSS, the Spanish and Latin America division of Covisian was hit by a ransomware attack by the Conti ransomware gang. The attack led to them having to shut down a large portion of their IT systems and led to disruptions to call centers across its Spanish-speaking client base. Some of the impacted clients included […]
September 22, 2021

IT systems of Crystal Valley Cooperative brought down due to ransomware attack

On the 19th of September 2021, Crystal Valley experienced a ransomware attack that led to them having to shut down their IT systems and resulting in payments being paid to the farm supply and grain marketing cooperative via Visa, Mastercard and Discover Credit cards were stopped. Currently it is unknown which ransomware group are behind the attack. “On Sunday, September […]
September 21, 2021

BlackMatter Ransomware attacks New Cooperative for a ransom of $5.9 million

During the weekend of the 18th of September 2021, NEW Cooperative experienced a ransomware attack by the BlackMatter ransomware group. Currently the threat actors are demanding a 5.9-million-dollar ransom not to leak stolen data and provide a decryptor. The ransom will increase to $11.8 million if a ransom is not paid in five days. “New Cooperative recently identified a cybersecurity […]
September 16, 2021

Bitdefender releases a universal REvil decryptor for past victims

The cyber security firm, Bitdefender has just released a universal decryptor for the REvil ransomware which will work for any victims who were attacked before the 13th of July. The decryptor was made in collaboration with an unidentified “trusted law enforcement partner.” This decyptor will enable victim who didn’t pay or couldn’t pay after REvil went offline following their attack […]
September 15, 2021

South Africa’s Justice Ministry experiences delays to their services after ransomware attack

On 9th of September 2021, justice ministry of the South African government released a statement that the Department of Justice and Constitutional Development had experienced a security breach which was caused by ransomware on the evening of 6th September 2021. This attack led to all their information systems being encrypted and therefore unavailable to both internal employees as well as […]
September 15, 2021

Grief ransomware gang threatens to delete decryption keys for stolen data if victims hire negotiators

On Monday 13th, an announcement has been released by Grief ransomware gang. They warn that they will delete their victims’ decryption keys if they are found to be hiring any negotiation firm which would lead to it being impossible to recover encrypted files. ” We wanna play a game. If we see professional negotiator from Recovery Company™ – we will […]
September 14, 2021

Olympus experiences disrupts due to potential BlackMatter Ransomware attack

On the 11th of September 2021, Olympus released a statement detailing they are currently investigating some suspicious activity. Olympus also stated that they had “immediately mobilized a specialized response team including forensics experts, and we are currently working with the highest priority to resolve this issue.” The statement also highlighted the fact that the attack affected areas of their EMEA […]
September 7, 2021

Ragnar Locker ransomware group threatens to publish stolen data if victims contact authorities

This week, an announcement has been made by The Ragnar Locker ransomware group on their data leak site, warning that they will leak stolen data from their victims that contact any law enforcement authorities. This warning also stated that hiring any recovery companies for negotiations will be seen as a hostile move against them and therefore they will publish the […]
September 7, 2021

The return of REvil? REvil servers are suddenly back online

The operation servers of the REvil ransomware gang, aka Sodinokibi, have just been turned on for the first time since July after their large-scale attack against Kaseya when they used a zero-day vulnerability in the Kaseya VSA remote management software to encrypt around 60 managed service providers (MSPs) and over 1,500 of their business customers. Their disappearance was noticed when […]