November 2, 2021

FBI warn ransomware gangs are targeting companies during time-sensitive financial events

On Monday 1st of November 2021, the United States Federal Bureau of Investigation (FBI) released a TLP: WHITE private industry notification where they warned that threat actors from ransomware gangs are starting to target companies that involved in significant, time-sensitive financial events like corporate mergers and acquisitions in the hope that these events will encourage these target companies to pay […]
November 1, 2021

Handa Hospital in Tokushima Prefecture disrupted heavily by ransomware attack

On Sunday 31st of October 2021, Tsurugi municipal Handa Hospital in Tokushima Prefecture suffered a ransomware attack which disrupted the operations of the hospital and involved electronic records of over 85,000 patients being made inaccessible. Indications of the incident were noticed at 12:30 a.m. when many of hospital’s printers started to print out messages that stated the hospital’s data had […]
November 1, 2021

Canadian province of Newfoundland and Labrador healthcare providers hit by possible ransomware attack

On Saturday 30th of October 2021, healthcare providers and hospitals from the Canadian province of Newfoundland and Labrador experienced a possible ransomware attack. The attack led to the regional health systems having to shut down their networks and thousands of medical appointments were cancelled because of the outage. It has been confirmed that the outage is a result of a […]
October 30, 2021

Chaos ransomware variant targets Minecraft players in Japan

On Thursday 28th of October 2021, cyber security researchers from FortiGuard Labs released a report revealing they had recently discovered variant of the Chaos ransomware that is being used to target Minecraft players in Japan. The FortiGuard Labs researchers have stated that this variant is unique due to the fact they not only encrypt certain files of a size smaller […]
October 27, 2021

Grief ransomware gang adds the National Rifle Association of America as a victim

On Wednesday 27th of October 2021, the Grief ransomware gang added The National Rifle Association of America (NRA) to their data leak as a victim of one of their attacks. The gang provide evidence of the attack by providing screenshots of Excel spreadsheets containing US tax information and investments amounts. They also have leaked a 2.7 MB archive titled ‘National […]
October 27, 2021

Avast releases free AtomSilo and LockFile ransomware decryptor based on weakness in AtomSilo ransomware

On Wednesday 27th of October 2021, Avast, a Czech cybersecurity software firm announced that they had released a free decryption tool for AtomSilo and LockFile ransomware victims based on a weakness in the AtomSilo ransomware that found by RE – CERT malware analyst Jiří Vinopal. The decryptor is valid for both kinds of ransomware strains as they are very similar […]
October 27, 2021

Avast releases free Babuk ransomware decryptor based on leaked source code

On Wednesday 27th of October 2021, Avast, a Czech cybersecurity software firm announced that they had released a free decryption tool for Babuk ransomware victims based on leaked source code and decryption keys. The decryptor is valid for victims who have had their files encrypted by the Babuk ransomware that used the following extensions: .babuk, .babyk, .doydo. The source code […]
October 26, 2021

FBI releases flash alert against Ranzy Locker ransomware

On Monday 25th of October 2021, the United States Federal Bureau of Investigation (FBI) announced that Ranzy Locker ransomware operators have compromised at least 30 US companies this year from various industry sectors. In a TLP: WHITE flash alert, the FBI states that the victims of the Ranzy Locker ransomware attacks included “the construction subsector of the critical manufacturing sector, […]
October 22, 2021

All extortion gangs called on to attack US interests by Groove ransomware gang

On Friday 22nd of October 2021, the Groove ransomware gang released a Russian blog post in Russian which calls for all other ransomware operations to target US interests. This blog comes about after REvil was taken down because of an international law enforcement operation that included support from the FBI. “I urge not to attack Chinese companies, because where do […]