Published On : 2024-07-17
Fortnightly Ransomware Summary
CHECK OUT THESE FAST FACTS FOR THE LATEST RANSOMWARE UPDATES.
Eldorado ransomware, a new RaaS operation, has moved on from Windows and is now attacking Linux using Golang and Chacha20 encryption.
The ransomware operation previously known as SEXi, notorious for targeting VMware ESXi servers, has rebranded itself as APT INC.
NEW PLAYERS
KEY EVENTS
- A weakness in DoNex ransomware’s cryptographic scheme was found, and a decryptor released, allowing victims to recover files for free.
- The American Radio ‘Relay League’ confirmed a ransomware attack that had breached and encrypted its systems, resulting in stolen employee data. External forensic experts were hired to assess the impact.
- Dallas County, in the United States notified over 200,000 people that the October 2023 Play ransomware attack exposed their personal data. Measures implemented include credit monitoring, EDR solutions, and blocking malicious IPs.
- Akira ransomware’s operators swiftly exfiltrated data from a Latin American airline within two hours of breaching a Veeam server, using legitimate tools before deploying ransomware the next day.
- Pharmacy giant Rite Aid confirmed a June data breach by RansomHub, affecting customer information but not health or financial data. Systems are restored, and impacted consumers will be notified.