Security News
Cybersecurity firm Avast has released a free decryptor for the Akira ransomware that can help victims recover their data without paying the crooks any money. Akira on Windows encrypts files only partially for a speedier process, following a different encryption system depending on the file size.
Chipmaking giant TSMC denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.While this Twitter thread has since been deleted, the LockBit ransomware gang created a new entry for TSMC yesterday on their data leak site, demanding $70 million or they would leak stolen data, including credentials for their systems.
Ransomware attacks from the 8Base group claimed the second largest number of victims over the past 30 days, says VMware. Analyzing ransomware attacks in June 2023, VMware found 8Base hit almost 80 victims over the past 30 days, second only to the LockBit 3 gang, which compromised almost 100 organizations.
The latest high-profile cybercrime exploits attributed to the Clop ransomware crew aren't your traditional sort of ransomware attacks. Conventional ransomware attacks are where your files get scrambled, your business gets totally derailed, and a message appears telling you that a decryption key for your data is available.
The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. BleepingComputer's analysis of the Linux encryptor shows it has a project name of 'Esxi Build Esxi6,' indicating the threat actors designed it specifically to target VMware ESXi servers.
Lockbit 3.0 is currently the most active ransomware group, NCC Group says in its most recent Threat Pulse report, but new ransomware groups like 8Base and Akira are rising in prominence. Collectively, the various ransomware groups revealed 436 victim organizations in May 2023 - 24% more than in April 2023, and 56% more that in May 2022.
A ransomware threat called 8Base that has been operating under the radar for over a year has been attributed to a "Massive spike in activity" in May and June 2023. VMware said 8Base is "Strikingly" similar to that of another data extortion group tracked as RansomHouse, citing overlaps in the ransom notes dropped on compromised machines and the language used in the respective data leak portals.
A 8Base ransomware gang is targeting organizations worldwide in double-extortion attacks, with a steady stream of new victims since the beginning of June. In June 2023, the ransomware operation saw a spike in activity, targeting many companies in various industries and performing double extortion.
It was a relatively quiet week regarding ransomware news, with the BlackCat ransomware gang extorting Reddit and the ongoing MOVEit Transfer data breaches being the main focus. In an update on the BlackCat data leak site, the threat actors claim they stole 80 GB of compressed data during the attack and now plan on leaking the data after they say Reddit ignored a $4.5 million ransom demand.
British law practices of "All sizes and types" have been warned by GCHQ's cyberspy arm that their "Widespread adoption of hybrid working" combined with the large sums of money they handle is making them a target. Besides the mega cash transfers, the firms also often handle "Sensitive information," said the National Cyber Security Centre, making them "Particularly attractive targets to attackers."