[ad_1]
This week’s information has been dominated by the Clop ransomware gang extorting firms whose GoAnywhere companies have been breached utilizing a zero-day vulnerability.
Over the previous month, 100 new firms have been added to Clop’s knowledge leak web site, with the extortion gang threatening to leak knowledge if a ransom will not be paid.
Whereas it’s not confirmed if all of those firms have been breached utilizing the GoAnywhere zero-day, BleepingComputer has confirmed this week that Saks Fifth Avenue, the Metropolis of Toronto, Procter & Gamble, Virgin Purple, and the UK Pension Safety Fund are associated to the vulnerability.
In unusual information this week, the Metropolis of Oakland is abruptly being extorted on the LockBit knowledge leak web site, when just a few weeks in the past, they have been claimed by a Play ransomware assault. It’s unclear if LockBit helps Play extort the Metropolis.
There additionally seems to be a spat brewing between the Monti ransomware gang and Donut Leaks.
Lastly, we noticed some stories on ransomware launched this week about the ACL scareware pretending to be ransomware and a write-up on the DarkPower gang.
Contributors and people who offered new ransomware data and tales this week embody: @BleepinComputer, @Seifreed, @fwosar, @malwrhunterteam, @LawrenceAbrams, @serghei, @demonslay335, @billtoulas, @PogoWasRight, @cyfirma, @pcrisk, @Trellix, and @jgreigj.
March nineteenth 2023
MONTI ransomware gang leaks Donut Leaks
In one of many extra intriguing listings of this week, the MONTI ransomware group has added one other group, Donut Leaks, to their leak web site.
March twentieth 2023
ALC Scareware Pretends to be a Ransomware
Analysis crew at CYFIRMA just lately found a malicious pattern in wild which pretends to be a ransomware named as ALC Ransomware. Our analysis crew analysed and located it to be a scareware in precise, as it’s not encrypting information on the sufferer machine.
New STOP Ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .darj extension to encrypted information.
March twenty first 2023
LockBit ransomware gang now additionally claims Metropolis of Oakland breach
One other ransomware operation, the LockBit gang, now threatens to leak what it describes as information stolen from the Metropolis of Oakland’s methods.
Clop ransomware claims Saks Fifth Avenue, retailer says mock knowledge stolen
The Clop ransomware gang claims to have attacked Saks Fifth Avenue on its darkish net leak web site.
March twenty second 2023
Dole discloses worker knowledge breach after ransomware assault
Contemporary produce large Dole Meals Firm has confirmed risk actors behind a February ransomware assault have accessed the data of an undisclosed variety of workers.
New STOP Ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .tywd extension to encrypted information.
New Xorist ransomware variant
PCrisk discovered a brand new Xorist ransomware variant that appends the .Rans-A extension and drops ransom notes named HOW TO DECRYPT FILES.txt.
March twenty third 2023
Metropolis of Toronto confirms knowledge theft, Clop claims duty
Metropolis of Toronto is amongst Clop ransomware gang’s newest victims hit within the ongoing GoAnywhere hacking spree.
Tennessee metropolis hit with ransomware assault
Oak Ridge, Tennessee stated metropolis officers are working with legislation enforcement and cybersecurity consultants to take care of a ransomware assault affecting its expertise methods.
New STOP Ransomware variant
PCrisk discovered a brand new STOP ransomware variant that appends the .tyos extension to encrypted information.
March twenty fourth 2023
Procter & Gamble confirms knowledge theft by way of GoAnywhere zero-day
Client items large Procter & Gamble has confirmed a knowledge breach affecting an undisclosed variety of workers after its GoAnywhere MFT safe file-sharing platform was compromised in early February.
That is it for this week! Hope everybody has a pleasant weekend!
[ad_2]