With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information.
However, last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it could be used to decrypt victims’ files for free.
BleepingComputer learned that this method was used by disaster recovery and incident response firms for months until the ransomware operation fixed the encryption flaw in mid-December 2023.
The Black Basta data leak site is down now, but this appears to be caused by technical difficulties rather than a law enforcement operation, as the negotiation sites are still active.
In other news, Xerox confirmed one of its subsidiaries, Xerox Business Solutions (XBS), suffered a cyberattack.
The INC Ransomware operation, which claimed to be responsible for the attack, told BleepingComputer that they had much greater access to Xerox than is being disclosed. BleepingComputer has not been able to confirm if this is true independently.
We also learned this week that Australia’s Court Services Victoria (CSV) suffered a ransomware attack, allowing the threat actors to view recordings of hearings, even potentially sensitive ones.
Finally, the source code and a builder for a new version of the Zeppelin Ransomware (Zeppelin2) was sold on a hacking forum, allegedly fixing an encryption bug that allowed law enforcement and incident responders to recover files for free.
This source code and a builder could allow cybercriminals to launch a ransomware-as-a-service operation, so this will be something to keep an eye on.
Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @Seifreed, @LawrenceAbrams, @Ionut_Ilascu, @malwrhunterteam, @fwosar, @BleepinComputer, @serghei, @demonslay335, @Intel_by_KELA, @pcrisk, @BushidoToken, @BrettCallow, @emsisoft, @AlvieriD, and @srlabs
December 30th 2023
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free.
January 2nd 2024
The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation.
Australia’s Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack.
In 2023, the U.S. was once again battered by a barrage of financially-motivated ransomware attacks that denied Americans access to critical services, compromised their personal information, and probably killed some of them.
PCrisk found a new ransomware that appends the .Shuriken and drops ransom note names READ-ME-SHURKEWIN.txt.
PCrisk found a new Xorist variant that appends the .BaN extension.
PCrisk found new Mallox ransomware variants that append the .cookieshelper and .karsovrop extensions and drops a ransom note named FILE RECOVERY.txt.
PCrisk found a new ransomware variant that appends the .emp extension and drops a ransom note named HOW-TO-DECRYPT.txt.
January 4th 2024
A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.
The Russian hackers behind a December breach of Kyivstar, Ukraine’s largest telecommunications service provider, have wiped all systems on the telecom operator’s core network.
That’s it for this week! Hope everyone has a nice weekend!