Ransomware gangs and strains come and go, and a few reemerge stronger than ever.
Take the BlackCat ransomware gang, for instance. It shuttered operations in March 2024 following an exit rip-off. Or LockBit, a ransomware gang that revived itself days after regulation enforcement took the group down.
Then there are variants that simply will not cease — constructing off their predecessors with stronger, extra resilient assault methods. Additionally utilizing LockBit for instance, it first emerged in 2019 and has only in the near past advanced into LockBit 5.0, “boasting quicker encryption, stronger evasion and a revamped associates program.”
This week’s featured articles cowl an previous and a brand new ransomware group, in addition to the reemergence of  Petya in a possible new pressure.
KillSec ransomware assaults Brazilian healthcare supplier
On Sept. 8, the KillSec ransomware group attacked MedicSolution, a Brazilian healthcare software program supplier. It threatened to leak 34 GB of delicate knowledge, together with greater than 94,000 information containing lab outcomes, X-rays and affected person information.
The breach originated from insecure AWS S3 buckets, with the window of publicity probably going again a number of months. MedicSolution offers cloud companies to quite a few medical practices, placing healthcare organizations in danger. Affected sufferers haven’t been notified that their knowledge was compromised.
Learn the complete story by Kristina Beek on Darkish Studying.
Yurei ransomware group scored its first sufferer
On Sept. 5, newcomer ransomware group Yurei claimed its first double-extortion assault sufferer in MidCity Advertising and marketing, a meals manufacturing firm in Sri Lanka. Days later, further victims have been reported in India and Nigeria.
The probably Moroccan-based operators used a modified model of open supply Prince-Ransomware — written in Go, which makes it tougher to detect — to conduct the assaults. Utilizing open supply malware “considerably lowers the barrier to entry for cybercriminals,” cybersecurity vendor Examine Level Software program researchers wrote in a weblog publish.
The identical researchers additionally found a important flaw that might allow victims to get better their stolen and encrypted knowledge.
Learn the complete story by Elizabeth Montalbano on Darkish Studying.
New malware HybridPetya threatens Safe Boot
Researchers at cybersecurity vendor ESET have found HybridPetya, a classy malware that mixes NotPetya’s damaging capabilities with Petya’s recoverable encryption.
Although not but deployed within the wild, it represents the fourth recognized malware able to bypassing UEFI Safe Boot protections. HybridPetya can deploy malicious UEFI payloads on to the EFI System Partition and encrypt the Grasp File Desk, rendering techniques inaccessible.
In contrast to NotPetya, HybridPetya allows operators to reconstruct decryption keys. This persistent risk stays even after OS reinstallation or wiping the laborious drive.
Learn the complete story by Jai Vijayan on Darkish Studying.
Editor’s be aware: An editor used AI instruments to assist within the technology of this information transient. Our professional editors all the time evaluation and edit content material earlier than publishing.
Kyle Johnson is know-how editor for Informa TechTarget’s SearchSecurity website.
