An overview of ransomware events between 16 and 25August 2021

 Last week a master key for people who were victims of ransomware assaults by SynAck was published.

The perpetrators of Hives ransomware have hijacked and encrypted Memorial Health System computer systems, forcing employees into manual mode. This attack caused clinical and financial disturbances and the surgical and X-ray examinations were cancelled. Confidential information databases of 200,000 patients, including social security numbers, names and date of birth have been taken.

The largest fuel pipeline operator in the United States, Colonial Pipeline provided the DarkSide cyber assault alerts to anyone affected by this attack. The company said "recently it realised" that DarkSide operatives could acquire and retrieve documents with personal data from 5,810 individuals during the attack. The data seized includes first and last names, contact information, health data, taxpayer numbers, military ID numbers and social security numbers, etc.

Tutorials and technical manuals used by Conti's collaborators in ransomware were leaked online last month. The ransomware is primarily hunting for papers relating to financial indicators of the organisation and whether they have a cyber insurance policy, as we learned last week during the first volume of data on the servers of the victim.

The Brazil administration has announced a cyber attack with ransomware on the national treasury's computer systems. Initial actions for the elimination of the cyber attack have been taken promptly, according to the representatives of the Brazilian Ministry of Economics. The structural systems of the national treasury were not damaged in the early assessments.

Jakub Kroustek, a cyber security research specialist, has found a new Dharma ransomware strain adding the c0v-extension.

Researchers in cybersecurity at IBM X-Force published details of an early ransomware version called Diavol. The results illustrate the connection between Diavol and the TrickBot botnet controllers. According to IBM X-Force experts the ransomware specimen carries similarities to TrickBot operators' other dangerous programmes that provide a clearer relationship between them.

In its Singapore subsidiaries Tokio Marine Insurance Singapore (TMiS) has been targeted using ransomware, the Tokio Marine Holding transnational insurance firm in Japan has revealed. It is not apparent how, when and how devastating this attack was, but immediately after discovery and information to the local governments, TMiS isolated the network.

The Cybersecurity and Infrastructure Security Agency (CISA) developed a guideline to help private and governmental entities prevent data leaks from cyber attacks by groups of ransomware. CISA includes best practises for the protection of confidential information against attempted theft and combating ransomware attacks.

A study cyber security scientist who uses the identity dnwls0719 has uncovered that Malki inserts the.MALKI extension.

The El Cometa ransomware organisation, formerly known as SynAck, released a master key for individuals who were their victims from July 2017 to the start of 2021. The samples submitted were reviewed and confirmed by Michael Gillespie, an information security specialist from Emsisoft.

The new LockFile cyber ransomware organisation encrypts Windows domains by attacking the famed ProxyShell vulnerabilities on Microsoft Exchange servers and getting access to the control system by using the PetitePotam vulnerability.