overview of ransomware occurrences occurring August 9th to August 16th, 2021

 The hackers exploited the Windows PrintNightmare vulnerability for the first time last week, which enabled them to move up the privileges on compromised computers.

Much of the public's attention last week was attracted by the publication of a mysterious universal decryptor for files encrypted by the ransomware group REvil. Security experts using this key managed to decrypt files encrypted during the attack on Kaseya. Experts have also tested the decryptor on other REvil samples collected over the past two years. The decryptor was not working, which means it is not the master decryption key for all REvil victims.

The ransomware group El_Cometa, formerly known as SynAck, published a master key for users who became their victims between July 2017 and early 2021. As representatives of SynAck said, they decided to release a master key to recover files encrypted by the ransomware during old operations, as they intend to focus on new ones. So, at the end of last month, the group began new operations called El_Cometa.

Taiwanese NAS manufacturer Synology has alerted customers to a malicious campaign in which StealthWorker botnet operators attack NAS devices and infect them with ransomware. According to Synology's Product Security Incident Response Team (PSIRT), Synology NAS devices compromised by these attacks are being used in further attempts to compromise other Linux systems.

As reported by the specialists of to Microsoft, cloud platform SIEM (Security Information and Event Management) Azure Sentinel can now detect potential activity ransomware programs using machine learning model Fusion.

A cybersecurity researcher using the PCrisk alias discovered a new variant of STOP ransomware that adds the .repg extension, and a new variant of Dharma ransomware that adds the .JRB extension.

A recently discovered sample of eCh0raix ransomware has been encrypted with QNAP and Synology NAS. ECh0raix malware, also known as QNAPCrypt, was first detected in June 2016. The ransomware attacked QNAP NAS devices in waves. The first "wave" took place in June 2019, and the second - in June 2020. In 2019, eCh0raix also encrypted devices manufactured by Synology, pre-hacking them using brute force. According to specialists from the Unit 42 of the information security company Palo Alto Networks, if previously the malware attacked QNAP and Synology devices separately, then since September 2020 it has an encryption function for both families of devices.

The developer and publisher of computer games Crytek has confirmed that it fell victim to the ransomware Egregor in October 2020. The hackers encrypted the company's systems, stole files with confidential customer data and published them on their darknet leaks site. Crytek only sent out relevant notifications to affected users in August 2021.

Eight districts public schools K-12 in the United States have been victims of attacks using software extortionate Pysa.

Fortune 500 consulting firm Accenture has been the victim of a LockBit ransomware attack. According to company representatives, the incident did not affect its operation, and the affected systems were restored from backups. As reported by The Record, Accenture not only confirmed the attack in an email to its customers, but also significantly downplayed its impact.

Cyble Research Lab discovered that the Indian company Pine Labs was attacked by ransomware. The attack was organized by the extortionist group BlackMatter. As a result of the attack, criminals gained access to information about services and other private agreements between several Indian banks and Pine Labs, financial statements and more than 500,000 unique records containing contact information (phone, name, e-mail).

A cybersecurity researcher using the dnwls0719 alias discovered a new variant of Phobos ransomware that adds the .HORSEMONEY extension.

Ransomware groups Vice Society and Magniber have begun to actively exploit the PrintNightmare vulnerability in the Windows print spooler to move their victims across networks.