The Week in Ransomware – January 14, 2022


Today, the Russian government announced that Fourteen members of REvil ransomware gang arrested on behalf of the US authorities.

While the members of the ransomware gang are only being charged with “illegal circulation of means of payment”, the arrests are Russia’s first public action to stop the activities of ransomware gangs operating within the country. .

Furthermore, Russia claims that it took this action on behalf of US law enforcement, who have historically been reluctant to assist in criminal investigations of cybercrime.

However, some threat actors believe this is just Russia trying to look like the US and that future police cooperation will not be common.

The Ukrainian police also Arrested members of a ransomware operation which encrypted at least fifty companies in the US and Europe. However, the name of the ransomware gang has not been revealed.

Another piece of news this week is the discovery of a Linux encryptor for AvosLocker ransomware operation targeting VMware ESXi, the Night Sky ransomware operation using Log4j attacks, TellYouThePass Returns as a cross-platform Golang threat, and that Magniber ransomware using signed APPX files to infect victims.

Contributors and those who provided new information and ransomware stories this week include: @fwosar, @BleepinComputer, @DanielGallagher, @PolarToffee, @malwrhunterteam, @demonslay335, @billtoulas, @jorntvdw, @serghei, @VK_Intel, @malwareforme, @shaggygel, @LawrenceAbrams, @FourOctets, @Ionut_Ilascu, @Seifred, @ahnlab, @CrowdStrike, @MsftSecIntel, @ChristiaanBeek, @fbgwls245, @Friend_A_,@JakubKroustek, Y @pcrisk.

January 8, 2022

New Wasp ransomware

dnwls0719 found the new Wasp Ransomware which adds the .0.locked extension for encrypted files.

wasp ransomware

January 10, 2022

Linux version of AvosLocker ransomware targets VMware ESXi servers

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines.

FinalSite: No school data stolen in ransomware attack behind site outages

FinalSite today announced the findings of a six-day investigation into last week’s ransomware attack, stating that it found no evidence hackers accessed or stolen data from schools.

New variant of STOP Ransomware

jakub kroustek found a new variant of STOP ransomware that adds the .nqhd extension.

January 11, 2022

Night Sky ransomware uses Log4j bug to hack VMware Horizon servers

The Night Sky ransomware gang has started exploiting the critical vulnerability CVE-2021-44228 in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems.

January 12, 2022

Magniber ransomware using signed APPX files to infect systems

Magniber ransomware was detected using Windows Application Package (.APPX) files signed with valid certificates to remove malware posing as Chrome and Edge web browser updates.

TellYouThePass ransomware returns as a cross-platform Golang threat

TellYouThePass ransomware has re-emerged as malware compiled by Golang, making it easy to target more operating systems, macOS and Linux in particular.

School down when cyber attack forces APS to cancel classes

A cyberattack on Albuquerque Public Schools caused the state’s largest district to cancel all classes districtwide on Thursday and possibly Friday.

New variant of STOP ransomware

puncture found a new variant of STOP ransomware that adds the .zaqi extension for encrypted files.

January 13, 2022

Ukrainian police arrest ransomware gang that attacked more than 50 companies

Ukrainian police have arrested an affiliated ransomware group responsible for attacking at least 50 companies in the US and Europe.

January 14, 2022

Russia arrests REvil ransomware gangsters, seizes $6.6 million

The Federal Security Service (FSB) of the Russian Federation says it shut down the REvil ransomware gang after the leader was reported by US authorities.

That’s all for this week! I hope everyone has a good weekend!


Please enter your comment!
Please enter your name here