October 21, 2023 at 12:41PM
Trigona ransomware suffered a data breach after Ukrainian hacktivists exploited a vulnerability in their server. The hackers breached several sites, taking data and defacing the Tor negotiation and data leak sites. Similarly, law enforcement disrupted the RagnarLocker ransomware operation, seizing the group’s dark websites and arresting a malware developer. In other news, cyberattacks were reported against TV advertising firm Ampersand and Kwik Trip. Cybersecurity researchers also released reports on various ransomware variants.
Meeting Takeaways:
1. Trigona ransomware experienced a data breach, with Ukrainian hacktivists exploiting a vulnerability in the Confluence server and breaching other Trigona sites.
2. Trigona plans to launch new sites on October 22nd.
3. Law enforcement disrupted the RagnarLocker ransomware operation, arresting a malware developer and seizing the group’s dark websites.
4. Cyberattacks were reported against TV advertising firm Ampersand and Kwik Trip, though it is unconfirmed if ransomware was involved.
5. Various cybersecurity researchers released reports on ransomware variants and activities.
6. Colonial Pipeline confirmed no disruption to operations after threats by a ransomware gang.
7. PCrisk identified new variants of STOP ransomware, MedusaLocker, Chaos, Dharma, and a new ransomware named EarthGrass and KeyLocker.
8. Ukrainian Cyber Alliance successfully hacked Trigona’s servers and wiped them clean.
9. The cybercrime industry is seeing a shift towards targeting vendors and bypassing security controls.
10. GhostLocker, a new Ransomware-as-a-Service (RaaS), was established by hacktivist groups led by GhostSec.
11. A new pro-Palestinian hacktivist group called Soldiers of Solomon claimed to be deploying Crucio Ransomware.
12. Tor negotiation and data leak sites of Ragnar Locker were seized as part of an international law enforcement operation.
13. BlackCat/ALPHV ransomware began using a new tool called ‘Munchkin’ for stealthy deployment on network devices.
14. Several unsuccessful attempts were made to exploit vulnerabilities in Adobe’s ColdFusion Server software to deploy ransomware.
15. A new version of Akira ransomware called “Megazord” emerged, possibly attempting to rebrand the original ransomware.
16. Trigona ransomware operation plans to return on October 22nd, in response to the takedown of their sites by the Ukrainian Cyber Alliance.
17. Kwik Trip confirmed an ongoing cyberattack investigation impacting their internal network since October 9th.
18. Malware developer linked to Ragnar Locker ransomware gang was arrested, and the group’s dark web sites were seized in a joint international operation.
19. PCrisk identified new variants of STOP ransomware with .ithh, .itqw, and .itrz extensions.
20. Hunters International ransomware, utilizing an encryptor from the Hive operation, was discovered by rivitna.
Note: This is a summary of the provided meeting notes and may not include all details or context.