The U.S. offices of Macmillan, a publishing company with an annual revenue of over $500 million, have been hit by a cyberattack. Macmillan editors have lost access to their systems, emails and files, while book retailers nationwide were left unable to place new orders from the publisher.
A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.
Google has released updates for its popular Chrome browser to remediate several vulnerabilities, including a high-severity vulnerability that has already been exploited in the wild. This marks the fourth zero-day vulnerability that had to be patched in Chrome this year.
The Ukrainian police force arrested nine members of a cybercrime group that operated over 400 phishing websites. The group successfully abused stolen information in at least 5,000 cases, resulting in $3.36 million being stolen from victims in total.
The LockBit gang is one of the most active ransomware groups at the moment. Last Sunday, they released LockBit 3.0, the latest strain of their malware — and also published the data of five new victims on their leak site.
The Raccoon Stealer gang has just launched version 2.0 of their info-stealing malware, and is actively selling it as a service. Criminals can use the new Raccoon Stealer for $275 per month or $125 per week.
On March 18, 2022, the Telegram public group published a post detailing the release of a new version of malware, a Windows data stealer called ZingoStealer. The group created a chat bot to field information requests, deliver more information, and even enable downloads of ZingoStealer. Later, the developer announced that cryptomining functionality was added to the stealer in order to maximize profits from its operations.
An ongoing wave of phishing emails is using missed voicemail messages as a lure. Multiple US companies in various sectors were targeted last week again. The goal of the attackers is to steal Microsoft 365 credentials in order to access their environments.
Conti has been one of the most active ransomware gangs of late. After recent attention, the group announced that they will abandon the brand. Their infrastructure has not been updated since, and some of their leak sites are offline. Of course, this does not mean that they will fully disappear.
On March 16, 2022, security specialists identified a new version of BlackCat ransomware (so named because the software displays a black cat on the victim’s payment site). These experts also noted that some previous YARA rules no longer match, which will make it difficult to find malicious files.
The June 2022 cumulative updates for Windows Server have caused trouble for administrators of servers that have Routing and Remote Access Service (RRAS) enabled.
The German energy provider Entega reported a cyberattack over the weekend, impacting their online services and the email accounts of the 2,000 employees. The critical infrastructure of the energy network was not compromised. Stadtwerke Mainz and a regional waste disposal company both reported issues as well.