This week’s huge information is the extortion assaults on the Caesars and MGM Las Vegas on line casino chains, with one having already paid the ransom and the opposite nonetheless dealing with operational disruptions.
Caesers was first quietly breached earlier this month, with the attackers stealing its loyalty program database. This database accommodates driver’s license numbers and social safety for purchasers, and to forestall the leak of the info, Caesers paid a ransom demand.
In keeping with a report by the Wall Avenue Journal, the menace actors demanded $30 million to not leak the info, however the On line casino negotiated it all the way down to a $15 million fee.
“We’ve got taken steps to make sure that the stolen information is deleted by the unauthorized actor, though we can’t assure this end result,” Caesars mentioned in an SEC 8-Okay submitting revealed after information of the assault leaked.
This week, MGM Resorts suffered a ransomware assault, inflicting large disruptions in its casinos, resembling ATMs and bank card machines not working, friends locked our of resort rooms, and slot machines not working.
It was later confirmed that this assault was performed by an affiliate for the BlackCat/ALPHV ransomware operation often known as Scattered Spider.
In a prolonged assertion on the ransomware gang’s information leak web site, the menace actors declare to have gained full entry to the corporate’s community and finally encrypted 100 VMware ESXi servers.
We additionally discovered about ransomware assaults on the UK’s Better Manchester Police (GMP), the Auckland transport authority, and IT options supplier ORBCOMM.
Lastly, some fascinating analysis was launched this week:
Contributors and those that supplied new ransomware info and tales this week embody: @Seifreed, @malwareforme, @serghei, @malwrhunterteam, @BleepinComputer, @demonslay335, @Ionut_Ilascu, @LawrenceAbrams, @billtoulas, @vxunderground, @BroadcomSW, @MsftSecIntel, @AlvieriD, @WilliamTurton, @GeeksCyber, @pcrisk, and @Mandiant.
September eleventh 2023
MGM Resorts shuts down IT methods after cyberattack
MGM Resorts Worldwide disclosed right this moment that it’s coping with a cybersecurity problem that impacted a few of its methods, together with its major web site, on-line reservations, and in-casino providers, like ATMs, slot machines, and bank card machines.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .hgfu and .hgew extensions.
September twelfth 2023
Ransomware entry dealer steals accounts through Microsoft Groups phishing
Microsoft says an preliminary entry dealer identified for working with ransomware teams has not too long ago switched to Microsoft Groups phishing assaults to breach company networks.
New AnonTsugumi ransomware
PCrisk discovered a ransomware known as AnonTsugumi that appends the .anontsugumi extension and drops a ransom observe named README.txt.
September thirteenth 2023
Hackers use new 3AM ransomware to avoid wasting failed LockBit assault
A brand new ransomware pressure known as 3AM has been uncovered after a menace actor used it in an assault that did not deploy LockBit ransomware on a goal community.
New STOP ransomware variants
PCrisk discovered new STOP ransomware variants that append the .ooza and .oopl extensions.
September 14th 2023
Manchester Cops’ information uncovered in ransomware assault
United Kingdom’s Better Manchester Police (GMP) mentioned earlier right this moment that a few of its staff’ private info was impacted by a ransomware assault that hit a third-party provider.
Caesars Leisure confirms ransom fee, buyer information theft
Caesars Leisure, self-described as the most important U.S. on line casino chain with essentially the most in depth loyalty program within the trade, says it paid a ransom to keep away from the web leak of buyer information stolen in a current cyberattack.
Auckland transport authority hit by suspected ransomware assault
The Auckland Transport (AT) transportation authority in New Zealand is coping with a widespread outage attributable to a cyber incident, impacting a variety of buyer providers.
MGM on line casino’s ESXi servers allegedly encrypted in ransomware assault
An affiliate of the BlackCat ransomware group, also referred to as APLHV, is behind the assault that disrupted MGM Resorts’ operations, forcing the corporate to close down IT methods.
Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety
UNC3944 is a financially motivated menace cluster that has persistently used phone-based social engineering and SMS phishing campaigns (smishing) to acquire credentials to realize and escalate entry to sufferer organizations. At the very least some UNC3944 menace actors seem to function in underground communities, resembling Telegram and underground boards, which they might leverage to accumulate instruments, providers, and/or different assist to reinforce their operations.
September fifteenth 2023
ORBCOMM ransomware assault causes trucking fleet administration outage
Trucking and fleet administration options supplier ORBCOMM has confirmed {that a} ransomware assault is behind current service outages stopping trucking corporations from managing their fleets.
An in depth evaluation of the Cash Message Ransomware
The menace actor group, Cash Message ransomware, first appeared in March 2023, demanding million-dollar ransoms from its targets. Its configuration, which accommodates the providers and processes to cease a ransomware assault, might be discovered on the finish of the executable. The ransomware creates a mutex and deletes the Quantity Shadow Copies utilizing vssadmin.exe.
New Elibe ransomware
PCrisk discovered a ransomware variant that appends the .elibe extension and drops a ranom observe named FILES ENCRYPTED.txt.
New STOP ransomware variant
PCrisk discovered a STOP ransomware variant that appends the .oohu extension.
That is it for this week! Hope everybody has a pleasant weekend!
