Ransomware has continued to be part of the 24-hour news cycle as another significant attack against critical infrastructure took place this week.

This week’s most notable attack was an REvil ransomware attack against JBS, the world’s largest meat supplier. This attack led to disruption on numerous meat production sites while the company restored their data from backup.

Due to these attacks, the White House sent an open letter to businesses warning them to take ransomware seriously. The DOJ has also begun to treat ransomware attacks at a similar priority as terrorism.

This week’s other attacks include ones against Fujifilm, the Massachusetts Steamship Authority, and UF Health Central Florida hospitals.

Finally, the DOJ announced Friday night that they arrested and charged a Latvian woman for developing a ransomware module for the TrickBot malware. This ransomware module was never used outside of development, allowing the FBI to prevent further attacks.

Contributors and those who provided new ransomware information and stories this week include: @FourOctets, @DanielGallagher, @malwareforme, @Ionut_Ilascu, @jorntvdw, @Seifreed, @VK_Intel, @BleepinComputer, @demonslay335, @LawrenceAbrams, @malwrhunterteam, @serghei, @fwosar, @struppigel, @PolarToffee, @InkyPhishFence, @SophosLabs, @campuscodi, @KartikayM, @WilliamTurton, @Bing_Chris, @fbgwls245, and the @FBI.

May 29th 2021

New Epsilon Red ransomware hunts unpatched Microsoft Exchange servers

A new ransomware threat calling itself Red Epsilon has been seen leveraging Microsoft Exchange server vulnerabilities to encrypt machines across the network.

New Matrix Ransomware variant

dnwls0719 found a new Matrix Ransomware variant that appends the .MMTA extension and drops a ransom note named #MMTA_README#.rtf.

New STOP ransomware variant

dnwls0719 found a new STOP ransomware variant that appends the .paas extension and drops a ransom note named _readme.txt.

May 31st 2021

Food giant JBS Foods shuts down production after cyberattack

JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack.

June 1st 2021

US: Russian threat actors likely behind JBS ransomware attack

The White House has confirmed today that JBS, the world’s largest beef producer, was hit by a ransomware attack over the weekend coordinated by a group likely from Russia.

June 2nd 2021

FUJIFILM shuts down network after suspected ransomware attack

FujiFilm is investigating a ransomware attack and has shut down portions of its network to prevent the attack’s spread.

FBI: REvil cybergang behind the JBS ransomware attack

The Federal Bureau of Investigations has officially stated that the REvil operation, aka Sodinokibi, is behind the ransomware attack targeting JBS, the world’s largest meat producer.

June 3rd 2021

Massachusetts’ largest ferry service hit by ransomware attack

The Steamship Authority, Massachusetts’ largest ferry service, was hit by a ransomware attack on Wednesday which led to ticketing and reservation disruptions.

White House urges businesses to “take ransomware crime seriously”

The White House has urged business leaders and corporate executives to take ransomware attacks seriously in a letter issued by Anne Neuberger, the National Security Council’s chief cybersecurity adviser.

Scripps Health notifies patients of data breach after ransomware attack

​Nonprofit healthcare provider, Scripps Health in San Diego, has disclosed a data breach exposing patient information after suffering a ransomware attack last month.

UF Health Florida hospitals back to pen and paper after cyberattack

UF Health Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network.

Live streams go down across Cox radio & TV stations in apparent ransomware attack

Live streams for radio and TV stations owned by the Cox Media Group, one of the largest media conglomerates in the US, have gone down earlier today in what multiple sources have described as a ransomware attack.

Exclusive: U.S. to give ransomware hacks similar priority as terrorism

The U.S. Department of Justice is elevating investigations of ransomware attacks to a similar priority as terrorism in the wake of the Colonial Pipeline hack and mounting damage caused by cyber criminals, a senior department official told Reuters.

June 4th 2021

Meat giant JBS now fully operational after ransomware attack

JBS, the world’s largest beef producer, has confirmed that all its global facilities are fully operational and operate at normal capacity after the REvil ransomware attack that hit its systems last weekend.

Fujifilm confirms ransomware attack disrupted business operations

Today, Japanese multinational conglomerate Fujifilm officially confirmed that they had suffered a ransomware attack earlier this week that disrupted business operations.

Phishing uses Colonial Pipeline ransomware lures to infect victims

The recent ransomware attack on Colonial Pipeline inspired a threat actor to create a new phishing lure to trick victims into downloading malicious files.

Hackers Breached Colonial Pipeline Using Compromised Password

The hack that took down the largest fuel pipeline in the U.S. and led to shortages across the East Coast was the result of a single compromised password, according to a cybersecurity consultant who responded to the attack.

New Dharma Ransomware variants

Jakub Kroustek found two new Dharma ransomware variants that append the .cnc and the .PARTY extensions.

US charges Latvian for helping develop the Trickbot malware

The US Department of Justice (DOJ) announced today that a Latvian national was charged for her alleged role as a malware developer in the Trickbot transnational cybercrime organization.

That’s it! Hope everyone has a nice weekend!