Ransomware

Novel LostTrust ransomware operation emerges

Share

BleepingComputer reports that 53 organizations around the world have already been compromised by the new LostTrust ransomware operation since it commenced attacks in March. LostTrust has been suspected to be a MetaEncryptor ransomware rebrand due to nearly identical data leak sites and Windows encryptors. Both ransomware gangs were discovered by cybersecurity researcher Stefano Favarato to be leveraging the same template and bio for their sites, with the operations touting their members to be network security specialists with 15 years or more experience. Moreover, only slight differences in ransom notes, note names, embedded public keys, and encrypted file extensions were found between LostTrust and MetaEncryptor, with MalwareHunterTeam noting that the SFile2 ransomware encryptor was used as the basis by both operations. Further examination of the LostTrust encryptor revealed that execution would prompt the disabling of various Windows services, as well as the deactivation of other Microsoft Exchange-related services prior to encryption. Ransom notes by the operation suggest that members were once ethical hackers that transitioned to cybercrime after poor compensation.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Related

Novel WolfsBane backdoor leveraged in Chinese attacks against Linux systems

Attacks with Wolfsbane commence with the deployment of the 'cron' dropper delivering the KDE desktop component-spoofing launcher, which deactivates SELinux and alters user configuration files before triggering the privacy malware component that has file operation, data theft, and system manipulation command support, an analysis from ESET revealed.

ONNX phishing-as-a-service operation disrupted

Organizations in the financial services sector have been primarily targeted by the ONNX, whose Telegram-based operations had been cut off following a court order that allowed Microsoft to transfer the PhaaS platform's infrastructure to its servers, according to Microsoft Digital Crimes Unit Assistant General Counsel Steven Masada.

Ransomware attacks primarily caused by poor cyber hygiene

Aside from primarily leveraging basic usernames for their accounts, organizations impacted by ransomware intrusions from July to September — including those in the government and healthcare industries — also mostly failed to implement multi-factor authentication that could have deterred brute-force attacks.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.