It has been principally a quiet week concerning ransomware, with only some bits of information launched on older assaults and a few reviews launched on current organizations.

This week, theft of buyer information stays the main focus, with Yum! Brands sending data breach notifications for a ransomware assault in January.

Capita additionally stays silent on a Black Basta ransomware assault that occurred earlier this month, staying silent as as to whether buyer information was stolen, even because the ransomware gang attempts to extort them.

Different information this week revolves round analysis launched about explicit operations, together with:

• DarkAngels ransomware launched an information leak website.
• Vice Society now makes use of a customized PowerShell script for information exfiltration.
• A technical evaluation of Trigona, which BleepingComputer first reported on in 2022.
• Data on the brand new Kadavro Vector Ransomware.

Lastly, we noticed LockBit messing round with cybersecurity corporations, claiming to have breached DarkTrace. Nevertheless, the corporate mentioned that is unfaithful and that programs had been compromised.

Contributors and people who offered new ransomware info and tales this week embody @LawrenceAbrams, @demonslay335, @malwareforme, @malwrhunterteam, @fwosar, @BleepinComputer, @Seifreed, @struppigel, @billtoulas, @Ionut_Ilascu, @serghei, @McAfee, @Fortinet, @Threatlabz, @pcrisk, and @GossiTheDog.

April ninth 2023

Black Basta ransomware group extorts Capita with stolen customer data, Capita fumble response.

By way of Black Basta and Capita, they listing Capita as presently being held to extortion – and supply proof of exfiltrated information. This contains main and secondary faculty job purposes, a Capita nuclear doc, Capita paperwork marked Confidential, passport scans, safety vetting for patrons and structure diagrams.

April tenth 2023

KFC, Pizza Hut owner discloses data breach after ransomware attack

Yum! Manufacturers, the model proprietor of the KFC, Pizza Hut, and Taco Bell quick meals chains, is now sending information breach notification letters to an undisclosed variety of people whose private info was stolen in a January 13 ransomware assault.

DarkAngels ransomware launches data leak site

Zscaler found that DarkAngels ransomware (AKA RansomHouse) launched an information leak website.

April eleventh 2023

New STOP Ransomware variant

PCrisk discovered a brand new STOP ransomware variant that appends the .kiop extension.

April 14th 2023

Darktrace: Investigation found no evidence of LockBit breach

Cybersecurity agency Darktrace says it discovered no proof that the LockBit ransomware gang breached its community after the group added an entry to their darkish net leak platform, implying that they stole information from the corporate’s programs.

Vice Society ransomware uses new PowerShell data theft tool in attacks

The Vice Society ransomware gang is deploying a brand new, relatively refined PowerShell script to automate information theft from compromised networks.

Technical Analysis of Trigona Ransomware

Zscaler ThreatLabz has been monitoring the Trigona ransomware household, which dates again to June 2022. There was public reporting that among the group’s ways, methods, and procedures (TTPs) have overlapped with BlackCat/ALPHV ransomware.

Ransomware Roundup – Kadavro Vector Ransomware

FortiGuard Labs just lately got here throughout a ransomware named “Kadavro Vector”, a NoCry ransomware variant that encrypts recordsdata on compromised machines and calls for a ransom in Monero (XMR) cryptocurrency for file decryption.

That is it for this week! Hope everybody has a pleasant weekend!