Christopher Eaton | March 11th, 2022

The global ransomware threat landscape continues to devastate companies around the world. Fortunately, SpearTip is here to report on the latest attacks and threat operators in this installment of ‘Weekly Ransomware Wrap-Up‘.

The Cybersecurity and Infrastructure Agency (CISA) recently updated its indicators of compromise (IoCs) alert for Conti ransomware. There are nearly 100 additional domain names now listed. Conti ransomware has recently been utilizing Log4j vulnerabilities to infiltrate organizational networks.

Security researchers discover new ransomware, Nokoyawa, that displays salient similarities to the devastating Hive variant. A decryption key for Hive was recently shared publicly suggesting operators might have been retooling recently.

An alleged member of the Sodinokibi/REvil ransomware operation was extradited to the US and charged with deploying ransomware in connection with last year’s Kaseya attack. If found guilty, the accused faces up to 115 years in prison.

South-Korea based global technology company, Samsung Electronics, was impacted by Lapsus$ ransomware. In the midst of this attack, a source code for the company was publicly leaked, which may lead to greater damage.

Romanian gas station chain and refinery, Rompetrol (KMG International), shut down its website and Fill&Go payment services at gas stations following a Hive ransomware attack.

If your company is experiencing a breach, call our Security Operations Centers at 833.997.7327 to speak directly with an engineer.