Sergiu Gatlan reports: The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they’re shutting down the operation and plan to switch to cryptojacking. The ransomware’s developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform. Read more at BleepingComputer.
Category: Malware
Update on Plainedge School District ransomware attack
On June 15, DataBreaches reported that BlackCat threat actors had added Plainedge School District in New York to their dedicated leak site. At the time, BlackCat (aka ALPHV) only offered a few files as proof but warned more data would be leaked if they did not hear from the district. The threat actors subsequently dumped…
UK: Thousands of students have data leaked on dark web by Vice Society
Kevin O’Sullivan and Michael Powell report on attacks by the ransomware team known as Vice Society on U.K. schools. Student data was disclosed on Vice’s dedicated leak site after their victims refused to pay ransom demands. The Daily Mail report includes Vice’s attacks on five schools and a sixth-form college, including Pilton Community College, The…
Dutch Uni Gets Cyber Ransom Money Back… With Interest
AFP reports that because the value of BTC had increased dramatically, a ransomware victim wound up getting back a small fortune when they recovered the bitcoin they had paid. The southern Maastricht University in 2019 had paid 200,000 euros ($208,000) in bitcoins to attackers who had encrypted hundreds of Windows servers and backup systems. But the…
CISA Alert (AA22-181A): MedusaLocker
CISA Alert: (AA22-181A) #StopRansomware: MedusaLocker Summary Actions to take today to mitigate cyber threats from ransomware: • Prioritize remediating known exploited vulnerabilities. • Train users to recognize and report phishing attempts. • Enable and enforce multifactor authentication. Note: this joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders…
Walmart denies being hit by Yanluowang ransomware attack
Lawrence Abrams reports: American retailer Walmart has denied being hit with a ransomware attack by the Yanluowang gang after the hackers claimed to encrypt thousands of computers. In a statement to BleepingComputer, Walmart has said that their “Information Security team is monitoring our systems 24/7,” and believe the claims to be inaccurate. Read more at…