Weekly Ransomware Review (September 24 – September 30)
Weekly Ransomware Review (September 24 – September 30)

Let’s take a look at a brief overview of ransomware attacks from the past week. In the spotlight: National Student Clearinghouse (NSC), The Better Outcomes Registry & Network (BORN), Megazord, Akira, Rust, Stop Ransomware, Phobos, Night Crow, ShadowSyndicate, OpenFire, XMPP, Java, Johnson Controls, VMware ESXi, FBI.

The American non-profit educational organization, National Student Clearinghouse (NSC), has reported a data breach affecting nearly 900 educational institutions in the United States. This data compromise resulted from a ransomware attack on the agency’s internal IT infrastructure.

In another alarming incident, a significant data leak occurred from the registry of Canadian minors managed by The Better Outcomes Registry & Network (BORN). It is estimated that this breach impacted approximately 3.4 million individuals.

Cybersecurity experts have identified a new strain of ransomware named Megazord. This malware is a variant of the well-known ransomware Akira, previously employed by several prominent hacker groups. Intriguingly, this new malicious software is entirely written in the Rust programming language.

Cybersecurity specialists have disclosed the discovery of new versions of ransomware programs, including Stop Ransomware, Phobos, and Night Crow.

Leading cybersecurity firms have detected the IT infrastructure belonging to the ransomware hacker group, ShadowSyndicate. It’s assumed that the malevolent members of this group have deployed over seven distinct ransomware families during their last year of operations.

Hackers from several major factions have initiated extensive exploitation of the OpenFire vulnerability for server encryption. OpenFire is a widely-adopted, open-source chat server (XMPP) based on Java, boasting 9 million downloads and commonly used for secure cross-platform chatting.

Johnson Controls, a company specializing in building automation, encountered a severe ransomware attack. As a consequence of this onslaught, numerous devices of the company, including VMware ESXi servers, were encrypted, gravely affecting both the company and its subsidiaries.

The FBI has expressed concerns over the startling trend of many US companies facing ransomware attacks twice or more within 48 hours of an initial breach.