1.) A cloud computing firm named ‘Trellance‘ recently fell victim to hackers spreading ransomware, causing disruptions and outages for approximately 60 credit unions in the United States. The National Credit Union Administration (NCUA), responsible for overseeing technology related to federal credit unions, confirmed the incident. NCUA assured the public that systems would be restored within the next few days. The impacted insurer’s union’s response to paying a ransom remains uncertain. However, reports suggest that the targeted technology provider, Trellance, has a robust business continuity plan in place, indicating a resistance to yielding to the cybercriminals’ demands. Interestingly, this cyber attack coincided with a file-encrypting malware assault on the water authority in Pennsylvania.
2.) The notorious BlackCat Ransomware gang, also known as ALPHV, has shared screenshots on the dark web showcasing stolen data from platforms such as Tipalti, Roblox, and Twitch. This revelation confirms the successful infiltration of data servers belonging to these companies. The cybercriminals, who breached the servers in September, managed to remain undetected for an extended period. Initial assessments suggest that the criminals exfiltrated a combined total of approximately 256 GB of data, including information about employees and customers from an accounting software firm, a gaming platform, and a video streaming service. ALPHV, known for employing phishing and other social engineering tactics, likely used similar methods to compromise the networks of Roblox, Tipalti, and Twitch.
3.) A recently identified ransomware group, named Qilin, has been discovered infecting VMware ESXi servers with encryptors. Security analysts believe that Qilin may have connections to the Babuk source code. According to the MalwareHunterTeam, the Linux ELF64 has the capability to infect virtual machines and swiftly erase snapshots after encryption. Sophos’ security analysts found that Qilin initially existed as ‘Agenda Ransomware’ before August 2022. For unknown reasons, the developers behind this malware rebranded it as Qilin and commenced its propagation in September of the same year.
