Hand holding a key

With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information.

However, last weekend, BleepingComputer tested a new decryptor for the Black Basta ransomware to show how it could be used to decrypt victims' files for free.

BleepingComputer learned that this method was used by disaster recovery and incident response firms for months until the ransomware operation fixed the encryption flaw in mid-December 2023.

The Black Basta data leak site is down now, but this appears to be caused by technical difficulties rather than a law enforcement operation, as the negotiation sites are still active.

In other news, Xerox confirmed one of its subsidiaries, Xerox Business Solutions (XBS), suffered a cyberattack.

The INC Ransomware operation, which claimed to be responsible for the attack, told BleepingComputer that they had much greater access to Xerox than is being disclosed. BleepingComputer has not been able to confirm if this is true independently.

We also learned this week that Australia's Court Services Victoria (CSV) suffered a ransomware attack, allowing the threat actors to view recordings of hearings, even potentially sensitive ones.

Finally, the source code and a builder for a new version of the Zeppelin Ransomware (Zeppelin2) was sold on a hacking forum, allegedly fixing an encryption bug that allowed law enforcement and incident responders to recover files for free.

This source code and a builder could allow cybercriminals to launch a ransomware-as-a-service operation, so this will be something to keep an eye on.

Contributors and those who provided new ransomware information and stories this week include: @billtoulas, @Seifreed, @LawrenceAbrams, @Ionut_Ilascu, @malwrhunterteam, @fwosar, @BleepinComputer, @serghei, @demonslay335, @Intel_by_KELA, @pcrisk, @BushidoToken, @BrettCallow, @emsisoft, @AlvieriD, and @srlabs

December 30th 2023

New Black Basta decryptor exploits ransomware flaw to recover files

Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free.

January 2nd 2024

Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data

The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers with a limited amount of personal information possibly exposed, according to a statement by the parent company, Xerox Corporation.

Victoria court recordings exposed in reported ransomware attack

Australia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack.

The State of Ransomware in the U.S.: Report and Statistics 2023

In 2023, the U.S. was once again battered by a barrage of financially-motivated ransomware attacks that denied Americans access to critical services, compromised their personal information, and probably killed some of them.

New Shuriken ransomware

PCrisk found a new ransomware that appends the .Shuriken and drops ransom note names READ-ME-SHURKEWIN.txt.

New Xorist variant

PCrisk found a new Xorist variant that appends the .BaN extension.

New Mallox ransomware variants

PCrisk found new Mallox ransomware variants that append the .cookieshelper and .karsovrop extensions and drops a ransom note named FILE RECOVERY.txt.

New Empire ransomware

PCrisk found a new ransomware variant that appends the .emp extension and drops a ransom note named HOW-TO-DECRYPT.txt.

January 4th 2024

Zeppelin ransomware source code sold for $500 on hacking forum

A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.

Russian hackers wiped thousands of systems in KyivStar attack

The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network.

That's it for this week! Hope everyone has a nice weekend!

Related Articles:

The Week in Ransomware - May 12th 2023 - New Gangs Emerge

Black Basta ransomware poses as IT support on Microsoft Teams to breach networks

New ShrinkLocker ransomware decryptor recovers BitLocker password

Attacks on Citrix NetScaler systems linked to ransomware actor

New Ymir ransomware partners with RustyStealer in attacks