kras99 - stock.adobe.com
News brief: KillSec, Yurei score successful ransomware attacks
Check out the latest security news from the Informa TechTarget team.
Ransomware gangs and strains come and go, and some reemerge stronger than ever.
Take the BlackCat ransomware gang, for example. It shuttered operations in March 2024 following an exit scam. Or LockBit, a ransomware gang that revived itself days after law enforcement took the group down.
Then there are variants that just won't stop -- building off their predecessors with stronger, more resilient attack techniques. Also using LockBit as an example, it first emerged in 2019 and has just recently evolved into LockBit 5.0, "boasting faster encryption, stronger evasion and a revamped affiliate program."
This week's featured articles cover an old and a new ransomware group, as well as the reemergence of Petya in a potential new strain.
KillSec ransomware attacks Brazilian healthcare provider
On Sept. 8, the KillSec ransomware group attacked MedicSolution, a Brazilian healthcare software provider. It threatened to leak 34 GB of sensitive data, including more than 94,000 files containing lab results, X-rays and patient records.
The breach originated from insecure AWS S3 buckets, with the window of exposure potentially going back several months. MedicSolution provides cloud services to numerous medical practices, putting healthcare organizations at risk. Affected patients have not been notified that their data was compromised.
Yurei ransomware group scored its first victim
On Sept. 5, newcomer ransomware group Yurei claimed its first double-extortion attack victim in MidCity Marketing, a food manufacturing company in Sri Lanka. Days later, additional victims were reported in India and Nigeria.
The likely Moroccan-based operators used a modified version of open source Prince-Ransomware -- written in Go, which makes it harder to detect -- to conduct the attacks. Using open source malware "significantly lowers the barrier to entry for cybercriminals," cybersecurity vendor Check Point Software researchers wrote in a blog post.
The same researchers also discovered a critical flaw that could enable victims to recover their stolen and encrypted data.
Read the full story by Elizabeth Montalbano on Dark Reading.
New malware HybridPetya threatens Secure Boot
Researchers at cybersecurity vendor ESET have discovered HybridPetya, a sophisticated malware that combines NotPetya's destructive capabilities with Petya's recoverable encryption.
Though not yet deployed in the wild, it represents the fourth known malware capable of bypassing UEFI Secure Boot protections. HybridPetya can deploy malicious UEFI payloads directly to the EFI System Partition and encrypt the Master File Table, rendering systems inaccessible.
Unlike NotPetya, HybridPetya enables operators to reconstruct decryption keys. This persistent threat remains even after OS reinstallation or wiping the hard drive.
Read the full story by Jai Vijayan on Dark Reading.
Editor's note: An editor used AI tools to aid in the generation of this news brief. Our expert editors always review and edit content before publishing.
Kyle Johnson is technology editor for Informa TechTarget's SearchSecurity site.
