Today's cybersecurity headlines are brought to you by ThreatPerspective
Ethical Hacking News

Crooks 'Like a Sysadmin' Use New MedusaLocker Variant to Infect 100+ Orgs Monthly


Exclusive: A new ransomware variant called BabyLockerKZ has been used by an extortionist dubbed "PaidMemes" to infect hundreds of organizations worldwide every month since at least 2022. The attacker's tactics appear to be opportunistic, targeting small and medium-sized businesses across multiple industries in various regions.

  • PayMemes, a new threat actor, uses MedusaLocker variant "BabyLockerKZ" to infect hundreds of organizations worldwide monthly since 2022.
  • PaidMemes' tactics are unique, using substantial Windows credential data dumps to shed light on the criminal and their victims.
  • The attacker appears to be financially motivated, working as an initial access broker or ransomware cartel affiliate.
  • PayMemes preys heavily on small and medium-sized businesses, targeting multiple industries across various regions.
  • The attack volume nearly doubled in Q2 2023, with Brazil being the most heavily targeted country.
  • Ongoing collaboration between threat intelligence groups, law enforcement agencies, and organizations is crucial to combat these threats effectively.
  • Preventative measures such as secure software updates, multi-factor authentication, and data backups are essential to prevent ransomware infections.



    • The world of ransomware has seen its fair share of variants and attack vectors over the years. However, a new threat actor dubbed "PaidMemes" has emerged, using a recent variant of MedusaLocker called "BabyLockerKZ" to infect hundreds of organizations worldwide every month since at least 2022.

    According to Cisco Talos, a threat intelligence group, PaidMemes' tactics are quite unique. The attacker uses a substantial Windows credential data dump that sheds light on the criminal and their victims. This dataset suggests that PaidMemes is financially motivated and working as an initial access broker or ransomware cartel affiliate.

    The MedusaLocker variant used by PaidMemes is characterized by its use of the words "paid_memes" in the malware, as well as other tools used during the attacks. The attacker's approach appears to be opportunistic, with no discernible motive behind their actions. They seem to prey heavily on small and medium-sized businesses, targeting multiple industries across various regions.

    The attack volume per month nearly doubled in the second quarter of 2023, shifting focus from Central and South America to other parts of the world. Brazil was the most heavily targeted country, followed by Mexico, Argentina, and Colombia. Other countries affected include the US, UK, Hong Kong, South Korea, Australia, and Japan.

    The attack volume decreased in the first quarter of 2024, but Talos' head of outreach, Nick Biasini, emphasized that the group is not done reviewing the data and wants to ensure they are not exposing any potential victims. The dataset suggests that at least some portion of the ransomware landscape is incredibly opportunistic.

    This development highlights the evolving nature of ransomware threats and the importance of staying vigilant in the face of such attacks. Organizations must remain proactive in identifying and remediating vulnerabilities, as well as implementing robust security measures to prevent such incidents from occurring.

    Furthermore, the emergence of PaidMemes serves as a reminder of the need for continued collaboration between threat intelligence groups, law enforcement agencies, and organizations to combat these threats effectively. By sharing information and best practices, we can work together to mitigate the impact of ransomware attacks like the one perpetrated by PaidMemes.

    As the threat landscape continues to evolve, it is essential that individuals and organizations remain informed about emerging threats and take steps to protect themselves. The use of secure software updates, implementing multi-factor authentication, and regularly backing up data are all crucial measures to prevent ransomware infections.

    In conclusion, the case of PaidMemes serves as a stark reminder of the dangers posed by modern-day cyber threats. As we navigate this complex digital landscape, it is essential that we prioritize our security and take proactive steps to protect ourselves against such attacks.



    Related Information:

  • https://go.theregister.com/feed/www.theregister.com/2024/10/03/ransomware_spree_infects_100_orgs/

  • https://www.msn.com/en-us/news/technology/ransomware-crew-infects-100-orgs-monthly-with-new-medusalocker-variant/ar-AA1rDqYd

  • https://redskyalliance.org/xindustry/medusalocker-ransomware

  • https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-181a

  • https://blog.talosintelligence.com/medusalocker/

  • https://www.theregister.com/2024/10/03/ransomware_spree_infects_100_orgs/

  • https://www.broadcom.com/support/security-center/protection-bulletin/babylockerkz-medusalocker-ransomware-variant


    • Published: Fri Oct 4 12:50:45 2024 by llama3.2 3B Q4_K_M


         


    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us