BleepingComputer reports that organizations around the world are being targeted by expanded ARCrypter ransomware attacks, which originally compromised government agencies in Latin America.
Following attacks against a Chile-based government agency and the Colombia National Food and Drug Surveillance Institute, ARCrypter has since impacted entities in the U.S., Canada, Germany, France, and China, according to a BlackBerry report.
Despite uncertainties regarding the ransomware's attack vector, BlackBerry researchers discovered that ARCrypter ransomware attacks involved two AnonFiles URLs to facilitate the retrieval of the win.zip archive with an executable that has the BIN and HTML resources, which have encrypted data and ransom note details, respectively.
"While we were unable to identify the correct decryption key used for decryption of the BIN resource, we believe with a high degree of certainty that the second payload is the ARCrypter ransomware," BlackBerry said.
ARCrypter has been discovered to seek ransoms of varying amounts, with the lowest being $5,000.
BleepingComputer reports that multinational building automation conglomerate Johnson Controls had its operations, as well as those of its subsidiaries, disrupted by a significant ransomware attack claimed by the Dark Angels ransomware operation over the weekend that compromised its VMware ESXi servers and various other devices.
The Philippine Health Insurance Corporation, which manages the country's universal healthcare system, had its websites and portals disrupted by a Medusa ransomware attack last week, from which it is struggling to recover, reports The Record, a news site by cybersecurity firm Recorded Future.
Japanese multinational conglomerate Sony has begun an investigation into an alleged cyberattack, which was reported to have resulted in the exposure of 3.14 GB of data in hacking forums, amid the emergence of different attackers claiming to be behind the hack, according to BleepingComputer.