BleepingComputer reports that Windows systems are being encrypted by Iranian state-backed hacking group DEV-0270, also known as Nemesis Kitten, in new attacks exploiting the BitLocker data protection feature.
"DEV-0270 has been seen using setup.bat commands to enable BitLocker encryption, which leads to the hosts becoming inoperable. For workstations, the group uses DiskCryptor, an open-source full disk encryption system for Windows that allows for the encryption of a device's entire hard drive," warned Microsoft Security Threat Intelligence.
Microsoft said that DEV-0270 had time to ransom of nearly two days and demanded $8,000 in ransom for decryption keys. The report also showed that DEV-0270 serves as a subgroup of Iranian state-sponsored threat operation Phosphorus, also known as APT35 and Charming Kitten, which is operated by Iranian firm Secnerd, also known as Lifeweb, which is associated with Najee Technology Hooshmand.
"The group is typically opportunistic in its targeting: the actor scans the internet to find vulnerable servers and devices, making organizations with vulnerable and discoverable servers and devices susceptible to these attacks," said Microsoft.
Officials at the City of Augusta, Georgia, have been noted by Mayor Garnett Johnson to have not communicated with the BlackByte ransomware operation that took credit for a cyberattack against the city that commenced on May 21, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks exploiting a zero-day in the MOVEit Transfer file transfer app to compromise various servers and facilitate data exfiltration efforts have been admitted by the Clop ransomware operation, also known as Lace Tempest, TA505, and FIN11, after the intrusions have been attributed to the group by Microsoft, reports BleepingComputer.
University of Waterloo in Canada has disclosed that its on-campus Microsoft Exchange servers have been impacted by an averted ransomware attack on May 30, according to The Record, a news site by cybersecurity firm Recorded Future.