BleepingComputer reports that the Conti ransomware gang has already taken over the TrickBot malware operation.
AdvIntel researchers noted that while TrickBot had the Ryuk ransomware group as its partner for achieving initial network access, only Conti has been given the malware's high-quality network access supply last year, when the stealthier BazarBackdoor had already been developed by TrickBot developers as a means to better evade detection.
However, Conti has effectively made TrickBot its subsidiary after it had hired its developers and managers by the end of 2021, enabling it to control the development of BazarBackdoor, which has now become its primary initial access tool, according to researchers.
"After being “acquired” by Conti, [TrickBot leaders] are now rich in prospects with secure ground beneath them, and Conti will always find a way to make use of the available talent," said AdvIntel. Researchers also noted that despite the takeover, TrickBot will continue its operations against high-value targets.
BleepingComputer reports that South Korean industrial, pharmaceutical, and healthcare firms leveraging Windows and VMware ESXi servers have been targeted by the novel GwisinLocker ransomware family in attacks occurring during the early morning hours of Korean public holidays.
Mailing vendor OneTouchPoint informed 30 health plans their patient data was accessed during a ransomware attack; now 326,278 Aetna members have been added to the tally. The incident leads this week’s healthcare data breach roundup.