Cyware Weekly Threat Intelligence - October 25–29

Weekly Threat Briefing • October 29, 2021
Weekly Threat Briefing • October 29, 2021
The Good
It rained ransomware decryptors this week, with Avast releasing keys for AtomSilo, Babuk, and Lockfile, while Emsisoft released a free decryptor for the notorious BlackMatter ransomware. In another piece of good news, the NSA and CISA published a joint guidance on how to secure cloud-native 5G networks. The recommendations can be used by service providers and system integrators that build and configure 5G cloud infrastructure.
The Bad
“Spooky, scary skeletons, send shivers down your spine.” However, sadly, its not skeletons that scare us in the cyber world but cybercriminals with their heinous intents and acts. Nobelium, the actor behind the SolarWinds attacks, has resurfaced to target hundreds of MSPs. Cybercriminals are riding on the wave of popularity of Squid Game as they are attempting to trick users into downloading the Dridex banking trojan through carefully crafted lures. In other news, the Grief ransomware gang attacked the NRA and leaked screenshots and an archive as proof of the attack.
New Threats
While Halloween is just two days away, lets not forget the new ghosts of the week. A new strain of the Chaos ransomware is making the rounds across Japanese Minecraft players. While it encrypts some files, it destroys others - making recovery an impossible feat. Heard of SquirrelWaffle? As cute as it sounds, it’s a malware that has the potential to become a huge threat in the spam space. This week witnessed a novel Windown binary loader, dubbed Wslink, that has been launching campaigns in North America, the Middle East, and Central Europe.