Cyber Weekly Digest - Week #43


This week in cyber security is another filled with ransomware stories, including an attack on a Halloween sweets manufacturer and the latest rebrand of Evil Corp. Keep reading to stay up to date on all the latest cyber security stories from across the world.

1. Ransomware attack hits US Halloween candy manufacturer.

Chicago-based candy manufacturer Ferrara confirms it suffered a ransomware attack on October 9th, which encrypted some of its systems. The manufacturer is known for some of the US’s most popular Halloween candy, Candy-Corn. Although some were worried that orders might not be fulfilled in time for Halloween, Ferrara confirmed most orders were fulfilled in August, so supply will not be affected despite the attack. Although few details have been released about the attack, researchers believe the culprit is the BlackMatter ransomware group.

2. Acer was hacked by the same threat actor twice in one week.

Acer has suffered a second cyber attack in just one week by the same threat actors. Threat actors known as Desorden claimed an attack on Acer’s Indian servers and stole customer data. Desorden then reached out to journalists claiming they had breached Acer’s Taiwan servers, stealing employee data. The threat group stated that they performed the second attack to prove that Acer is still vulnerable. Desorden has a history of performing corporate breaches and leaking data if a ransom is not paid.

3. REvil ransomware shuts down again after Tor sites were hijacked.

The REvil ransomware operation has shut down once again after an unknown attacker hijacked their Tor payment portal and data leak blog. The Tor site went offline earlier this week in which a threat actor affiliated with REvil shared on the XSS hacking forum that their domains had been hijacked. REvil stated that they found no signs of compromise to their servers but will be shutting down their operation.


4. Youtube accounts are being hijacked with cookie-stealing malware.

Google’s threat analyst group has said YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors. The threat actors used social engineering and phishing emails to infect YouTube creators with information-stealing malware. Once delivered on the targets’ systems, the malware was used to steal their credentials and browser cookies, allowing the attackers to hijack the victims’ accounts in pass-the-cookie attacks.


5. Evil Corp has launched a new ransomware called Macaw Locker.

The Evil Corp hacking group, also known as Indrik Spider and the Dridex gang, has launched a new ransomware called Macaw Locker to evade US sanctions that prevent victims from making ransom payments. Recent attacks on Sinclair Broadcast Group and Olympus were discovered to be conducted by new ransomware named Macaw Locker. From code analysis, researchers found Macaw Locker was the latest rebrand on Evil Corp.