REvil-based LV Ransomware Reemerged Claiming a Victim in Jordan

Diving into details

• In an incident, LV Ransomware compromised the corporate environment of a Jordan-based organization.
• It exploited the Microsoft flaws—ProxyShell and ProxyLogon—vulnerabilities and dropped a webshell in the public access folders.
• While the threat actors didn’t add capabilities to their ransomware, they expanded affiliate programs. 
• The attackers, furthermore, leveraged double extortion to blackmail the victims.

About the targets

• Data from Trend Micro suggests that Europe had the highest breach alerts, followed by North America and Asia.
• The most reported incidents caused by ransomware payload belong to the U.S. and Saudi Arabia.
• While the group targets every industry vertical, the manufacturing and technology sectors have been the most affected.

Some worrisome ransomware news

• Lockbit has emerged as the most active global threat as it accounted for the most number of victims (231) in a quarter. 
• Researchers observed a 674% rise in DeadBolt ransomware attacks between June and September. It has been targeting QNAP NAS devices and extorting ransom from the victims and the vendor.
• In its latest campaign, the Magniber ransomware was found targeting Windows home users, focusing on Windows 10 and 11.

The bottom line