Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Colossus Ransomware Hits Automotive Company in the U.S.

A new ransomware family called Colossus has snagged at least one victim in the United States as of last week, according to security researchers at ZeroFox.

Targeting Windows systems, the Colossus ransomware was used in an attack on an automotive group of dealerships based in the U.S., with its operators threatening to leak 200 GB of stolen data.

A new ransomware family called Colossus has snagged at least one victim in the United States as of last week, according to security researchers at ZeroFox.

Targeting Windows systems, the Colossus ransomware was used in an attack on an automotive group of dealerships based in the U.S., with its operators threatening to leak 200 GB of stolen data.

The cybercriminals, who were demanding $400,000 to be paid in exchange for the decryption key, have directed the victim to contact them via a “support page” on a custom domain.

ZeroFox’ security researchers note that the Colossus operators appear to be familiar with existing ransomware-as-a-service (RaaS) groups and might even be directly associated with one of them.

The operators registered the domain for the support portal on September 19, via Tucows, and are using dnspod as their DNS provider.

ZeroFox hasn’t observed dark web chatter related to a Colossus ransomware product or affiliate program, but that doesn’t mean that the operation isn’t associated with other ransomware-as-a-service (RaaS) groups.

In fact, the Colossus ransom note is similar to samples from EpsilonRed/BlackCocaine and REvil/Sodinokibi, suggesting the use of a similar builder. Furthermore, the cybercrime group also “follows a pattern of ransomware groups disappearing and reappearing with a rebranded name and similar toolsets,” the researchers note.

While a public Colossus-specific ransomware leak site doesn’t exist yet, one might emerge in the coming weeks, to leak data from a victim unwilling to pay the ransom.

Advertisement. Scroll to continue reading.

Related: Links Found Between MSHTML Zero-Day Attacks and Ransomware Operations

Related: CISA Adds Ransomware Module to Cyber Security Evaluation Tool

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.