The Week in Ransomware – August 6th 2021
If there is one thing we learned this week, it’s that not only are corporations vulnerable to insider threats but so are ransomware operations.
The LockBit 2.0 ransomware is now trying to recruit corporate insiders to help them breach networks. In return, the insider is promised millions of dollars.
On the flip side, ransomware operations are vulnerable too.
Yesterday, after being banned from the Conti ransomware operation, a Conti affiliate leaked the training material for the ransomware operation on the XSS hacking forum, giving security researchers and defenders an inside look at the tools being used by the group.
This week’s other hot topic is the rise of a new ransomware operation called BlackMatter, which is believed to be a rebrand of the DarkSide ransomware operation.
Finally, this week, we have had large ransomware attacks against Italy’s Lazio region, energy group ERG, and leading motherboard maker Gigabyte.
Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @FourOctets, @PolarToffee, @fwosar, @VK_Intel, @malwareforme, @Ionut_Ilascu, @BleepinComputer, @demonslay335, @Seifreed, @serghei, @DanielGallagher, @struppigel, @jorntvdw, @malwrhunterteam, @ddd1ms, @RecordedFuture, @GroupIB_GIB, @pancak3lullz, @JakubKroustek, @PogoWasRight, @chum1ng0, @pcrisk, and @Amigo_A_.
July 31st 2021
BlackMatter ransomware gang rises from the ashes of DarkSide, REvil
?A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations.
DarkSide ransomware gang returns as new BlackMatter operation
Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities.
August 2nd 2021
New STOP ransomware variants
PCrisk iscovered new STOP ransomware variants that append the .nooa and .muuq extension.
August 3rd 2021
Ransomware attack hits Italy’s Lazio region, affects COVID-19 site
The Lazio region in Italy has suffered a reported ransomware attack that has disabled the…