The Week in Ransomware – August 6th 2021

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360

Encrypted data

If there is one thing we learned this week, it’s that not only are corporations vulnerable to insider threats but so are ransomware operations.

The LockBit 2.0 ransomware is now trying to recruit corporate insiders to help them breach networks. In return, the insider is promised millions of dollars.

On the flip side, ransomware operations are vulnerable too.

Yesterday, after being banned from the Conti ransomware operation, a Conti affiliate leaked the training material for the ransomware operation on the XSS hacking forum, giving security researchers and defenders an inside look at the tools being used by the group.

This week’s other hot topic is the rise of a new ransomware operation called BlackMatter, which is believed to be a rebrand of the DarkSide ransomware operation.

Finally, this week, we have had large ransomware attacks against Italy’s Lazio region, energy group ERG, and leading motherboard maker Gigabyte.

Contributors and those who provided new ransomware information and stories this week include: @LawrenceAbrams, @FourOctets, @PolarToffee, @fwosar, @VK_Intel, @malwareforme, @Ionut_Ilascu, @BleepinComputer, @demonslay335, @Seifreed, @serghei, @DanielGallagher, @struppigel, @jorntvdw, @malwrhunterteam, @ddd1ms, @RecordedFuture, @GroupIB_GIB, @pancak3lullz, @JakubKroustek, @PogoWasRight, @chum1ng0, @pcrisk, and @Amigo_A_.

July 31st 2021

BlackMatter ransomware gang rises from the ashes of DarkSide, REvil

?A new ransomware gang named BlackMatter is purchasing access to corporate networks while claiming to include the best features from the notorious and now-defunct REvil and DarkSide operations.

DarkSide ransomware gang returns as new BlackMatter operation

Encryption algorithms found in a decryptor show that the notorious DarkSide ransomware gang has rebranded as a new BlackMatter ransomware operation and is actively performing attacks on corporate entities.

August 2nd 2021

New STOP ransomware variants

PCrisk iscovered new STOP ransomware variants that append the .nooa and .muuq extension.

August 3rd 2021

Ransomware attack hits Italy’s Lazio region, affects COVID-19 site

The Lazio region in Italy has suffered a reported ransomware attack that has disabled the…