The Week in Ransomware – February 11th 2022

/in


Decryptor

We saw the Maze ransomware developers reemerge briefly this week as they shared the master decryption keys for the Egregor, Maze, and Sekhmet ransomware operations.

After the Maze ransomware operation began shutting down in October 2020, it was always hoped that they would publicly release decryption keys to allow remaining victims to recover their files.

Tuesday night, almost fourteen months later, the alleged ransomware developer released the decryption keys in a BleepingComputer forum post.

While the developer says they had always planned to publish the keys, it is generally believed that they did it now as a gesture of goodwill due to the recent arrests and server seizures.

Using these keys, cybersecurity firm Emsisoft created a decryptor allowing victims to recover their files for free.

The other big news is the sentencing of a Netwalker ransomware affiliate from Canada, who obtained more than $27.6 million by attacking companies worldwide. After pleading guilty, the affiliate was sentenced to six years and eight months in prison.

This week’s other interesting ransomware news includes publishing LockBit 2.0 ransomware technical details by the FBI, a free decryptor for the TargetCompany ransomware, and Puma announcing a data breach due to the Kronos ransomware attack.

Contributors and those who provided new ransomware information and stories this week include: @Seifreed, @billtoulas, @malwareforme, @VK_Intel, @BleepinComputer, @FourOctets, @DanielGallagher, @serghei, @malwrhunterteam, @jorntvdw, @fwosar, @Ionut_Ilascu, @PolarToffee, @LawrenceAbrams, @demonslay335, @struppigel, @chainalysis, @emsisoft, @Avast, @LadislavZezula, @coveware, @ddd1ms, @BrettCallow, @pcrisk, @USCERT_gov, and @CISAgov.

February 5th 2022

BlackCat (ALPHV) ransomware linked to BlackMatter, DarkSide gangs

The Black Cat ransomware gang, also known as ALPHV, has confirmed they are former members of the notorious BlackMatter/DarkSide ransomware operation.

FBI shares Lockbit ransomware technical details, defense tips

The Federal Bureau of Investigation (FBI) has released technical details and indicators of compromise associated with LockBit ransomware attacks in a new flash alert published this…

Source…