The Week in Ransomware – May 13th 2022

Lock with an evil face

While ransomware attacks have slowed during Russia’s invasion of Ukraine and the subsequent sanctions, the malware threat continues to affect organizations worldwide.

This can be seen with Costa Rica declaring a national emergency after suffering a massive IT systems outage caused by a Conti Ransomware attack in April.

These outages are impacting public services, including requiring people to pay taxes at banks rather than online.

This declaration comes soon after the US government offered a $15 million reward for the location and identification of Conti ransomware members.

Secureworks also analyzed the new REvil ransomware samples, confirming previous reports that the ransomware gang has returned. With the threat actors having both the REvil source code and Tor private keys, it is clear that the operation has returned in some manner.

Other news this week includes a technical analysis of Black Basta with the Conti gang denying they are involved in the new operation.

Contributors and those who provided new ransomware information and stories this week include: @jorntvdw, @Ionut_Ilascu, @Seifreed, @billtoulas, @PolarToffee, @VK_Intel, @fwosar, @malwareforme, @malwrhunterteam, @DanielGallagher, @demonslay335, @BleepinComputer, @serghei, @LawrenceAbrams, @struppigel, @FourOctets, @TrendMicro, @kaspersky, @Secureworks, @BrettCallow, @bofheaded, @pcrisk, @ValeryMarchive, @kevincollier, @andrewselsky, @Amigo_A_, and @petrovic082.

May 7th 2022

US offers $15 million reward for info on Conti ransomware gang

The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang.

New Kekpop ransomware

Petrovic found a new ransomware that appends the .kekpop extension and drops a ransom note named ReadMe.html.

May 9th 2022

Costa Rica declares national emergency after Conti ransomware attacks

The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies.

REvil Development Adds Confidence About GOLD SOUTHFIELD Reemergence

Secureworks® Counter Threat Unit™ (CTU) researchers analyzed REvil…