Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

Last Week in Ransomware: Week of July 19th

This past week hasn't seen quite as much activity as others, likely due to the new ransomware task force created in the US and the mysterious disappearance of REvil and other gangs.
Michael Raymond
2 min read
Published July 19, 2021
Last updated January 17, 2023

This past week hasn’t seen quite as much activity as others, likely due to the new ransomware task force created in the US and the mysterious disappearance of REvil and other gangs.

The REvil ransomware gang’s online presence experienced a thorough overnight takedown, this included clearnet as well as darknet websites. It’s currently unclear who’s responsible but with how orderly it was there are two distinct possibilities. First that some nation-state such as a US agency or Russian agency took them out, or the group themselves decided that there was too much attention on their attack and scuttled their own ship. While the group’s “unknown” representative didn’t make an announcement this latter option seems the most likely. Odds are they’ll keep their heads down for a while developing new attacks then rebrand the group in a few months.

But everything’s not sunshine and rainbows for some victims of the REvil ransomware attack. When the sites went down they also took down any chance of decrypting your files. This left at least one victim struggling to decrypt. It’s also an important reminder to make sure to patch vulnerabilities before someone else comes along and tries to emulate what REvil was able to achieve.

Why would REvil scrap their own websites? Well in a slightly surprising move the US government took definitive actions against ransomware groups. First, they launched a task force to combat cybersecurity threats and primarily track down cryptocurrency transactions in the blockchain. The only time I’ll be able to tell how much they’re able to actually achieve playing mostly a reactionary role. Second, the US is offering a $10 Million Ransom for operations conducted by foreign governments. The casual observer might think the $10 million Ransom is aimed squarely at Russia and while that might be the case, it also seems that China wants in on the game as well. And lastly, the US published a ransomware website to inform the public and companies how best to protect themselves.

Not to be left out, Interpol also urged police worldwide to work together against the ransomware pandemic.

In similar but unrelated news Sodinokibi Websites and Infrastructure are Mysteriously Offline.

Additionally, SonicWall warns of ‘critical’ ransomware risk to EOL SMA 100 VPN appliances

And to round out the news for the week, in a surprise to no one, a recent survey found that 25% of ransomware attacks started through Phishing.

Ransomware Research

VMware ESXi isn’t quite as safe as it used to be, a new version of the HelloKitty ransomware has been discovered targeting Linux virtual machines.

There’s also a brand new report out on Mespinoza ransomware. Along with a new group called AvosLocker who may or may not be related to DoppelPaymer.

And in this week’s round of new ransomware variants, we have a few contestants:

Phobos is now using .LOWPRICE

Stop Djvu is using .wwka and .gujd

New Dharma is using .OFF .pause .PcS

Upcoming Security Conferences

Ransomware Live 2021 ( July 29 – 31)

This is the largest conference focused exclusively on the ransomware threat. It offers a great opportunity to grow your security knowledge and find new and innovative ways to protect your company.

BLACK HAT USA 2021 (July 31 – Aug 5)

Black hat is one of the largest annual security conferences. It’s the corporate version of Defcon and as such is a great opportunity to get face time with security professionals such as the Varonis team. Be sure to stop by our booth!

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

last-week-in-ransomware:-week-of-july-5th
Last Week in Ransomware: Week of July 5th
Ransomware in the News Before we get to the major ransomware attack that occurred over the holiday weekend, let’s take a look at some of the other stories from the...
last-week-in-microsoft-teams:-week-of-october-19th
Last Week in Microsoft Teams: Week of October 19th
This week’s review covers how working remotely has affected workers, the adverse effects of short deletion policies, and AI-noise suppression in meetings.
last-week-in-ransomware:-week-of-july-26th
Last Week in Ransomware: Week of July 26th
This week REvil Ransomware had a universal decryption key appear out of thin air and the US has accused China of ProxyLogon.
last-week-in-ransomware:-week-of-august-16th
Last Week in Ransomware: Week of August 16th
This week was a win with REvil and SynACK decryption keys being released, but also saw a rise in PrintNightmare use by ransomware gangs.