Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

Last Week in Ransomware: Week of August 2nd

IT Pros

You may have trained employees about phishing emails but are they properly trained about phony call centers? According to the Microsoft security blog, the BazaCall campaign seems to be more dangerous than first believed. Users are tricked into phoning the call center which then prompts them to download the BazaLoader malware. The loader gives hackers remote control of the user system that allows for fast Network compromise and ransomware execution.

In the ever-evolving world of hacker and ransomware names, DoppelPaymer rebranded to Grief because God forbid one of these groups picks a normal-sounding name that doesn’t change every other week. And, just so you have two more names to keep track of two new ransomware gangs that have emerged, Haron and BlackMatter, both of which operate on the ransomware-as-a-service model.

In a move that shows even criminals are trying to automate their jobs away, LockBit 2.0 is using active directory group policies to deploy their ransomware via Windows domains.

When it’s executed on a domain controller the ransomware disables native Microsoft protections such as defender, alerts, and stops sending samples to Microsoft. Then it replaces them with new group policies that schedule the ransomware executable on individual devices.

For those that enjoy blackhat hackers having a hard time, Lawrence Abrams did some reporting on the Babuk gang and their inner strife which led to a split and the creation of a new forum.

And Finally to end on a positive note, the public-private partnership No More Ransom is celebrating its 5th anniversary this past week. And there’s a lot to celebrate! The online portal has enabled over 6 million ransomware victims to recover their files with €1 Billion in Ransom avoided thanks to their decryptors.

Ransomware Research

This past week also gave us a FancyLocker, a variant of JCrypt appearing.FancyLeaks

and the ever prevalent Stop/Djvu ransomware also came out with four new variants which extensions of  .guer .muuq .nooa .aeur.

Prometheus ransomware now has a decryptor.

Upcoming Security Conferences

BLACK HAT USA 2021 (July 31 – Aug 5)

Black hat is one of the largest annual security conferences. It’s the corporate version of Defcon and as such is a great opportunity to get face time with security professionals such as the Varonis team. Be sure to stop by our booth!

Blue Team Con (August 28-29)

This conference is focused on the blue team and features discussions on risk compliance, application security development, governance, and everything in between.

Michael Raymond

Michael Raymond

Michael Raymond is a security researcher and video producer for the Null Byte and SecurityFWD YouTube Channels.

 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.