Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot. Learn more

Last Week in Ransomware: Week of August 9th

This week saw the rise of a new ransomware group called BlackMatter and demonstrated even ransomware groups should worry about disgruntled employees.
Michael Raymond
1 min read
Last updated January 17, 2023

DarkSide and REvil might not be as done as we originally imagined, the new BlackMatter group has emerged claiming to be their successor. And it’s not all just words, they’ve developed a Linux version of their ransomware designed to Target VMWare’s ESXi VM platform.

The BlackMatter/DarkSide name change isn’t completely surprising or even uncommon. Many of these ransomware gangs fade into the background noise of the weekly News after major attacks then rebrand themselves and continue operations sometime later. In fact, Krebs on Security published an article this week about the name game distraction. The article looks at why we shouldn’t get hyper-focused on group names but instead focus on the handful of cybercriminals who are developing ransomware programs and actually arresting them.

The other major topic of news this week is a renewed focus on insider threats. LockBit 2.0 is trying to recruit insiders to help them breach corporate networks and then offering millions of dollars as payment. But this week shows corporations aren’t the only ones that should worry about insider threats or disgruntled employees. A member of the Conti ransomware gang got a little upset when they were banned and decided to leak tools and training material which is turned into a treasure trove of information for security researchers trying to understand how these groups operate.

In sad yet unsurprising news Q2 of 2021 saw the highest volume of ransomware attacks ever with the top three strains being Ryuk, Cerber, and SamSam. This uptick in attacks has also started a sort of arms race with more and more ransomware gangs seeking to target managed services providers or MSPs due to the aftermath of the REvil attack.

For those keeping track of ransomware politics, new details have emerged on why the White House backed down from banning ransomware payments.

Ransomware Research

This week has also seen the release of several new variants of common ransomware strains including Dharma/Crysis with variants appending. GanP .JRB .CLEAN, Phobos appending.WIN,

And Stop/Djvu appending .repg.

There has also been the appearance of two new ransomware strains, Divinity Ransomware appending .divinity and Salma Ransomware appending .salma.

Upcoming Security Conferences

Crypto 2021 (August 16-20)

Crypto not to be confused with cryptocurrency is a cryptologic research conference.

Fraud & Payments Security Summit (August 17-18)

This conference focuses on cybersecurity in regards to the financial sector focusing primarily on fishing email fraud inside a risk and new account fraud.

Blue Team Con (August 28-29)

This conference is focused on the blue team and features discussions on risk compliance, application security development, governance, and everything in between.

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:


Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.


See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.


Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

Last Week in Ransomware: Week of July 5th
Ransomware in the News Before we get to the major ransomware attack that occurred over the holiday weekend, let’s take a look at some of the other stories from the...
Last Week in Ransomware: Week of August 16th
This week was a win with REvil and SynACK decryption keys being released, but also saw a rise in PrintNightmare use by ransomware gangs.
Last Week in Ransomware: Week of July 19th
This past week hasn't seen quite as much activity as others, likely due to the new ransomware task force created in the US and the mysterious disappearance of REvil and other gangs.
Last Week in Ransomware: Week of July 26th
This week REvil Ransomware had a universal decryption key appear out of thin air and the US has accused China of ProxyLogon.