DarkSide and REvil might not be as done as we originally imagined, the new BlackMatter group has emerged claiming to be their successor. And it’s not all just words, they’ve developed a Linux version of their ransomware designed to Target VMWare’s ESXi VM platform.
The BlackMatter/DarkSide name change isn’t completely surprising or even uncommon. Many of these ransomware gangs fade into the background noise of the weekly News after major attacks then rebrand themselves and continue operations sometime later. In fact, Krebs on Security published an article this week about the name game distraction. The article looks at why we shouldn’t get hyper-focused on group names but instead focus on the handful of cybercriminals who are developing ransomware programs and actually arresting them.
The other major topic of news this week is a renewed focus on insider threats. LockBit 2.0 is trying to recruit insiders to help them breach corporate networks and then offering millions of dollars as payment. But this week shows corporations aren’t the only ones that should worry about insider threats or disgruntled employees. A member of the Conti ransomware gang got a little upset when they were banned and decided to leak tools and training material which is turned into a treasure trove of information for security researchers trying to understand how these groups operate.
In sad yet unsurprising news Q2 of 2021 saw the highest volume of ransomware attacks ever with the top three strains being Ryuk, Cerber, and SamSam. This uptick in attacks has also started a sort of arms race with more and more ransomware gangs seeking to target managed services providers or MSPs due to the aftermath of the REvil attack.
For those keeping track of ransomware politics, new details have emerged on why the White House backed down from banning ransomware payments.
And Stop/Djvu appending .repg.
Upcoming Security Conferences
Crypto not to be confused with cryptocurrency is a cryptologic research conference.
Fraud & Payments Security Summit (August 17-18)
This conference focuses on cybersecurity in regards to the financial sector focusing primarily on fishing email fraud inside a risk and new account fraud.
This conference is focused on the blue team and features discussions on risk compliance, application security development, governance, and everything in between.
We've been keeping the world's most valuable data out of enemy hands since 2005 with our market-leading data security platform.How it works
Michael Raymond is a security researcher and video producer for the Null Byte and SecurityFWD YouTube Channels.