DarkSide and REvil might not be as done as we originally imagined, the new BlackMatter group has emerged claiming to be their successor. And it’s not all just words, they’ve developed a Linux version of their ransomware designed to Target VMWare’s ESXi VM platform.
The BlackMatter/DarkSide name change isn’t completely surprising or even uncommon. Many of these ransomware gangs fade into the background noise of the weekly News after major attacks then rebrand themselves and continue operations sometime later. In fact, Krebs on Security published an article this week about the name game distraction. The article looks at why we shouldn’t get hyper-focused on group names but instead focus on the handful of cybercriminals who are developing ransomware programs and actually arresting them.
The other major topic of news this week is a renewed focus on insider threats. LockBit 2.0 is trying to recruit insiders to help them breach corporate networks and then offering millions of dollars as payment. But this week shows corporations aren’t the only ones that should worry about insider threats or disgruntled employees. A member of the Conti ransomware gang got a little upset when they were banned and decided to leak tools and training material which is turned into a treasure trove of information for security researchers trying to understand how these groups operate.
In sad yet unsurprising news Q2 of 2021 saw the highest volume of ransomware attacks ever with the top three strains being Ryuk, Cerber, and SamSam. This uptick in attacks has also started a sort of arms race with more and more ransomware gangs seeking to target managed services providers or MSPs due to the aftermath of the REvil attack.
For those keeping track of ransomware politics, new details have emerged on why the White House backed down from banning ransomware payments.
Ransomware Research
This week has also seen the release of several new variants of common ransomware strains including Dharma/Crysis with variants appending. GanP .JRB .CLEAN, Phobos appending.WIN,
And Stop/Djvu appending .repg.
There has also been the appearance of two new ransomware strains, Divinity Ransomware appending .divinity and Salma Ransomware appending .salma.
Upcoming Security Conferences
Crypto not to be confused with cryptocurrency is a cryptologic research conference.
Fraud & Payments Security Summit (August 17-18)
This conference focuses on cybersecurity in regards to the financial sector focusing primarily on fishing email fraud inside a risk and new account fraud.
This conference is focused on the blue team and features discussions on risk compliance, application security development, governance, and everything in between.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Michael Raymond
Michael Raymond is a security researcher and video producer for the Null Byte and SecurityFWD YouTube Channels.
