Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session

X

Last Week in Ransomware: Week of August 16th

IT Pros

Phishing attacks are one common vector used to gain access to a network for ransomware attacks and it seems there might be yet another way to hide these phishing attacks using old school Morse code. But Phishing should be your only security concern.

If you haven’t applied security patches in relation to the windows PrintNightmare vulnerability it’s well past time to do so. Most if not all major ransomware strains are now actively exploiting PrintNightmare.

In the past week, LockBit 2.0 has been incredibly active prompting the Australian government to issue warnings for Australian companies. A recent article on The Hacker News looks at why ransomware is becoming more prevalent and unsurprisingly concludes that it’s due to ease of use led by Ransomware as a Service (RaaS) and the profitability.

But not all gangs a driven purely by profit. New research suggests that Russian intelligence services including the FSB and SVR actively worked with ransomware gangs to target and compromise US organizations with a variant of Ryuk ransomware called Sidoh.

Recent reporting highlights yet again the fact that these ransomware gangs have little care about the aftermath of their attacks. Approximately half of US hospitals have disconnected their networks at some point in the past 6 months because of ransomware threats.

Over the weekend Last Week Tonight with John Oliver released an episode focused on ransomware. While the episode’s humor may not be appropriate for all corporate environments it certainly leaves the viewer with a memorable high-level overview of ransomware, how it works, mitigations, and the types of actions that are being taken against ransomware gangs.

And in this week’s edition of the ransomware name game, SynACK is in the process of rebranding to El_Cometa.  They even decided to release decryption keys for victims infected between 2017 and 2021 by the group under its old name.

In a great week for ransomware decryption, REvil’s decryption key was also leaked on hacking forums.

Ransomware Research

This week has also seen the release of several new Ransomeware variants that append the following with VirisTotal samples linked:

Upcoming Security Conferences

Fraud & Payments Security Summit (August 17-18)

This conference focuses on cybersecurity in regards to the financial sector focusing primarily on fishing email fraud inside a risk and new account fraud.

Blue Team Con (August 28-29)

This conference is focused on the blue team and features discussions on risk compliance, application security development, governance, and everything in between.

Michael Raymond

Michael Raymond

Michael Raymond is a security researcher and video producer for the Null Byte and SecurityFWD YouTube Channels.

 

Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.