Phishing attacks are one common vector used to gain access to a network for ransomware attacks and it seems there might be yet another way to hide these phishing attacks using old school Morse code. But Phishing should be your only security concern.
If you haven’t applied security patches in relation to the windows PrintNightmare vulnerability it’s well past time to do so. Most if not all major ransomware strains are now actively exploiting PrintNightmare.
In the past week, LockBit 2.0 has been incredibly active prompting the Australian government to issue warnings for Australian companies. A recent article on The Hacker News looks at why ransomware is becoming more prevalent and unsurprisingly concludes that it’s due to ease of use led by Ransomware as a Service (RaaS) and the profitability.
But not all gangs a driven purely by profit. New research suggests that Russian intelligence services including the FSB and SVR actively worked with ransomware gangs to target and compromise US organizations with a variant of Ryuk ransomware called Sidoh.
Recent reporting highlights yet again the fact that these ransomware gangs have little care about the aftermath of their attacks. Approximately half of US hospitals have disconnected their networks at some point in the past 6 months because of ransomware threats.
Over the weekend Last Week Tonight with John Oliver released an episode focused on ransomware. While the episode’s humor may not be appropriate for all corporate environments it certainly leaves the viewer with a memorable high-level overview of ransomware, how it works, mitigations, and the types of actions that are being taken against ransomware gangs.
And in this week’s edition of the ransomware name game, SynACK is in the process of rebranding to El_Cometa. They even decided to release decryption keys for victims infected between 2017 and 2021 by the group under its old name.
In a great week for ransomware decryption, REvil’s decryption key was also leaked on hacking forums.
Ransomware Research
This week has also seen the release of several new Ransomeware variants that append the following with VirisTotal samples linked:
Upcoming Security Conferences
Fraud & Payments Security Summit (August 17-18)
This conference focuses on cybersecurity in regards to the financial sector focusing primarily on fishing email fraud inside a risk and new account fraud.
This conference is focused on the blue team and features discussions on risk compliance, application security development, governance, and everything in between.
What you should do now
Below are three ways we can help you begin your journey to reducing data risk at your company:
- Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
- Download our free report and learn the risks associated with SaaS data exposure.
- Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.
Michael Raymond
Michael Raymond is a security researcher and video producer for the Null Byte and SecurityFWD YouTube Channels.
