Home Internet Security The Week in Ransomware – July 30th 2021

The Week in Ransomware – July 30th 2021



Ransomware continues to be lively this week, with new risk actors releasing new options, No Extra Ransom turning 5, and a veteran group rebrands.

This week marked the fifth anniversary of No More Ransomware, the place they introduced that that they had saved €1 billion in ransom funds via the decryptors on their platform.

We additionally noticed ransomware teams proceed to innovate with LockBit 2.0 now using group policies to automate the deployment of their ransomware over a Home windows area.

I shared what I do know in regards to the inner conflict of the Babuk ransomware gang that led to the Admin beginning a new RAMP cybercrime forum and the remainder of the staff launching Babuk model 2.0.

Lastly, DoppelPaymber has rebranded as a brand new ransomware operation often called Grief, which started working in Might.

Contributors and those that offered new ransomware info and tales this week embody: @DanielGallagher, @LawrenceAbrams, @struppigel, @BleepinComputer, @malwrhunterteam, @VK_Intel, @serghei, @jorntvdw, @PolarToffee, @fwosar, @Seifreed, @Ionut_Ilascu, @demonslay335, @malwareforme, @FourOctets, @ddd1ms, @zscaler, @pcrisk, @pushecx, @fbgwls245, @campuscodi, @Glacius_, and @HuntressLabs.

July twenty fifth 2021

New JCrypt ransomware variant

dnwls0719 discovered a brand new JCrypt variant known as ‘FancyLocker’ that appends the .FancyLeaks extension to encrypted information.


July twenty sixth 2021

No More Ransom saves almost €1 billion in ransomware payments in 5 years

The No Extra Ransom challenge celebrates its fifth anniversary in the present day after serving to over six million ransomware victims recuperate their information and saving them virtually €1 billion in ransomware funds.

July twenty seventh 2021

LockBit ransomware now encrypts Windows domains using group policies

A brand new model of the LockBit 2.0 ransomware has been discovered that automates the encryption of a Home windows area utilizing Lively Listing group insurance policies.

Some backstory about Babuk ransomware

I shared a number of the backstory behind the cut up of Babuk ransomware after the assault on the Metropolitan Police Department.

Threat actors patch REvil ransomware

Revil ransomware continues to be lively however this time within the type of patched executables.

July twenty eighth 2021

New US security memorandum bolsters critical infrastructure cybersecurity

US President Joe Biden in the present day issued a nationwide safety memorandum designed to assist strengthen the safety of essential infrastructure by setting baseline efficiency objectives for essential infrastructure homeowners and operators.

Biden: Severe cyberattacks could escalate to ‘real shooting war’

President Joe Biden warned that cyberattacks resulting in extreme safety breaches might result in a “actual taking pictures warfare” with one other main world energy.

Synack rebrands as El_Cometa

Catalin Cimpanu was instructed that the Synack ransomware has rebranded below the identify El_Cometa.

New Russian-Speaking Forum – A New Place for RaaS?

A brand new Russian-speaking discussion board known as RAMP was launched in July 2021 and obtained a lot consideration from researchers and cybercrime actors. The discussion board emerged on the area that beforehand hosted the Babuk ransomware information leak website and later the Payload.bin leak website. KELA researched the contents of the brand new website and assessed its probabilities to succeed.

Babuk: Biting off More than they Could Chew by Aiming to Encrypt VM and *nix Systems?

Our worst fears had been confirmed when Babuk introduced on an underground discussion board that it was growing a cross-platform binary aimed toward Linux/UNIX and ESXi or VMware techniques. Many core backend techniques in corporations are operating on these *nix working techniques or, within the case of virtualization, take into consideration the ESXi internet hosting a number of servers or the digital desktop surroundings.

Coalition’s cyberinsurance claims report is out

The cyber assault panorama developed considerably in 2021 with the emergence of recent ransomware variants, the growing risks of provide chain assaults, and the continued dangers of staying safe whereas working remotely.

New STOP Ransomware variants

PCrisk discovered new STOP ransomware variants that append the .aeur and .guer extensions.

A Recap Of Events And Lessons Learned During The Kaseya Vsa Supply Chain Attack

Now {that a} decryption key’s out there and we appear to be on the downward slope of the rollercoaster, we have now a possibility to look again and seize some necessary classes and learnings that may assist this business attempt to fight these threats extra successfully.

July twenty ninth 2021

DoppelPaymer ransomware gang rebrands as the Grief group

After a interval of little to no exercise, the DoppelPaymer ransomware operation has made a rebranding transfer, now going by the identify Grief (a.ok.a. Pay or Grief).

That is it for this week! Hope everybody has a pleasant weekend!

Source link