This week marked the return of the infamous REvil ransomware group, who disappeared in July after conducting an enormous assault utilizing a Kaseya zero-day vulnerability.
Their July assault affected over 1,500 companies and drew the complete consideration of worldwide legislation enforcement and the White Home, who demanded that Russia do one thing about these assaults.
Quickly after, REvil shut down all of its servers and mysteriously disappeared.
That’s till this week when REvil’s servers started back up, and a brand new pattern of their ransomware was noticed on VirusTotal.
It’s nonetheless too quickly to inform if the ransomware gang is absolutely operational, however we’ll doubtless see new assaults shortly.
In different information, a report was launched this week outlining what a ransomware gang’s ideal target is for assaults, and the Ragnar Locker gang threatened to mechanically launch stolen knowledge if victims contact negotiators or legislation enforcement.
Contributors and those that offered new ransomware info and tales this week embrace: @BleepinComputer, @malwareforme, @malwrhunterteam, @VK_Intel, @fwosar, @serghei, @struppigel, @LawrenceAbrams, @PolarToffee, @FourOctets, @Seifreed, @jorntvdw, @DanielGallagher, @demonslay335, @Ionut_Ilascu, @AdvIntel, @y_advintel, @McAfee_Business, @Glacius_, @Intel471Inc, @PogoWasRight, @ddd1ms, @JakubKroustek, @Libranalysis, @John_Fokker, @cPeterr, @fbgwls245, and @pcrisk.
September fifth 2021
That is my evaluation for the BlackMatter Ransomware model 2.0.
September sixth 2021
Ransomware gangs more and more buy entry to a sufferer’s community on darkish internet marketplaces and from different menace actors. Analyzing their need adverts makes it potential to get an inside take a look at the sorts of corporations ransomware operations are focusing on for assaults.
September seventh 2021
The darkish internet servers for the REvil ransomware operation have all of a sudden turned again on after an nearly two-month absence. It’s unclear if this marks their ransomware gang’s return or the servers being turned on by legislation enforcement.
The Ragnar Locker ransomware group is warning that they are going to leak stolen knowledge from victims that contact legislation enforcement authorities, just like the FBI.
September eighth 2021
On September 7, 2021, a consultant of the newly-formed Groove ransomware syndicate determined to share their insights and their perspective on the interior facets of the ransomware enterprise.
The personal Howard College in Washington disclosed that it suffered a ransomware assault late final week and is presently working to revive affected methods.
McAfee Enterprise ATR believes, with excessive confidence, that the Groove gang is related to the Babuk gang, both as a former affiliate or subgroup. These cybercriminals are pleased to place apart earlier Ransomware-as-a-Service hierarchies to deal with the ill-gotten positive aspects to be constituted of controlling sufferer’s networks, relatively than the earlier method which prioritized management of the ransomware itself.
September ninth 2021
Jakub Kroustek discovered the primary new REvil pattern uploaded to VirusTotal since they disappeared and now have come again alive.
September tenth 2021
All of Desert Wells Family Medicine patients’ electronic health records were corrupted and unrecoverable from ransomware attack
On August 30, HHS added Queen Creek Medical Heart d/b/a Desert Wells Household Medication in Arizona to its public breach instrument. The entity had reported that 35,000 sufferers have been impacted by a breach involving a hack of the community.
dnwls0719 discovered a brand new Chaos ransomware variant that appends the .CRYPTEDPAY extension.
PCrisk discovered a brand new Dharma ransowmare variant that appends the .RME extension.