Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands.
This week marked the fifth anniversary of No More Ransomware, where they announced that they had saved €1 billion in ransom payments through the decryptors on their platform.
We also saw ransomware groups continue to innovate with LockBit 2.0 now using group policies to automate the deployment of their ransomware over a Windows domain.
Also Read: Vulnerability Assessment vs Penetration Testing: And Why You Need Both
I shared what I know about the inner conflict of the Babuk ransomware gang that led to the Admin starting a new RAMP cybercrime forum and the rest of the team launching Babuk version 2.0.
Finally, DoppelPaymber has rebranded as a new ransomware operation known as Grief, which began operating in May.
Contributors and those who provided new ransomware information and stories this week include: @DanielGallagher, @LawrenceAbrams, @struppigel, @BleepinComputer, @malwrhunterteam, @VK_Intel, @serghei, @jorntvdw, @PolarToffee, @fwosar, @Seifreed, @Ionut_Ilascu, @demonslay335, @malwareforme, @FourOctets, @ddd1ms, @zscaler, @pcrisk, @pushecx, @fbgwls245, @campuscodi, @Glacius_, and @HuntressLabs.
dnwls0719 found a new JCrypt variant called ‘FancyLocker’ that appends the .FancyLeaks extension to encrypted files.
The No More Ransom project celebrates its fifth anniversary today after helping over six million ransomware victims recover their files and saving them almost €1 billion in ransomware payments.
A new version of the LockBit 2.0 ransomware has been found that automates the encryption of a Windows domain using Active Directory group policies.
I shared some of the backstory behind the split of Babuk ransomware after the attack on the Metropolitan Police Department.
Revil ransomware continues to be active but this time in the form of patched executables.
US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators.
President Joe Biden warned that cyberattacks leading to severe security breaches could lead to a “real shooting war” with another major world power.
Catalin Cimpanu was told that the Synack ransomware has rebranded under the name El_Cometa.
A new Russian-speaking forum called RAMP was launched in July 2021 and received much attention from researchers and cybercrime actors. The forum emerged at the domain that previously hosted the Babuk ransomware data leak site and later the Payload.bin leak site. KELA researched the contents of the new site and assessed its chances to succeed.
Our worst fears were confirmed when Babuk announced on an underground forum that it was developing a cross-platform binary aimed at Linux/UNIX and ESXi or VMware systems. Many core backend systems in companies are running on these *nix operating systems or, in the case of virtualization, think about the ESXi hosting several servers or the virtual desktop environment.
The cyber attack landscape evolved significantly in 2021 with the emergence of new ransomware variants, the increasing dangers of supply chain attacks, and the continued risks of staying secure while working remotely.
PCrisk found new STOP ransomware variants that append the .aeur and .guer extensions.
Now that a decryption key is available and we seem to be on the downward slope of the rollercoaster, we have an opportunity to look back and capture some important lessons and learnings that can help this industry try to combat these threats more effectively.
After a period of little to no activity, the DoppelPaymer ransomware operation has made a rebranding move, now going by the name Grief (a.k.a. Pay or Grief).
Also Read: 4 Reasons to Outsource Penetration Testing Services
Established in 2018, Privacy Ninja is a Singapore-based IT security company specialising in data protection and cybersecurity solutions for businesses. We offer services like vulnerability assessments, penetration testing, and outsourced Data Protection Officer support, helping organisations comply with regulations and safeguard their data.
Singapore
7 Temasek Boulevard,
#12-07, Suntec Tower One,
Singapore 038987
