Inside Out Security Blog » IT Pros » Last Week in Ransomware: Week of August 9th

DarkSide and REvil might not be as done as we originally imagined, the new BlackMatter group has emerged claiming to be their successor. And it’s not all just words, they’ve developed a Linux version of their ransomware designed to Target VMWare’s ESXi VM platform.

The BlackMatter/DarkSide name change isn’t completely surprising or even uncommon. Many of these ransomware gangs fade into the background noise of the weekly News after major attacks then rebrand themselves and continue operations sometime later. In fact, Krebs on Security published an article this week about the name game distraction. The article looks at why we shouldn’t get hyper-focused on group names but instead focus on the handful of cybercriminals who are developing ransomware programs and actually arresting them.

The other major topic of news this week is a renewed focus on insider threats. LockBit 2.0 is trying to recruit insiders to help them breach corporate networks and then offering millions of dollars as payment. But this week shows corporations aren’t the only ones that should worry about insider threats or disgruntled employees. A member of the Conti ransomware gang got a little upset when they were banned and decided to leak tools and training material which is turned into a treasure trove of information for security researchers trying to understand how these groups operate.

In sad yet unsurprising news Q2 of 2021 saw the highest volume of ransomware attacks ever with the top three strains being Ryuk, Cerber, and SamSam. This uptick in attacks has also started a sort of arms race with more and more ransomware gangs seeking to target managed services providers or MSPs due to the aftermath of the REvil attack.

For those keeping track of ransomware politics, new details have emerged on why the White House backed down from banning ransomware payments.

Ransomware Research

This week has also seen the release of several new variants of common ransomware strains including Dharma/Crysis with variants appending. GanP .JRB .CLEAN, Phobos appending.WIN,

And Stop/Djvu appending .repg.

There has also been the appearance of two new ransomware strains, Divinity Ransomware appending .divinity and Salma Ransomware appending .salma.

Upcoming Security Conferences

Crypto 2021 (August 16-20)

Crypto not to be confused with cryptocurrency is a cryptologic research conference.

Fraud & Payments Security Summit (August 17-18)

This conference focuses on cybersecurity in regards to the financial sector focusing primarily on fishing email fraud inside a risk and new account fraud.

Blue Team Con (August 28-29)

This conference is focused on the blue team and features discussions on risk compliance, application security development, governance, and everything in between.