Want defensive advice from a ransomware-wielding attacker? In a tell-all interview, a LockBit 2.0 representative not only extols the virtues of his malware, but also advises would-be victims to hire red teams, keep their software updated and educate employees to resist social engineering attacks.
Initial access brokers continue to sell easy access to networks. Given the uptake of such access by ransomware operations over the past year, one surprise is that relatively few individuals appear to be serving as brokers, which, of course, makes them an obvious target for law enforcement authorities.
A seemingly nonstop number of ransomware-wielding attackers have been granting tell-all media interviews. One perhaps inadvertent takeaway from these interviews is the extent to which - surprise - so many criminals use lies in an attempt to compel more victims to pay a ransom.
The new BlackMatter ransomware operation claimed to have incorporated "the best features of DarkSide, REvil and LockBit." Now, a security expert who obtained a BlackMatter decryptor reports that code similarities suggest "that we are dealing with a Darkside rebrand here."
Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware. In addition, fewer victims are paying a ransom simply for a promise from attackers to delete stolen data.
What's up with REvil? Questions have been mounting since the notorious ransomware operation went quiet on July 13, not long after unleashing a mega-attack via remote management software vendor Kaseya's software. The Biden administration has welcomed REvil's online shutdown but says it doesn't know the cause.
The world is now focused on ransomware, perhaps more so than any previous cybersecurity threat in history. But if the viability of ransomware as a criminal business model should decline, expect those attackers to quickly embrace something else, such as illicitly mining for cryptocurrency.
As ransomware attacks become more prolific, their success is being driven by the increasing use of specialists who can refine every stage of an attack. It's a reminder that the goal of cybercrime remains to maximize illicit profits as easily and quickly as possible.
Ransomware-wielding criminals continue to hone their illicit business models, as demonstrated by the strike against customers of Kaseya. A full postmortem of the attack has yet to be issued, but one question sure to be leveled at the software vendor is this: Should it have fixed the flaw more quickly?
The code used to build copies of Babuk ransomware - to infect victims with the crypto-locking malware - has been leaked, after someone posted the software to virus-scanning service VirusTotal. Whether the leak was intentional - perhaps a rival gang seeking to burn the operation - remains unclear.
Based on Russian-language cybercrime chatter, "fear" likely drove the lucrative Avaddon ransomware-as-a-service operation to announce its retirement as the U.S. exerts increasing diplomatic pressure on Moscow to disrupt such activity, experts say. But are criminals simply laying low until the heat dies down?
The prolific Avaddon ransomware-as-a-service operation has announced its closure and released 2,934 decryption keys for free. Has the increased focus by Western governments on combating ransomware been driving this and other operations to exit the fray?
A small U.S. nuclear weapons contractor has confirmed that it suffered a ransomware attack, resulting in the theft of data. Credit for the attack has been taken by the ransomware-as-a-service operation known as REvil, aka Sodinokibi, which the FBI recently tied to the attack against meatpacking giant JBS.
Is it any wonder that criminals keep flocking to ransomware when their individual haul from a well-executed digital heist can be worth $11 million? That's the amount paid to the REvil ransomware gang by meatpacker JBS USA, after its systems were crypto-locked on May 30.
If you're a Russian cybercrime gang feeling the heat after being sanctioned by the U.S. government, why not rebrand? So goes an apparent move by Evil Corp to disguise its WastedLocker ransomware as rival gang Babuk's PayloadBin, so any ransom payers won't think they're violating U.S. sanctions.