" July has so far ushered in at least two new ransomware groups. Or maybe they’re old ones undergoing a rebranding. Researchers are in the process of running down several different theories.
Both groups say they are aiming for big-game targets, meaning corporations or other large businesses with the pockets to pay ransoms in the millions of dollars. The additions come as recent ransomware intrusions of oil pipeline operator Colonial Pipeline, meat packer JBS SA, and managed network provider Kaseya have caused major disruptions and created pressure in Washington to curb the threats.
Haron: Like Avaddon. Or maybe not.
The first group is calling itself Haron. A sample of the Haron malware was first submitted to VirusTotal on July 19. Three days later, South Korean security firm S2W Lab discussed the group in a post.
Most of the group’s site on the dark web is password protected by extremely weak credentials. . .
In the shadows of REvil and DarkSide
The second ransomware newcomer is calling itself BlackMatter. It was reported on Tuesday by security firm Recorded Future and its news arm, The Record.
Recorded Future, The Record, and security firm Flashpoint, which also covered the emergence of BlackMatter, have questioned if the group has connections to either DarkSide or REvil. Those two ransomware groups suddenly went dark after attacks—against global meat producer JBS and managed network services provider Kaseya in REvil’s case and Colonial Pipeline in the case of DarkSide—generated more attention than the groups wanted. The Justice Department later claimed to have recovered $2.3 million from Colonial’s ransomware payment of $4.4 million.
But once again, the similarities at this point are all cosmetic and include the wording of a pledge, first made by DarkSide, not to target hospitals or critical infrastructure. . .None of this is to say that the speculation is wrong, only that at the moment, there’s little more than hunches for support.
No comments:
Post a Comment